introduction to detection
Advanced Detection Helps You See Beyond the Blinking Boxes
You bought all the latest cyber detection tools, but somehow still can’t seem to detect mimikatz. IT is screaming about the resource consumption from the multitude of cybersecurity tools on the endpoints, security analysts are barely staying afloat in the oceans of data your toolsets have created, and the latest red team report detailed how response actions were ineffective against identity threats again. If this sounds familiar for your organization, this is the adversary tactics training course for you.
Training course summary
Detection
Adversary Tactics: Detection will provide you the understanding and ability to build robust detections, starting with the “Why?” and going all the way to the technical implementation of detecting threat actor activity. You will learn how to apply advanced detection and response methodologies and technical approaches practiced, regardless of the security toolsets deployed in your organization. Our detection engineers will walk you through starting with a detection engineering strategy first and then focusing on methodologies to build robust alerting, with the result of improving detection and response capabilities throughout security operations.
Day 1
- Threat Hunting Introduction
- MITRE ATT&CK and Adversary TTPs
- Interpreting Threat Intelligence
- Data Source Identification
- Configure Test Environment
- Implement Attacker Technique
Day 2
- Data Modeling
- Data Quality Assessment
- Detection Engineering Methodology
- Threat Hunting Campaign Types
Day 3
- Develop Cyber Detections
- Alerting & Detection Strategies
- Hypothesis Generation (based on Threat Intel Report)
Day 4
- Threat Hunting Engagement
- Detection Development
- Detection Presentation & Peer Review
Overview: Detection
Adversary Tactics: Detection builds on standard network defense and incident response (which often focuses on alerting for known malware signatures) by focusing on abnormal behaviors and the use of adversary Tactics, Techniques, and Procedures (TTPs). We will teach you how to be a detection engineer, and based on attacker TTPs, perform threat hunting operations and detect attacker activity. In addition, you will learn to use free or open-source data collection and analysis tools, such as Sysmon, Windows Event Logs, and ELK, to analyze large amounts of host information and build detections for malicious activity. You will use the techniques and toolsets you learn to create threat hunting hypotheses and build robust detections in a simulated enterprise network undergoing active compromise from various types of threat actors.
Training Participants
Who Should Take This Training Course
This class is intended for cybersecurity analysts and blue teamers wanting to learn how to effectively hunt in enterprise networks. This course offers benefits to participants of most levels of security operations experience, from SOC analysts to experienced security defenders. Those with a strong technical background will have opportunity for a deep dive into key concepts and labs. Participants in less technically focused positions will be exposed to a robust threat hunting concepts that provide the building blocks to create highly effective detection strategies.
OUR ECOSYSTEM
Other Adversary Tactics Training We Offer
Private Trainings
If a public offering of the Adversary Tactics training classes does not fit your busy schedule, our team of experts are available to provide a private training offering to your organization. This is by far the best way for your team to get one on one access to the instructors and solidify the material. We provide all training material as well as laptops and classroom locations if needed.
SO Con Register
Sign up for SO-CON updates for the latest information: