Adversarial Attacks & Detections - Online Training

Date: July 09 - 10, 2020
Location: Online

Trainer: Ben Mauch

Skill Level: All

Course Description:

This course will focus on attacks used in the wild and how to create specific detections to identify early Indicators of Compromise (IoC). The students will set up an ELK (Elasticsearch, Log Stash, Kibana) instance and then run attacks on a lab system. The students will then create rules to detect the attack in ELK. The students will set up their ELK system for a final lab where a simulated attack will occur on their systems and they have to detect and defend against the attacks. This course will focus on the MITRE ATT&CK framework as well as several attacks which do not leverage a vulnerability. These attacks include weak credential harvest, lateral credential spray, SPN queries, and more. The students will have a better understanding of early IoCs and how to identify these threats within their environment; regardless of the initial attack vector.

This course qualifies for 14 hours of CPE credit hours.

Overview/Course Syllabus:

Day 1

  • Introduction to Defense / ELK
  • Introduction to Linux
  • Drive-by Attacks (Initial Access)
  • Weak Credential Brute-Force & Password Recovery
  • Getting Your First Shell
  • Getting Credentials with Mimikatz
  • Get Domain Information
  • Brute-Force Attacks
  • Responder
  • Kerberoast

Day 2

  • Password Cracking
  • Lateral Movement
  • DCSync
  • Getting Domain Admin
  • Post-Exploitation
  • Command Obfuscation
  • LOLBAS/LOLBins
  • Magic Unicorn / nps_payload
  • Creating Paths of Least Resistance (PoLRBear Project)
  • Final Lab

Key Takeaways:

  • Learn both offensive and defensive techniques
  • Improve your understanding of detection capabilities
  • Identify key Indicators of Compromise (IoCs)
  • Learn the latest in attack techniques

Who Should Take This Course:

  • Defenders
  • Penetration Testers
  • Threat Hunters
  • Security Operations
  • Anyone looking to strengthen their offensive and defensive knowledge

What’s provided?

  • A lab environment with Ubuntu image for attacking the simulated environment.
  • Hands on experience performing attacks as well as detecting the attacks
  • All presentation slides and a course handout with all of the commands.

 Requirements:

  • Internet Connection
  • Web Browser to access Student Lab
  • Web Camera
  • Headphones and Mic

Pricing:
$1,500 per student

*Contact us for a military discount and group pricing (3 or more students).

Register