More dates

    Adversary Tactics: Detection - October 2024 (In-person & Virtual; US Time)

    Share
    The Inverness Denver (Hilton)
    englewood, united states
    Add to calendar
     

    Event description

    This is a Hybrid training; participants can choose to join us in person in the Denver, Colorado area or virtually via Zoom.

    Specter Bash is the in-person only event that complements the trainings, see below for details! (For a short time: Save 25% off your ticket by attending in person)

    You bought all the latest detection tools, but somehow still can't seem to detect mimikatz. IT is screaming about the resource consumption from the multitude of security tools on the endpoints, analysts are barely staying afloat in the oceans of data your toolsets have created, and the latest red team report detailed how response actions were ineffective again. If this sounds familiar for your organization, this is the course for you. We'll walk you through starting with a detection engineering strategy first and then focusing on methodologies to build robust alerting, with the end result of improving detection and response capabilities throughout security operations. This course will provide you the understanding and ability to build robust detections, starting with the why and going all the way to the technical implementation of detecting threat actor activity. You will learn how to apply the methodologies and technical approaches practiced, regardless of the security toolsets deployed in your organization.

    In this course, you will:

    • Learn how to best integrate different components of a detection program for maximum effect
    • Integrate "threat hunting" activity into current detection programs to drive meaningful detection engineering
    • Understand different threat hunting campaign approaches
    • Perform data sensor and data source analysis
    • Understand various MITRE TTPs and Threat Intelligence
    • Practice standardized processes for developing technical detections
    • Document detection research into standardized formats for use in security operations
    • In technical labs, practice data aggregation & analysis at scale to detect threat actor activity

    Course Summary

    Enterprise networks are under constant attack from adversaries of all skill levels and intentions. For many it feels that blue teamers are only facing a losing battle. The attacker "only needs to be successful once" to cause havoc; the blue team must prevent them every time, under every condition, at every step of the way. The goal of this course is to turn that statement on its head and provide you confidence through a new defensive mindset. Preventative solutions are designed to stop attacks before they start, but against an adversary with enough time and resources; all eventually will fail. Rather than making the primary effort of security operations attempting to prevent any attack from being successful, assume breaches could (and likely would) occur and focus on developing robust detections around activity in all stages of the attack cycle. A strategy that focuses on deep understanding of post-exploitation activity (privilege escalation, lateral spread, pivot, persistence) produces high-quality alerts, creating a minefield where the attacker "only needs to be detected once" for blue teamers to respond.

    This course builds on standard network defense and incident response (which often focuses on alerting for known malware signatures) by focusing on abnormal behaviors and the use of adversary Tactics, Techniques, and Procedures (TTPs). We will teach you how to engineer detections based on attacker TTPs to perform threat hunting operations and detect attacker activity. In addition, you will learn use utilize free and/or open source data collection and analysis tools (such as Sysmon, Windows Event Logs, and ELK) to analyze large amounts of host information and build detections for malicious activity. You will use the techniques and toolsets you learn to create threat hunting hypotheses and build robust detections in a simulated enterprise network undergoing active compromise from various types of threat actors.

    Course Syllabus

    Day 1:

    • Threat Hunting Introduction
    • MITRE ATT&CK and Adversary TTPs
    • Data Source Identification
    • Data Quality Assessment
    • Host Baselining
    • Threat Hunting Campaign Types

    Day 2:

    • Interpreting Threat Reports
    • Host-based Collection Methodology
    • Defensive Indicator Design
    • Hunt Hypothesis Generation Process
    • Post Hunt Activities

    Day 3:

    • Digital Signature Validation
    • Dynamic Binary Analysis
    • Hunt Hypothesis Generation
    • Hypothesis Execution

    Day 4:

    • Capstone
    • Threat Hunting Engagement
    • Live Environment/Adversary


      Participant Requirements

      This class is intended for defenders wanting to learn how to effectively Hunt in enterprise networks. Participants should have previous network defense/incident response experience and/or knowledge of offensive tools and techniques, primarily post-exploitation techniques. Additionally, familiarity with using a SIEM, such as ELK or Splunk, will be helpful.

      Specter Bash

      In-person Attendee Benefits

      By attending in person you'll receive the following exclusive benefits to the training:

      • 30 days of course lab access
      • Food! (Breakfast & Lunch provided throughout the event; Dinner provided Monday - Wednesday)
      • Evening events to connect with industry peers
      • Exclusive event-themed swag
      • Week-long Halloween costume contest (see below)

      Evening Events

      Monday

      Kick off the week with a Welcome Reception at the Breckenridge Brewery (attached to the training venue) to break the ice with drinks and food before a fun-filled week!

      Tuesday

      Spooky movies are as Halloween as Pumpkin Spice Lattes, so let’s chill our bones with a Scary Movie Night, hacking-themed Pumpkin Carving, and some good food. We will provide infosec-themed stencils and (foam) pumpkins for carving-- keep what you carve! The movie will be announced soon.

      Wednesday

      Gather ‘round the campfire to hear and share gripping tales of scary (in)security and spine-tingling hacks for a session of Hacking Horror Stories!
      Food will be served so bring your appetite.
      Anyone who attends is free to jump in and share their story but if you'd like to secure your spot to ensure you present, please email Jeff at jdimmock@specterops.io to sign up.

      Week-long

      We’re hosting a Halloween Costume Contest throughout the week for all in-person participants.
      Anyone who wears a costume for at least one of the training days will get their choice of a free ticket to the SO-CON 2025 conference days OR 50% off a SO-CON 2025 training (which also includes a free ticket to conference days)


      Let's Chat!

      Join the conversation now in the BloodHound Slack in channel #specter-bash-2024. Sign up at https://ghst.ly/BHSlack

      Venue

      Specter Bash will take place at The Inverness in Denver, CO (200 Inverness Dr W, Englewood, CO 80112, USA)

      Save money on your room with our Hotel Room Block!

      Venue Amenities:

      • Located on an 18-hole golf course
      • Adjoining Breckenridge Brewery
      • Luxury spa on-site
      • 30 minutes from Denver International Airport

      FAQs

      How can I contact the organizer with any questions?

      Please email training@specterops.io with any questions.  

      What's the refund policy?

      Full refunds will be provided up to 7 days before the course start date.

      What are the hardware requirements for attending the course?

      Courses are based in the SpecterOps training portal and accessible via an internet connection; no VMs are required for labs. The following are recommended hardware requirements:

      • Internet Connection
      • 8GBs of RAM
      • Modern Web Browser capable of rendering HTML5

      Powered by

      Tickets for good, not greed Humanitix dedicates 100% of profits from booking fees to charity

      This event has passed
      Get Tickets