A$5,700

Adversary Tactics - Detection Training Course - Brisbane April 2019

by SpecterOps
A$5,700

Event Information

Share this event

Date and Time

Location

Location

Marriott Brisbane

515 Queen St

Brisbane, Queensland 4000

Australia

View Map

Refund Policy

Refund Policy

Refunds up to 7 days before event

Event description

Description

Special thanks to @TheColonial for coordinating this event!

At this time, GST is not included in the price for this course. As a result, we are only accepting registrations directly from GST registered entities, or from foreign businesses who do not have a physical presence in Australia.

For non-registered Australian entities, Beyond Binary is processing payments for this event. If you do not provide an ABN when you register (or are a foreign business), you will receive an invoice from Beyond Binary Pty Ltd for payment.

---------------------------------------------------------------------------------

Tired of "detecting" a breach after an incident has already begun? Hunt operations focus on proactively searching for malicious threat actors and closing the gap from infection to detection. Many security solutions attempt to prevent the initial compromise, or detect known post-exploitation activity, but can be bypassed by skilled attackers. This course will teach you how to create threat hunting hypothesis and execute them in your environment to proactively search for attacker indicators not identified by existing security solutions.

In this course, you will:

  • Build a comprehensive Hunt Hypothesis.
  • Assess the quality of your data sources.
  • Develop metrics to track the effectiveness of your hunt program.
  • Perform basic triage procedures for suspicious activity.
  • Practice in a simulated enterprise network against real advanced adversary techniques and malware samples.
  • Collect extensive Windows host telemetry and metadata using built-in and open source tools.
  • Efficiently analyze gathered data to detect threat actor post-exploitation technique.

Course Summary

Enterprise networks are under constant attack from adversaries of all skill levels. Blue teamers are facing a losing battle; as the attacker only needs to be successful once to gain access. Since the scales are heavily tipped in the attacker's favor, a new defensive mindset is required. Rather than focusing just on preventing attacks from being successful, assume a breach could occur and proactively search for evidence of compromise in the environment. Malicious techniques used to laterally spread, pivot, and privilege escalate are not normal in networks and can be detected. A proper Threat Hunting program is focused on maximizing the effectiveness of scarce network defense resources to protect against a potentially limitless threat.

Threat Hunting takes a different perspective on performing network defense, relying on skilled operators to investigate and find the presence of malicious activity. This course builds on standard network defense and incident response (which target flagging known malware) by focusing on abnormal behaviors and the use of attacker Tactics, Techniques, and Procedures (TTPs). We will teach you how to create threat hunting hypotheses based on attacker TTPs to perform threat hunting operations and detect attacker activity. In addition, you will use free and open source data collection and analysis tools (Sysmon, ELK and Automated Collection and Enrichment Platform) to gather and analyze large amounts of host information to detect malicious activity. You will use these techniques and toolsets to create threat hunting hypotheses and perform threat hunting in a simulated enterprise network undergoing active compromise from various types of threat actors.

Course Syllabus

Day 1:

  • Threat Hunting Introduction
  • MITRE ATT&CK and Adversary TTPs
  • Data Source Identification
  • Data Quality Assessment
  • Host Baselining
  • Threat Hunting Campaign Types

Day 2:

  • Interpreting Threat Reports
  • Host-based Collection Methodology
  • Defensive Indicator Design
  • Hunt Hypothesis Generation Process
  • Post Hunt Activities

Day 3:

  • Digital Signature Validation
  • Dynamic Binary Analysis
  • Hunt Hypothesis Generation (based on Threat Intel Report)
  • Hypothesis Execution

Day 4:

  • Capstone
  • Threat Hunting Engagement
  • Live Environment/Adversary

Student Requirements

This class is intended for defenders wanting to learn how to effectively Hunt in enterprise networks. Participants should have previous network defense/incident response experience and/or knowledge of offensive tools and techniques, primarily post-exploitation techniques. Additionally, familiarity with using a SIEM, such as ELK or Splunk, will be helpful.

Hardware Requirements

The course lab is accessed through a browser with connectivity to the internet. Participants will need to bring a laptop with a browser that can connect to a publicly routed Apache Guacamole instance over ports 80/443.

What's Included

  • Four day training
  • All day beverages and snacks
  • Daily lunch
  • Happy hour with the instructors

Accommodations

Training will be taking place in the Marriott Brisbane. Students may stay at the hotel, or one of the several hotels nearby.

FAQs

How can I contact the organizer with any questions?

Please email info@specterops.io with any questions.

What's the refund policy?

Full refunds will be provided up to 7 days before the course start date.

Read more Read less
Tags

Tags

Things to do in Brisbane Class Science & Tech

Share with friends

Date and Time

Location

Marriott Brisbane

515 Queen St

Brisbane, Queensland 4000

Australia

View Map

Refund Policy

Refunds up to 7 days before event

Map and Directions

View Map

Save This Event

Log in or sign up for Eventbrite to save events you're interested in.
Already have an account?

Event Saved