$3,500

Adversary Tactics - Detection Training Course - May 2021

Actions and Detail Panel

$3,500

Event Information

Share this event

Date and Time

Location

Location

Online Event

Refund Policy

Refund Policy

Refunds up to 7 days before event

Eventbrite's fee is nonrefundable.

Event description
This course will take place online, using virtual software to stream live instructors during the scheduled delivery hours.

About this Event

Online Event

This course will take place online, using virtual software to stream live instructors during the scheduled delivery hours of 9:00AM to 5:00PM Eastern Time, UTC-4. Confirmed attendees will receive logistics information one week prior to the event.

---------------------------------------------------------------------------------

Course Description

Enterprise networks are under constant attack from adversaries of all skill levels. Defenders are facing an uphill battle as each day new or novel attacks are uncovered and need to be stopped. Since the scales are heavily tipped in the attacker's favor, a new defensive mindset is required. Rather than focusing just on preventing attacks from being successful, assume a breach could occur and proactively search for evidence of compromise in the environment. Malicious techniques used to laterally spread, pivot, and privilege escalate are not normal in networks and can often be detected. A proper Detection and Response program is focused on maximizing the effectiveness of scarce network defense resources to protect against a potentially limitless threat.

Adversary Tactics: Detection provides a functional perspective of a Detection and Response program. In the course, we remove organization specific notions of team structure and discuss specific functional roles such as monitoring, detection engineering, threat intelligence, security infrastructure, and red teaming. However, simply understanding these functions in a vacuum is not enough for success. Russell Ackoff once said, "A system is never the sum of its parts; it's the product of their interaction." As such we explore how these teams can work together to detect attackers.

In this course students will learn why out of the box detections leave room for improvement, strategies for prioritizing detection engineering efforts, how to develop and validate coverage of custom detections, how to identify needed/missing telemetry, and how to limit the effect of both false positives and false negatives. Students will use a number of open-source tools (data sensor, SIEM/database, analytic engine, ticketing system, etc) to demonstrate and facilitate these learning points.

Student Requirements

This class is intended for defenders wanting to learn how to effectively Hunt in enterprise networks. Participants should have previous network defense/incident response experience and/or knowledge of offensive tools and techniques, primarily post-exploitation techniques. Additionally, familiarity with using a SIEM, such as ELK or Splunk, will be helpful.

Hardware Requirements

The course lab is accessed through a browser with connectivity to the internet. Participants will need to bring a laptop with a browser that can connect to a publicly routed Apache Guacamole instance over ports 80/443. An internet connection speed of at least 15Mbits is preferred.

FAQs

How can I contact the organizer with any questions?

Please email info@specterops.io with any questions.  

What's the refund policy?

Full refunds will be provided up to 7 days before the course start date.

Share with friends

Date and Time

Location

Online Event

Refund Policy

Refunds up to 7 days before event

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved