Conflict Management Tactics - 1 Day Workshop, Brisbane
Conflict Management Tactics - 1 Day Workshop, Brisbane
Fri, Feb 3, 9:00 AM
Karstens Brisbane • Brisbane City, QLD
A$750
Actions Panel
Adversary Tactics - Detection Training Course - Brisbane April 2019
By SpecterOps
When and where
Date and time
Location
Marriott Brisbane 515 Queen St Brisbane, Queensland 4000 Australia
Map and directions
How to get there
Refund Policy
Refunds up to 7 days before event
Description
Special thanks to @TheColonial for coordinating this event!
At this time, GST is not included in the price for this course. As a result, we are only accepting registrations directly from GST registered entities, or from foreign businesses who do not have a physical presence in Australia.
For non-registered Australian entities, Beyond Binary is processing payments for this event. If you do not provide an ABN when you register (or are a foreign business), you will receive an invoice from Beyond Binary Pty Ltd for payment.
---------------------------------------------------------------------------------
Tired of "detecting" a breach after an incident has already begun? Hunt operations focus on proactively searching for malicious threat actors and closing the gap from infection to detection. Many security solutions attempt to prevent the initial compromise, or detect known post-exploitation activity, but can be bypassed by skilled attackers. This course will teach you how to create threat hunting hypothesis and execute them in your environment to proactively search for attacker indicators not identified by existing security solutions.
In this course, you will:
- Build a comprehensive Hunt Hypothesis.
- Assess the quality of your data sources.
- Develop metrics to track the effectiveness of your hunt program.
- Perform basic triage procedures for suspicious activity.
- Practice in a simulated enterprise network against real advanced adversary techniques and malware samples.
- Collect extensive Windows host telemetry and metadata using built-in and open source tools.
- Efficiently analyze gathered data to detect threat actor post-exploitation technique.
Course Summary
Enterprise networks are under constant attack from adversaries of all skill levels. Blue teamers are facing a losing battle; as the attacker only needs to be successful once to gain access. Since the scales are heavily tipped in the attacker's favor, a new defensive mindset is required. Rather than focusing just on preventing attacks from being successful, assume a breach could occur and proactively search for evidence of compromise in the environment. Malicious techniques used to laterally spread, pivot, and privilege escalate are not normal in networks and can be detected. A proper Threat Hunting program is focused on maximizing the effectiveness of scarce network defense resources to protect against a potentially limitless threat.
Threat Hunting takes a different perspective on performing network defense, relying on skilled operators to investigate and find the presence of malicious activity. This course builds on standard network defense and incident response (which target flagging known malware) by focusing on abnormal behaviors and the use of attacker Tactics, Techniques, and Procedures (TTPs). We will teach you how to create threat hunting hypotheses based on attacker TTPs to perform threat hunting operations and detect attacker activity. In addition, you will use free and open source data collection and analysis tools (Sysmon, ELK and Automated Collection and Enrichment Platform) to gather and analyze large amounts of host information to detect malicious activity. You will use these techniques and toolsets to create threat hunting hypotheses and perform threat hunting in a simulated enterprise network undergoing active compromise from various types of threat actors.
Course Syllabus
Day 1:
- Threat Hunting Introduction
- MITRE ATT&CK and Adversary TTPs
- Data Source Identification
- Data Quality Assessment
- Host Baselining
- Threat Hunting Campaign Types
Day 2:
- Interpreting Threat Reports
- Host-based Collection Methodology
- Defensive Indicator Design
- Hunt Hypothesis Generation Process
- Post Hunt Activities
Day 3:
- Digital Signature Validation
- Dynamic Binary Analysis
- Hunt Hypothesis Generation (based on Threat Intel Report)
- Hypothesis Execution
Day 4:
- Capstone
- Threat Hunting Engagement
- Live Environment/Adversary
Student Requirements
This class is intended for defenders wanting to learn how to effectively Hunt in enterprise networks. Participants should have previous network defense/incident response experience and/or knowledge of offensive tools and techniques, primarily post-exploitation techniques. Additionally, familiarity with using a SIEM, such as ELK or Splunk, will be helpful.
Hardware Requirements
The course lab is accessed through a browser with connectivity to the internet. Participants will need to bring a laptop with a browser that can connect to a publicly routed Apache Guacamole instance over ports 80/443.
What's Included
- Four day training
- All day beverages and snacks
- Daily lunch
- Happy hour with the instructors
Accommodations
Training will be taking place in the Marriott Brisbane. Students may stay at the hotel, or one of the several hotels nearby.
FAQs
How can I contact the organizer with any questions?
Please email info@specterops.io with any questions.
What's the refund policy?
Full refunds will be provided up to 7 days before the course start date.