Actionable Defense: Understanding Adversary Tactics
Join CEO David Kennedy and the TrustedSec Training Team July 31 – August 3, 2021, for our virtual Black Hat USA four-day training course “Actionable Defense: Understanding Adversary Tactics.”
Most organizations struggle with understanding specific techniques and methodologies around attacks. This class is designed for both penetration testers and defenders in a unique blend of both offensive techniques and how to best defend against them. Each module is designed to demonstrate the latest attack vectors used to simulate attacks against organizations and most importantly how to write detections for them. This class focuses on the “purple team” approach which focuses on attacking and working on building detections based on the attacks applied. This is a completely immersive experience with a simulated corporate infrastructure that allows you to focus on identifying attack behavior within a corporate infrastructure. The students will be provided with everything they need to understand how to conduct attacks as well as how to best detect them in a large environment. This class will go through the tactics, techniques, and procedures (TTPs) of attacks while building knowledge around how to write rules that focus on the behavior exhibited from them in order to better refine detections within an organization.
Day 1 (Attack and Defense)
- Introduction to Defense / ELK
- Introduction to Linux
- Drive-by Attacks (Initial Access)
- Leveraging MITRE ATT&CK for Mapping
- Building a Purple Team and Running Exercises
- Weak Credential Brute-Force & Password Recovery
- Getting Your First Shell
- Getting Credentials with Mimikatz
- Get Domain Information
- Brute-Force Attacks
- Print Spooler Attack
Day 2 (Attack and Defense)
- Password Cracking
- Lateral Movement
- Web Application Attacks
- Getting Domain Admin
Day 3 (Attack and Defense)
- PSExec Detection
- SMB Null Bind Spray
- Magic Unicorn / nps_payload
- Command Obfuscation
Day 4 (Attack and Defense)
- Obscure Post-Exploitation
- Persistence Methods
- PowerShell Attacks
- Command and Control (C2)
- Creating Paths of Least Resistance (PoLR)
- Final Lab
Note: These topics are based on course pace based on student learning rates. Not all of these topics may be covered if the class is behind on topics and grasping concepts and understanding. We will make every attempt to cover all of these during the course.
Each module has a clear understanding of the attack and how the attack works as well as how to best effectively write detections for the attacks.
Learn from both offensive and defensive (red and blue) practitioners in the industry on the latest techniques and ways to defend/detect against attacks.
Utilize a simulated environment to practice your skills and learn in a controlled environment aimed at simulating attacks and defenses.
Improve your overall understanding in the ability to defend enterprises and learn the latest techniques around attack patterns.
WHO SHOULD TAKE THIS COURSE
This class is great for defenders and penetration testers looking to learn more about defense and offensive capabilities. Individuals that want to leave the course with direct actionable items they can directly apply in their day to day jobs. Defenders
- Penetration Testers
- Beginners to Offense or Defense
- Wanting to learn coding
- Hunt Teams
- Anyone looking to strengthen their offensive and detection capabilities.
AUDIENCE SKILL LEVEL
WHAT STUDENTS SHOULD BRING
The machine should have 40GB of free disk space available for the virtual machines.