{"id":2717,"date":"2021-06-14T13:29:48","date_gmt":"2021-06-14T11:29:48","guid":{"rendered":"https:\/\/archive.brucon.org\/2021\/?page_id=2717"},"modified":"2021-06-14T13:38:46","modified_gmt":"2021-06-14T11:38:46","slug":"defending-enterprises","status":"publish","type":"page","link":"https:\/\/archive.brucon.org\/2021\/brucon-2021-training\/defending-enterprises\/","title":{"rendered":"Defending Enterprises"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]<\/p>\n<h2><span id=\"Course_Description\" class=\"mw-headline\">Course Description<\/span><\/h2>\n<div class=\"thumb tright\">\n<div class=\"thumbinner\">\n<div class=\"thumbcaption\">\n<div class=\"magnify\">\n<p>New for 2021, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course.<br \/>\nFrom SIEM configuration to monitoring, alerting and threat hunting, you\u2019ll play a SOC analyst in our cloud-based lab and try to rapidly locate IOA\u2019s and IOC\u2019s from an enterprise breach.<\/p>\n<p>You\u2019ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and\/or expressions will be supplied for both platforms (where applicable). We know 2 days isn&#8217;t a lot of time, so you&#8217;ll also get 14-days FREE lab time after class and Discord<br \/>\naccess for support.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2><span id=\"Course_contents\" class=\"mw-headline\">Course contents<\/span><\/h2>\n<h4>Day 1<\/h4>\n<ul>\n<li><span style=\"font-weight: 400\">MITRE ATT&amp;CK framework\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Defensive OSINT\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Linux auditing and logging\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Windows auditing, events, logging and Sysmon\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Using Logstash as a data forwarder\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Overview of fields, filters and queries in ELK and Azure Sentinel\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">Attacks and host compromises will be actioned by the trainers and delegates will be asked to\u00a0 configure real-time alerting and monitoring using the provided lab infrastructure, in order to identify\u00a0 these events. <\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400\">Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Detecting phishing attacks (Office macros, HTA\u2019s and suspicious links)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Creating alerts and analytical rules <\/span><\/li>\n<li>Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)<\/li>\n<\/ul>\n<h4>Day 2<\/h4>\n<ul>\n<li><span style=\"font-weight: 400\">Detecting data exfiltration (HTTP\/S, DNS, ICMP)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Detecting persistence activities (userland methods, WMI Event Subscriptions) <\/span><\/li>\n<li>C2 Communications<\/li>\n<\/ul>\n<h5>Also included<\/h5>\n<p><span style=\"font-weight: 400\">We realise that training courses are limited for time and therefore students are also provided with the\u00a0 following:\u00a0<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400\">Completion certificate\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">14-day extended lab access after the course finishes <\/span><\/li>\n<li>Discord support channel access where our security consultants are available<\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2><span id=\"Target_audience\" class=\"mw-headline\">Target audience<\/span><\/h2>\n<p>This training is suited to a variety of students, including:<\/p>\n<ul>\n<li><span style=\"font-weight: 400\">SOC analysts\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Security professionals\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Penetration testers \/ Red Team operators<\/span><\/li>\n<li><span style=\"font-weight: 400\">IT Support, administrative and network personnel <\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2><span id=\"Requirements\" class=\"mw-headline\">Requirements<\/span><\/h2>\n<ul>\n<li><span style=\"font-weight: 400\">Understanding of networking concepts\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Previous SOC and\/or pentesting experience is advantageous, but not required\u00a0 <\/span><\/li>\n<li>Previous experience with the Kusto Query Language (KQL) is beneficial, but not required<\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2><span id=\"Hardware.2Fsoftware_Requirements\" class=\"mw-headline\">Hardware\/Software Requirements<\/span><\/h2>\n<ul>\n<li><span style=\"font-weight: 400\">Students will need to have access