Hunt the Hacker
One of the most concerning problems that organizations face today is not knowing whether or not they are currently compromised. Many organizations invest the majority of their efforts on preventing perimeter attacks, or detecting commodity malware with endpoint protection. However, these defenses are easily evaded by modern threats targeting specific organizations, who prefer not to deal with a hardened perimeterat all and instead target human employees via social engineering techniques such as phishing.
This grants the attackers immediate access into the organization’s internal network. If there is no threat hunting capability within an organization, it is now ”game over” and the attackers may operate with relative impunity, since the defenders are blind to what is going on within their own environment. For this reason, a position of ”assumed compromise” along with a ”threat hunting” capability is now as essential part of any serious organization’s ”defense in depth” strategy.
Clarified Security’s ”Hunt The Hacker” course is a comprehensive introduction to the technology and skill sets required to hunt threats. During the two day course students will, for the vast majority of their time, be performing actual hands-on hunts for hackers within Clarified Security’s laboratory-based Windows domain.
After the course, participants will understand that threat hunting is an essential modern defensive practice, and possess the confidence necessary to evangelize for its adoption in their own organization. Participants will know what capabilities need to be deployed to facilitate threat hunting, and how to use those technologies effectively to identify internal network breaches, reliably and quickly.
This course is taught by Clarified Security’s ”Red Team”, whose job is to compromise real organizations’ production environments in ways that real attackers do. Red teaming is the best possible indicator of how resilient an organization is to being compromised by real attackers, but with none of the associated risk or damage. It is also the best possible indicator of how quickly and reliably that organization can detect successful intrusions. Participants are therefore being taught how to detect hackers by expert hackers!
Note: This is a Windows environment centric course, but other platforms may be discussed. The concepts presented in this course are universally applicable, only some technology specifics differ.Technologies covered: Windows, Sysmon, Windows Event Forwarding, Elastic Stack (mainly Kibana), Powershell transcript logging, YARA, live query.
Training duration: 2 days of instruction, predominantly in the form of hands-on hunting labs.
Group size: 10 participants maximum
Pre-requisites: To maximize value to the attendee, prior HOHE participation is highly recommended, but not mandatory.
Training schedule: 9.00 am to 17.00 pm (including 2 coffee breaks)
Trainer: (in English)
- James Dodd
- Taavi Sonets
Contents of the training:
Participants learn how to hunt hackers within our Windows 10 lab network, using a range of highly effective threat hunting technologies and techniques. Technologies used: Sysmon, the Elastic stack (formerly “ELK”), WinRM, PowerShell, YARA.
The trainers engage participants with lectures, live demonstrations and Q&A sessions.Each participant spends the majority of their time performing a wide variety of hands-on hunts.
Participants will understand what threat hunting is, be utterly convinced of the needfor it, know what infrastructure is required to facilitate it, and be able to start doing it with confidence within their own organizations.
We can deliver on-site at group pricing anywhere in the world where good broadbandconnection is available. Ask us for the group pricing or for times and locations of our public courses. Public groups are currently available directly or via partners in: Estonia, Finland, Sweden.
James is a penetration tester with an extensive development background in software development. He joined the team in December...
James is a penetration tester with an extensive development background in software development. He joined the team in December 2016 and came from gaming sector, where as a Principal Developer, he worked on back end distributed systems.
James has a BSc degree in Software Engineering from De Montfort University, England. For his final year project, he wrote a steganography tool to invisibly embed large quantities of information into animated GIFs.
James is a trainer of our Hands-on Hacking Essentials (HOHE) course.
Pentester (WebApps), trainer
Taavi joined the team in April 2015 as a Web application pentester. His previous work experience consists mainly of...
Taavi joined the team in April 2015 as a Web application pentester. His previous work experience consists mainly of Web Application development. He holds a M.Sc. degree in Cyber Security from Tallinn University of Technology. He wrote his masters thesis about improving User Simulation Team Workflow in the Context of Cyber Defense Exercise. Taavi is the main trainer of our Hands-on Hacking series courses: Essentials (HOHE), Follow-Up (HOHE-FU) and Advanced (HOHA) course.
Taavi also has Red Teaming leading experience (specialized in Client-Side attacks) since 2015.
|Yksityinen sektori||1 945 €|
|Julkinen sektori||1 945 €|
|Yksityinen sektori (etuhinta 28.12. asti)||1 845 €|
|Julkinen sektori (etuhinta 28.12. asti)||1 845 €|
Hintaan lisätään alv 24%. Hintaan sisältyvät sähköiset materiaalit, kahvi- ja lounastarjoilut.