Offensive Security Kali Purple Workshop
Event description
This workshop is a hands-on initial exposure to the SOC200 challenge lab activity focusing on ELK log monitoring. We have also been including an initial look at the threat hunting Malcolm tool (Arkime/Zeek) which runs as part of the Kali Purple set of tools. We're currently extending the workshop lab to support a session on Wazuh alert monitoring and a session on the use of Velociraptor for incident response. These are all part of the Kali Purple operational security toolset.
The SOC200 Workshop is a cyber defence (blue team) workshop which buses the Kali Purple platform and is aligned with the SOC200 Offensive Security Defence Analyst (OSDA) certification. The workshop is presented in two parts. The first part of the workshop walks the attendees through a practical demonstration of a cyber attack, using the ELKStack SIEM to monitor, detect and diagnose the attack. The attack is automated through use of the Kali-Autopilot tool. The workshop provides an introduction to ELKStack and shows how itis used to monitor system activity, and then the attack is initiated and the workshop walks through and explains the steps involved in detecting the attack and diagnosing what form of attack it might be. Attendees will observe the attack in progress and the use of ElkStack, and may optionally connect in and do their own log analysis. The attack runs in three phases: reconnaissance, exploitation, and persistence.
The second part of the workshop is focused on Kali Purple and Threat Hunting. An explanation of the Kali Purple platform and its use as both a learning tool and a platform for operational cyber defence is covered, including a walkthrough of the US Dept Homeland Security “Malcolm” tool for threat hunting. Attendees will come away with a good understanding of how SOC analysts can detect cyber attack, and a good insight into what is required to pass the SOC200 OSDA certification.
Requirements:
A Laptop with Kali purple running as a VM, the instructor will get your email address so they can contact you with other requirements.
Lunch will be catered please be sure to list any requirements when buying your ticket.
We thank you for your interest in this course. All courses are dependent
on having enough attendees to cover the basic costs. If we are not able
to sell enough tickets to cover the cost we will refund your ticket
price. Refunds will be provided in this case by us for any tickets
purchased up to the day we cancel. If the trainers are not able to make
it, if there are natural disasters or situations that prevent the event
from running that are beyond our control we will refund your ticket cost
in that case as well.