You’ve heard this story before. Bad actor walks into a network and pillages the place in swift action. CIO asks: “Where did we go wrong?” SysAdmin replies “our password, remote access, workstation restriction, and lack of application safelisting policies. Oh, and our SIEM didn’t notify us. We just weren’t ready for that attack.”
In a significant change from the original course, students will be introduced to Microsoft Azure and Sentinel. Each student will be responsible for deploying a cloud lab that includes an Active Directory domain, a C2 server, and integration with AZ Sentinel’s detection platform. All of this will be taught through a proven framework for purple team operations that results in better business outcomes.
Each student will then pollute the AD domain with garbage using BadBlood and wreak havoc on the environment through an updated iteration of the following labs:
Organizational reconnaissance
Bloodhound, Sharphound, and Neo4j
Plumhound
Group policy preferences
Command and control operations
Canary accounts for detecting password sprays and Kerberoasting
File share poisoning via URL and LNK files
Pass the hash attacks
DCSync operations
Password cracking with John the Ripper
Kerberoasting attacks
Atomic Red Team
….and more….
Students will have an opportunity to attack their own in-class Active Directory environment with Red Team tactics, implement Blue Team defensery, and manage an environment designed to prevent, slow, identify, and highlight attacks. Additionally, the course will guide students through configuring no-nonsense attack identification and alerting that is essential to an effective SOC operation.
In a live environment, students will have the opportunity to demonstrate a secured enterprise by utilizing the MITRE ATT&CK Framework, Red Team tactics, and Blue Team defenses to identify, slow, and stop attacks.
Implement better security and tell your CIO how everything went right!
Register: https://www.antisyphontraining.com/applied-purple-teaming-w-kent-ickler-and-jordan-drysdale/
You’ve heard this story before. Bad actor walks into a network and pillages the place in swift action. CIO asks: “Where did we go wrong?” SysAdmin replies “our password, remote access, workstation restriction, and lack of application safelisting policies. Oh, and our SIEM didn’t notify us. We just weren’t ready for that attack.”
In a significant change from the original course, students will be introduced to Microsoft Azure and Sentinel. Each student will be responsible for deploying a cloud lab that includes an Active Directory domain, a C2 server, and integration with AZ Sentinel’s detection platform. All of this will be taught through a proven framework for purple team operations that results in better business outcomes.
Each student will then pollute the AD domain with garbage using BadBlood and wreak havoc on the environment through an updated iteration of the following labs:
….and more….
Students will have an opportunity to attack their own in-class Active Directory environment with Red Team tactics, implement Blue Team defensery, and manage an environment designed to prevent, slow, identify, and highlight attacks. Additionally, the course will guide students through configuring no-nonsense attack identification and alerting that is essential to an effective SOC operation.
In a live environment, students will have the opportunity to demonstrate a secured enterprise by utilizing the MITRE ATT&CK Framework, Red Team tactics, and Blue Team defenses to identify, slow, and stop attacks.
Implement better security and tell your CIO how everything went right!
Details
Related Events
RE//verse
February 24, 2025 - March 1, 2025