Trainer: Ben Mauch

Skill Level: All

Date/Time: May 2-3, 2024, 9am-4pm EST

Are you looking to improve your detection capabilities? Learn how to create specific detections to identify early Indicators of Compromise (IOCs) in our Actionable Purple Team Simulation course. Designed for those looking to improve their offensive and defensive knowledge, students will gain hands-on experience in both the latest attack techniques and effective strategies to detect them.

During this course, students will run attacks on a lab system. After creating rules to detect the attack in Splunk, students will set up their Splunk system for a final lab. During this lab, a simulated attack will occur on their systems where they must detect and defend against the attacks.

This course will focus on the MITRE ATT&CK framework as well as several attacks that do not leverage a vulnerability. These attacks include weak credential harvest, lateral credential spray, SPN queries, and more. Students will take away a better understanding of early IOCs and how to identify these threats within their environment, regardless of the initial attack vector.

Students in this class can expect to:

1. Improve detection capabilities

2. Learn how to create specific detections to identify early IOCs

3. Enhance offensive and defensive knowledge

4. Gain hands-on experience in the latest attack techniques

5. Learn effective strategies to detect attacks

6. Perform hands-on attack simulations on a lab system

7. Create rules to detect attacks in Splunk

8. Set up a Splunk system for a final lab with a simulated attack

9. Focus on the MITRE ATT&CK framework and various types of attacks including weak credential harvest, lateral credential spray, SPN queries, and more

This course qualifies for 14 hours of CPE credit hours.

Overview and Course Syllabus

Day 1

• Introduction to Defense/Splunk

• Introduction to Linux

• Drive-By Attacks (Initial Access)

• Weak Credential Brute-Force & Password Recovery

• Getting Your First Shell

• Getting Credentials with Mimikatz

• Getting Domain Information

• Brute-Force Attacks

• Responder

• Kerberoast/Orpheus

Day 2

• Password Cracking

• Lateral Movement

• Getting Domain Admin

• Post-Exploitation

• Command Obfuscation

• LOLBAS/LOLBinsPersistenceObfuscation

• Final Lab

Key Takeaways

• Learn both offensive and defensive techniques

• Improve your understanding of detection capabilities

• Identify key IOCs

• Learn the latest in attack techniques

Who Should Take This Course

• Defenders

• Penetration Testers

• Threat Hunters

• Security Operations

• Anyone looking to strengthen their offensive and defensive knowledge

What's Provided

• A lab environment with an Ubuntu image for attacking the simulated environment

• Hands-on experience performing and detecting attacks

• All presentation slides and a course handout with all of the commands

Technical Requirements

• Internet connection

• Web Browser to access Student Lab

• Web camera

• Headphones and microphone

Pricing

Contact us for a military discount/group pricing (3 or more students).