Defending Enterprises – 2023 Edition

Numbers of days 2

address 28 avenue George V 75008 Paris

Course in English

Price 2880€ VAT included

Updated for 2023, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course. You’ll play a SOC analyst in our Microsoft Sentinel cloud-based lab and try to rapidly locate IOA’s and IOC’s from a live enterprise breach executed by the trainers in real time.
Whether you’re new to Kusto Query Language (KQL) or a seasoned pro, there’s plenty for you in the 2-days! Yes, we’re using Microsoft Sentinel, but the underlying threat detection theory, logic and threat hunting approach is transferable into your own environments, whatever your preferred platform.
We look at the top 10+ methods we use in offensive engagements and show how these can be caught, along with numerous other examples and methods that go above and beyond these common TTPs!
With 14 hands-on exercises you’ll gain real-world experience in the following areas:

Day 1

MITRE ATT&CK, CAR and D3fend frameworks
Defensive OSINT
Linux/Windows auditing, logging and event data
Using Logstash as a data forwarder
Overview of the Kusto Query Language (KQL) and Microsoft Sentinel
Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC)
Detecting phishing attacks and living off the land binary (LOBAS) abuse
Detecting C2 traffic and beacons
Detecting credential exploitation
- Kerberoasting
- Pass-the-Hash
- Pass-the-Ticket
- Azure Cloud attacks

Day 2

Detecting Active Directory Certificate Services (ADCS) attacks
Detecting DCSync attacks
Creating alerts and analytical rules in Microsoft Sentinel
Detecting lateral movement within a network
- WinRM
- SMB
- MSSQL
Detecting data exfiltration and C2 channels
Detecting persistence activities
Various userland methods
Permanent WMI Event Subscriptions

We know 2 days isn’t a lot of time, so you’ll also get 14-days FREE lab time after class and a dedicated Discord channel for support.

Included

All students have access to a training platform (during the event and for 14-days after training finishes) in which exercises are provided along with detailed instructions on how to achieve the task
14-day extended LAB access after the course finishes
Discord support channel access

Requirements

Detection methods will be taught during training, however an understanding of networking concepts would be beneficial, and previous SOC experience and/or pentesting is advantageous but not required.
You’ll will need to have access to a laptop and their favourite browser!

Le présent site stocke des cookies et autres traceurs sur votre équipement (ci-après dénommés « cookies »). Ces cookies sont utilisés par Sysdream pour collecter des informations sur la manière dont vous interagissez avec le site et établir des statistiques et des volumes de fréquentation et d’utilisation afin d’améliorer votre parcours en tant.

Vous pouvez choisir de ne pas autoriser certains types de cookies, à l’exception de ceux permettant l’utilisation du présent site web et qui sont par conséquent strictement nécessaires à son fonctionnement. Pour accepter ou refuser l’utilisation des différentes catégories de cookies (à l’exception de la catégorie des cookies strictement nécessaires), rendez-vous dans les Preference cookies.

Vous pouvez à tout moment revenir sur votre autorisation d’utilisation des cookies (Preference cookies).

Le refus de l’utilisation de certains cookies peut avoir un impact sur votre utilisation du site.

En savoir plus : Politique gestion des cookies

Cookie preferences

Refuse all cookies

Accept all cookies

Strictly Necessary Cookies

The purpose of these cookies is to measure the site's audience and to prevent cybersecurity problems. They allow the provision of this website and are therefore strictly necessary for its operation. They cannot therefore be deactivated

PHPSESSID, pll_language, tarteaucitron, matchadform, _pk_id.26.b623, MATOMO_SESSID

Always active

Youtube video cookies

These cookies are placed by third parties and allow the proper functioning of the YouTube videos inserted on this site. You can refuse or accept the use of cookies from this category. Warning: the refusal of these cookies can have an impact on the functioning of the videos.

Google Youtube

Statistical and marketing cookies

This cookie makes it possible to establish statistics in order to know the origin of the User during a request to download a resource. You can refuse or accept the use of this cookie from this category.

Statistical and marketing cookies

En savoir plus : Cookie management policy

Refuse all cookies

Accept all cookies

Save