ＨｉｄｅＺｅｒｏＯｎｅ

Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between. In this class, you will learn how to force an attacker to take more moves to attack your network. These moves may increase your ability to detect them. You will learn how to gain better attribution as to who is attacking you and why. You will also find out how to get access to a bad guy’s system. And most importantly, you will find out how to do the above legally.

Active Defense & Cyber Deception w/ John Strand

SEC530 offers a comprehensive approach to designing and implementing a Zero Trust security model within hybrid enterprise environments. This course emphasizes the importance of security architecture in mitigating modern threats by assuming that every user, device, and application could be compromised. Participants will explore Zero Trust principles, including identity and access management, micro-segmentation, continuous monitoring, and least-privilege access. Through hands-on labs and case studies, students will learn to implement these concepts across hybrid infrastructures, ensuring robust defenses and minimizing the attack surface. SEC530 prepares security professionals to create and maintain resilient, adaptive security architectures aligned with the latest industry standards and best practices.

Security Defense and Detection TTX is a comprehensive four-day tabletop exercise that involves the introduction to completion of security TTXs (tabletop exercises), IR playbooks, and after-action reports. The exercises are paired with video and lab demonstrations that reinforce their purpose. The training as a whole is compatible with the world’s most popular RPG rules.

The preparation phase will walk students through the creation of specific IR playbooks that can be utilized in any environment as well as during later parts of the class. The next phase introduces the gamification of the TTXs. The students split up into separate “corporations” with assigned verticals, hit points, armor class, budgets, strengths, and weaknesses. Selection of departments and skills allow the players to further their modifiers. Throughout the exercise, each company will take turns rolling their way through decisions such as large purchases, attack severity, defense capability, and incident response decisions.

 Antisyphon: Security Defense and Detection TTX w/ Amanda Berlin and Jeremy Mio

For the luckiest of enterprises, the awareness of an insecure environment is proven not in public discord after a breach but instead by effective security penetration tests. Time and time again Jordan and Kent have witnessed organizations struggle with network management, Active Directory, organizational change, and an increasingly experienced adversary. For new and legacy enterprises alike, Defending the Enterprise explores the configuration practices and opportunities that secure networks, Windows, and Active Directory from the most common and effective adversarial techniques. Have the confidence that your organization is prepared for tomorrow’s security threats by learning how to defend against network poisoning, credential abuse, exploitable vulnerabilities, lateral movement, and privilege escalation. Learn cost-effective mitigations to contemporary adversarial attacks. The best defended networks are those which have matured from countless penetration tests and security incidents. Learn from Kent and Jordan, two seasoned offensive and defensive security experts, to shortcut your organization’s security posture into a well-fortified fortress.

Antisyphon: Defending the Enterprise w/ Kent Ickler and Jordan Drysdale