DAY ONE of this vendor-agnostic training will cover how to build your own SOC. The hunting platform, running on an Azure deployed lab environment will teach students how to collect endpoint telemetry using windows event logs and sysmon (EDR). We will provide light introductions into using Git, Docker, Elasticsearch, Logstash, and Kibana. We will have a look at Microsoft group policies (GPO’s), Windows Eventlog Collection, forwarding, and Winlogbeat configuration. Students will get to build their own data lake, log collection, and alerting system.
On DAY TWO students will get their own Kali Linux and Windows 10 client, perform Red Team exercises within their environment, and then learn how these common TTP’s (attack techniques – MITRE ATT&CK) work and the underlying methodology to detect them, as performed by a Blue Team:
– Privilege Escalation
– Code execution and payload delivery
– Process spawning and Macro weaponization
– Lateral Movement (Pass the hash)
The course is aimed at individuals that want to gain a better understanding of how to design, build, and operate their hunting platform to quickly identify threats. The course is accessible to persons that are part of a SOC, Incident Response, or Threat Hunting team, but also to General security practitioners, system administrators, and security architects. Companies looking to build their own SOC, or that are looking to make vendor choices for SIEM/EDR solutions will get a clear understanding of how these technologies work, what they can and cannot do, and how they work together.
YOU WILL LEARN:
After following this training, students will
– Know which logs to collect and how to ship them centrally
– Build advanced detections to catch adversary TTP’s
– have a full understanding of building a complete Threat Hunting pipeline (BLUE TEAM)
– work with Docker – optimizing the deployment of your hunting platform
– Use Git, and have access to all the code to build your personal lab (for after the training)
– Perform RED TEAM exercises with the Metasploit Framework
– Understand Windows GPO’s
– Endpoint log telemetry (EDR)
– Have a full ELK (Elastic, Logstash, and Kibana) deployment completely docker based
Familiarity with Linux and Windows is mandatory.
BASELINE HARDWARE REQUIREMENTS:
Students need to bring their own laptops with the following minimum system requirements
Further details on Cost & Information . Please contact 0582864306 & email – firstname.lastname@example.org/ Jpaul@exclusive-networks.com
|2021-01-26||10:00 to 17:00|