ＨｉｄｅＺｅｒｏＯｎｅ

Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between. In this class, you will learn how to force an attacker to take more moves to attack your network. These moves may increase your ability to detect them. You will learn how to gain better attribution as to who is attacking you and why. You will also find out how to get access to a bad guy’s system. And most importantly, you will find out how to do the above legally.

Active Defense & Cyber Deception w/ John Strand

Syllabus

• Attacker Methodology Introduction
• Windows Endpoint Introduction
• Windows Server Side Attacks
• Windows Client-Side Attacks
• Windows Privilege Escalation
• Windows Persistence
• Linux Endpoint Introduction
• Linux Server Side Attacks
• Network Detections
• Antivirus Alerts and Evasion
• Network Evasion and Tunneling
• Active Directory Enumeration
• Windows Lateral Movement
• Active Directory Persistence
• SIEM Part One: Intro to ELK
• SIEM Part Two: Combining the Logs

SOC-200: Foundational Security Operations and Defensive Analysis

This course is designed to help students build and maintain a truly defensible security architecture, while taking them on a journey towards implementing Zero Trust principles, pillars and capabilities. There will be a heavy focus on leveraging current infrastructure and investment. Students will learn how to assess, re-configure and validate existing technologies to significantly improve their organizations’ prevention, detection and response capabilities, augment visibility, reduce attack surface, and even anticipate attacks in innovative ways. The course will also delve into some of the latest technologies and their capabilities, strengths, and weaknesses. You will come away with recommendations and suggestions that will aid in building a robust security infrastructure, layer by layer, across hybrid environments, as you embark on a journey towards Zero Trust. 23 Hands-On Labs + Capstone Secure the Flag Challenge

SEC530.1: Defensible Security Architecture and Engineering: A Journey Towards Zero Trust
SEC530.2: Network Security Architecture and Engineering
SEC530.3: Network-Centric Application Security Architecture
SEC530.4: Data-Centric Application Security Architecture
SEC530.5: Zero-Trust Architecture: Addressing the Adversaries Already in Our Networks
SEC530.6: Hands-On Secure the Flag Challenge

SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise

Security Defense and Detection TTX is a comprehensive four-day tabletop exercise that involves the introduction to completion of security TTXs (tabletop exercises), IR playbooks, and after-action reports. The exercises are paired with video and lab demonstrations that reinforce their purpose. The training as a whole is compatible with the world’s most popular RPG rules.

The preparation phase will walk students through the creation of specific IR playbooks that can be utilized in any environment as well as during later parts of the class. The next phase introduces the gamification of the TTXs. The students split up into separate “corporations” with assigned verticals, hit points, armor class, budgets, strengths, and weaknesses. Selection of departments and skills allow the players to further their modifiers. Throughout the exercise, each company will take turns rolling their way through decisions such as large purchases, attack severity, defense capability, and incident response decisions.

 Antisyphon: Security Defense and Detection TTX w/ Amanda Berlin and Jeremy Mio

For the luckiest of enterprises, the awareness of an insecure environment is proven not in public discord after a breach but instead by effective security penetration tests. Time and time again Jordan and Kent have witnessed organizations struggle with network management, Active Directory, organizational change, and an increasingly experienced adversary. For new and legacy enterprises alike, Defending the Enterprise explores the configuration practices and opportunities that secure networks, Windows, and Active Directory from the most common and effective adversarial techniques. Have the confidence that your organization is prepared for tomorrow’s security threats by learning how to defend against network poisoning, credential abuse, exploitable vulnerabilities, lateral movement, and privilege escalation. Learn cost-effective mitigations to contemporary adversarial attacks. The best defended networks are those which have matured from countless penetration tests and security incidents. Learn from Kent and Jordan, two seasoned offensive and defensive security experts, to shortcut your organization’s security posture into a well-fortified fortress.

Antisyphon: Defending the Enterprise w/ Kent Ickler and Jordan Drysdale