Adversarial Attacks & Detections - Online Training

Date: July 09 - 10, 2020
Location: Online

Trainer: Ben Mauch

Skill Level: All

Course Description:

This course will focus on attacks used in the wild and how to create specific detections to identify early Indicators of Compromise (IoC). The students will set up an ELK (Elasticsearch, Log Stash, Kibana) instance and then run attacks on a lab system. The students will then create rules to detect the attack in ELK. The students will set up their ELK system for a final lab where a simulated attack will occur on their systems and they have to detect and defend against the attacks. This course will focus on the MITRE ATT&CK framework as well as several attacks which do not leverage a vulnerability. These attacks include weak credential harvest, lateral credential spray, SPN queries, and more. The students will have a better understanding of early IoCs and how to identify these threats within their environment; regardless of the initial attack vector.

This course qualifies for 14 hours of CPE credit hours.

Overview/Course Syllabus:

Day 1

  • Introduction to Defense / ELK
  • Introduction to Linux
  • Drive-by Attacks (Initial Access)
  • Weak Credential Brute-Force & Password Recovery
  • Getting Your First Shell
  • Getting Credentials with Mimikatz
  • Get Domain Information
  • Brute-Force Attacks
  • R