Hunt the Hacker
by Clarified Security
One of the most concerning problems that organizations face today is not knowing whether or not they are currently compromised. Many organizations invest the majority of their efforts on preventing perimeter attacks, or detecting commodity malware with endpoint protection. However, these defenses are easily evaded by modern threats targeting specific organizations, who prefer not to deal with a hardened perimeterat all and instead target human employees via social engineering techniques such as phishing.
This grants the attackers immediate access into the organization’s internal network. If there is no threat hunting capability within an organization, it is now ”game over” and the attackers may operate with relative impunity, since the defenders are blind to what is going on within their own environment. For this reason, a position of ”assumed compromise” along with a ”threat hunting” capability is now as essential part of any serious organization’s ”defense in depth” strategy.
Clarified Security’s ”Hunt The Hacker” course is a comprehensive introduction to the technology and skill sets required to hunt threats. During the two day course students will, for the vast majority of their time, be performing actual hands-on hunts for hackers within Clarified Security’s laboratory-based Windows domain.
After the course, participants will understand that threat hunting is an essential modern defensive practice, and possess the confidence necessary to evangelize for its adoption in their own organization. Participants will know what capabilities need to be deployed to facilitate threat hunting, and how to use those technologies effectively to identify internal network breaches, reliably and quickly.
This course is taught by Clarified Security’s ”Red Team”, whose job is to compromise real organizations’ production environments in ways that real attackers do. Red teaming is the best possible indicator of how resilient an organization is to being compromised by real attackers, but with none of the associated risk or damage. It is also the best possible indicator of how quickly and reliably that organization can detect successful intrusions. Participants are therefore being taught how to detect hackers by expert hackers!
Note: This is a Windows environment centric course, but other platforms may be discussed. The concepts presented in this course are universally applicable, only some technology specifics differ.Technologies covered: Windows, Sysmon, Windows Event Forwarding, Elastic Stack (mainly Kibana), Powershell transcript logging, YARA, live query.
Training duration: 2 days of instruction, predominantly in the form of hands-on hunting labs.
Group size: 10 participants maximum
Pre-requisites: To maximize value to the attendee, prior HOHE participation is highly recommended, but not mandatory.
Training schedule: 9.00 am to 17.00 pm (including 2 coffee breaks)
Trainer: (in English)
Contents of the training:
Participants learn how to hunt hackers within our Windows 10 lab network, using a range of highly effective threat hunting technologies and techniques. Technologies used: Sysmon, the Elastic stack (formerly “ELK”), WinRM, PowerShell, YARA.
The trainers engage participants with lectures, live demonstrations and Q&A sessions.Each participant spends the majority of their time performing a wide variety of hands-on hunts.
Participants will understand what threat hunting is, be utterly convinced of the needfor it, know what infrastructure is required to facilitate it, and be able to start doing it with confidence within their own organizations.
We can deliver on-site at group pricing anywhere in the world where good broadbandconnection is available. Ask us for the group pricing or for times and locations of our public courses. Public groups are currently available directly or via partners in: Estonia, Finland, Sweden.
|Yksityinen sektori, etuhinta 11.12. asti (norm. 1545 €)||1345 €|
|Julkinen sektori, etuhinta 11.12. asti (norm. 945 €)||845 €|
Hintaan lisätään alv 24 %. Hintaan sisältyvät sähköiset materiaalit,.
Etäosallistujana kuulet ja näet kouluttajan, materiaalit sekä voit osallistua keskusteluun. Etäosallistuminen ei vaadi sinulta asennuksia koneelle, vaan pelkkä internetyhteys riittää. Kaikille etäosallistujille lähetämme henkilökohtaisen kutsulinkin koulutukseen. Kyseessä on livestriimaus. Koulutuksen striimauksesta ei tehdä tallennetta.