to a laptop and their favourite browser! <\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;5\/6&#8243;][vc_column_text]<\/p>\n<h2><span id=\"Trainer_Biography\" class=\"mw-headline\">Trainers Biography<\/span><\/h2>\n<p><strong>Will Hunt<\/strong> <span style=\"font-weight: 400\">\u00a0co-founded In.security in 2018. He\u2019s been in infosec for over a decade and has\u00a0 helped secure many organisations through technical security services and training. Will\u2019s delivered\u00a0 hacking courses globally at several conferences including Black Hat and has spoken at various\u00a0 conferences and events. Will also assists the UK government in various technical, educational and\u00a0 advisory capacities. Before Will was a security consultant he was an experienced digital forensics\u00a0 consultant and trainer. <\/span><\/p>\n<p>Twitter : <a href=\"https:\/\/www.twitter.com\/Stealthsploit\" target=\"_blank\" rel=\"noopener noreferrer\">@Stealthsploit<\/a>[\/vc_column_text][\/vc_column][vc_column width=&#8221;1\/6&#8243;][vc_single_image image=&#8221;2180&#8243; style=&#8221;vc_box_circle&#8221; css=&#8221;.vc_custom_1608036220664{margin-top: 50% !important;}&#8221;][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;5\/6&#8243;][vc_column_text]<strong>Owen Shearing<\/strong> <span style=\"font-weight: 400\">\u00a0is a co-founder of In.security, a specialist cyber security consultancy offering\u00a0 technical and training services based in the UK. He has a strong background in networking and IT\u00a0 infrastructure, with well over a decade of experience in technical security roles. Owen has provided\u00a0 technical training to a variety of audiences at bespoke events as well as Black Hat, Wild West Hackin\u2019\u00a0 Fest, NolaCon, 44CON and BruCON. He keeps projects at <\/span><a href=\"https:\/\/github.com\/rebootuser\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/github.com\/rebootuser<\/a>.<\/p>\n<p>Twitter : <a href=\"https:\/\/www.twitter.com\/rebootuser\" target=\"_blank\" rel=\"noopener noreferrer\">@rebootuser<\/a>[\/vc_column_text][\/vc_column][vc_column width=&#8221;1\/6&#8243;][vc_single_image image=&#8221;2181&#8243; alignment=&#8221;center&#8221; style=&#8221;vc_box_circle&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<style type=\"text\/css\">.thegem-button-69d63e3314d0e652 .gem-button svg {fill: #ffffff;}.thegem-button-69d63e3314d0e652 .gem-button:hover svg {fill: #ffffff;}<\/style><div class=\"gem-button-container gem-button-position-fullwidth thegem-button-69d63e3314d0e652    \"  ><a class=\"gem-button gem-button-size-giant gem-button-style-flat gem-button-text-weight-normal\" data-ll-effect=\"drop-right-without-wrap\" style=\"border-radius: 3px;background-color: #b43836;color: #ffffff;\" onmouseleave=\"this.style.backgroundColor='#b43836';this.style.color='#ffffff';\" onmouseenter=\"this.style.backgroundColor='#ef5047';this.style.color='#ffffff';\" href=\"https:\/\/brucon0x0d-training.eventbrite.co.uk\" target=\"_self\">Buy Training Ticket<\/a><\/div> [\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_empty_space][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text] Course Description New for 2021, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course. From SIEM configuration to monitoring, alerting and threat hunting, you\u2019ll play a SOC analyst in our cloud-based lab and try to rapidly locate IOA\u2019s and IOC\u2019s from an enterprise breach. You\u2019ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and\/or expressions will be&#8230;<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":75,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2717","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/archive.brucon.org\/2021\/wp-json\/wp\/v2\/pages\/2717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.brucon.org\/2021\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/archive.brucon.org\/2021\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2021\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2021\/wp-json\/wp\/v2\/comments?post=2717"}],"version-history":[{"count":4,"href":"https:\/\/archive.brucon.org\/2021\/wp-json\/wp\/v2\/pages\/2717\/revisions"}],"predecessor-version":[{"id":2721,"href":"https:\/\/archive.brucon.org\/2021\/wp-json\/wp\/v2\/pages\/2717\/revisions\/2721"}],"up":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2021\/wp-json\/wp\/v2\/pages\/75"}],"wp:attachment":[{"href":"https:\/\/archive.brucon.org\/2021\/wp-json\/wp\/v2\/media?parent=2717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}