Actionable Defense: Understanding Adversary Tactics

Most organizations struggle with understanding specific techniques and methodologies around attacks. This class is designed for both penetration testers and defenders in a unique blend of both offensive techniques and how to best defend against them. Each module is designed to demonstrate the latest attack vectors used to simulate attacks against organizations and most importantly how to write detection’s for them. This class focuses on the “purple team” approach which focuses on attacking and working on building detection’s based on the attacks applied. This is a completely immersive experience with a simulated corporate infrastructure that allows you to focus on identifying attack behavior within a corporate infrastructure. The students will be provided with everything they need to understand how to conduct attacks as well as how to best detect them in a large environment. This class will go through the tactics, techniques, and procedures (TTPs) of attacks while building knowledge around how to write rules that focus on the behavior exhibited from them in order to better refine detection’s within an organization.

Day 1 (Attack and Defense)

• Introduction to Defense
• Introduction to Linux
• Discovery
• Exfiltration
• Responder
• Kerberoast

Day 2 (Attack and Defense)

• Password Cracking
• Lateral Movement
• Persistence
• Getting DA
• Secondary Attack Paths
• Event Search with PowerShell
• Paths of Least Resistance

Note: These topics are based on course pace based on student learning rates. Not all of these topics may be covered if the class is behind on topics and grasping concepts and understanding. We will make every attempt to cover all of these during the course.

Each module has a clear understanding of the attack and how the attack works as well as how to best effectively write detections for the attacks.

Learn from both offensive and defensive (red and blue) practitioners in the industry on the latest techniques and ways to defend/detect against attacks.

Utilize a simulated environment to practice your skills and learn in a controlled environment aimed at simulating attacks and defenses.

Improve your overall understanding of the ability to defend enterprises and learn the latest techniques around attack patterns.

Ability to understand advanced attacker techniques and directly write detections to identify them. Understand unusual behavior in an organization and identify threats earlier on. Structure your program to handle new threats that come at your organization.

This class is great for defenders and penetration testers looking to learn more about defense and offensive capabilities. Individuals that want to leave the course with directly actionable items can directly apply in their day-to-day jobs.

• Defenders
• Penetration Testers
• Beginners to Offense or Defense
• Wanting to learn to code
• Hunt Teams
• Anyone looking to strengthen their offensive and detection capabilities.

Beginner/Intermediate

Students should have an understanding of basic Linux commands and be able to navigate through Linux.

Students must have a laptop with VMWare/Fusion or similar (VirtualBox is not recommended) and ability to run multiple VMs.
The machine should have 40GB of free disk space available for the virtual machines.

Virtual machine infrastructure provided by TrustedSec, all course material including commands, slides, and walkthroughs.