Actionable Defense: Understanding Adversary Tactics

Date: July 31 - August 03, 2021
Location: Virtual

Join CEO David Kennedy  and the TrustedSec Training Team July 31 – August 3, 2021, for our virtual Black Hat USA four-day training course “Actionable Defense: Understanding Adversary Tactics.”


Most organizations struggle with understanding specific techniques and methodologies around attacks. This class is designed for both penetration testers and defenders in a unique blend of both offensive techniques and how to best defend against them. Each module is designed to demonstrate the latest attack vectors used to simulate attacks against organizations and most importantly how to write detections for them. This class focuses on the “purple team” approach which focuses on attacking and working on building detections based on the attacks applied. This is a completely immersive experience with a simulated corporate infrastructure that allows you to focus on identifying attack behavior within a corporate infrastructure. The students will be provided with everything they need to understand how to conduct attacks as well as how to best detect them in a large environment. This class will go through the tactics, techniques, and procedures (TTPs) of attacks while building knowledge around how to write rules that focus on the behavior exhibited from them in order to better refine detections within an organization.

Day 1 (Attack and Defense)

  • Introduction to Defense / ELK
  • Introduction to Linux
  • Drive-by Attacks (Initial Access)
  • Leveraging MITRE ATT&CK for Mapping
  • Building a Purple Team and Running Exercises
  • Weak Credential Brute-Force & Password Recovery
  • Getting Your First Shell
  • Getting Credentials with Mimikatz
  • Get Domain Information
  • Brute-Force Attacks
  • Responder
  • Print Spooler Attack
  • Kerberoast

Day 2 (Attack and Defense)

  • Password Cracking
  • Lateral Movement
  • Web Application Attacks
  • Getting Domain Admin
  • Post-Exploitation

Day 3 (Attack and Defense)

  • DCSync
  • Pass-the-Hash
  • PSExec Detection
  • SMB Null Bind Spray
  • Magic Unicorn / nps_payload
  • Command Obfuscation

Day 4 (Attack and Defense)

  • Obscure Post-Exploitation
  • Persistence Methods
  • PowerShell Attacks
  • Command and Control (C2)
  • Creating Paths of Least Resistance (PoLR)
  • Final Lab

Note: These topics are based on course pace based on student learning rates. Not all of these topics may be covered if the class is behind on topics and grasping concepts and understanding. We will make every attempt to cover all of these during the course.

Each module has a clear understanding of the attack and how the attack works as well as how to best effectively write detections for the attacks.

Learn from both offensive and defensive (red and blue) practitioners in the industry on the latest techniques and ways to defend/detect against attacks.

Utilize a simulated environment to practice your skills and learn in a controlled environment aimed at simulating attacks and defenses.

Improve your overall understanding in the ability to defend enterprises and learn the latest techniques around attack patterns.


Ability to understand advanced attacker techniques and directly write detections to identify them. Understand unusual behavior in an organization and identify threats earlier on. Structure your program to handle new threats that come at your organization.


This class is great for defenders and penetration testers looking to learn more about defense and offensive capabilities. Individuals that want to leave the course with direct actionable items they can directly apply in their day to day jobs. Defenders

  • Penetration Testers
  • Beginners to Offense or Defense
  • Wanting to learn coding
  • Hunt Teams
  • Anyone looking to strengthen their offensive and detection capabilities.




Students should have an understanding of basic Linux commands and be able to navigate through Linux.


Students must have a laptop with VMWare/Fusion or similar (VirtualBox is not recommended) and ability to run multiple VMs.
The machine should have 40GB of free disk space available for the virtual machines.


Virtual machine infrastructure provided by TrustedSec, all course material including commands, slides, and walkthroughs.
Early registration pricing ends July 16, 2021.
Black Hat Training