Attendees will need to have access to a system with a web browser (Firefox, Brave, Chrome).
This multi-series set of bite size workshops, over 1 week, which will help improve both red and blue skillsets through a series of hacks, where you as an attendee will have to identify malicious activities on a series of targets. Over the training segments, the trainer (Red Team) will perform a series of attacks on the hosts within the In.security lab, running commands, tools and techniques used in the field. You (the Blue Team) will then need to use our ELK stack to identify the malicious activities and raise the alarm! This will upskill both attackers in understanding the various attack flows that could compromise their cover and defenders in understanding how to detect them.
“The best defence is a good offense” applies as much in cyber as it does in sport. You’ll get sneak peeks of the attacks the trainer carries out before you’re set off to hunt down the evidence and this heightened mind-set will subsequently up your game in the field to better detect the traces, logs and data that can give an attacker away.
Day 1: 10 Aug, Session 1 – 12:30-13:00
- Lab access and overview
- Auditing Windows, Linux and network devices
- Intro to the ELK stack, Sysmon, logging and monitoring
- Using Kibana to find artefacts
Practical scenario (demo-led to introduce lab environment)
- Brute-force attacks have been performed - Identify targeted and compromised user accounts
Day 2: 11 Aug, Session 2 – 12:30-13:00
- Phishing attacks and IOC’s
- Malicious emails have been sent – catch the phish
Day 3: 12 Aug, Session 3 – 12:30-13:00
- Demo-led solution of session 2
- Credential theft
- Identifying credential-based attacks and compromised accounts
Day 4: 13 Aug, Session 4 – 12:30-13:00
- Demo-led solution of session 3
- Lateral movement and pivoting within the enterprise
- Identifying post exploitation and lateral movement attacks
Day 5: 14 Aug, Session 5 – 12:30-13:00
- Demo-led solution of session 4
- Using Out of Band (OOB) channels to exfiltrate data
- Identifying suspicious connections using visualisations
- Demo-led solution of session 5
Why not sign up for QA's weekly Cyber Pulse newsletter with the latest in cybersecurity? Here's an example.
This workshop is suited to a variety of delegates, including:
- Blue/Red team members
- SOC analysts
- Penetration testers
- Security professionals
- IT Support, administrative and network personnel
Delegates will learn how to:
These weekly interactive 30-min sessions will incorporate theory and progress to a simulated attack, whilst giving hints and tips for artefact identification in a demo environment.
As a player you can then continue to research the methods used in the webinars throughout the entire week 24/7, enabling you to play around with what you have learned.