2.575,00 €Gesamt inkl. 20% Ust.
Aktuell stehen keine zukünftigen Termine zur Verfügung.
Programm
Module 1: Modern Attack Techniques and Tracing Them
1. Discussion: Top attack techniques
2. Advanced Persistent Threats
3. Initial access vectors
4. Phishing – rev shell mail phishing bob
5. Valid Credentials– password spray exc.
6. Spoofing – DSN Twist
7. Vulnerable components (drive by
download)
8. Weak defaults
a. Other vectors Escalation through
Windows Services
Module 2: Local Privilege Escalation Techniques and Tracing Them
1. Unquoted service path
2. Image and DLL manipulation
3. Schedule Tasks
4. Access Token Manipulation
5. SeImpersonate
6. SeTcb
7. Create User Token
8. Process Injection
9. DLL Injection and Reflective DLL Injection
10. CreateRemoteThread
11. Memory Injection
12. Other techniques
Module 3: Case Study – Investigating In-Place Attacks
Module 4: Windows Authentication Architecture & Cryptography
1. Windows Logon
2. Windows Logon Types
3. LSASS Architecture
4. NTLM
5. Kerberos
6. SAM Database
7. NTDS.dit
8. LSA Secrets & gMSA accounts
9. Secrets, credentials and Logon Data
10. SSP Providers
11. Data Protection API
Module 5: Case Study –Investigating Identity Theft
Module 6: Attacks on Identity Infrastructure and Tracing Them
1. Pass-the-Hash, OverPTH attacks
a. Pass the ticket
b. Golden and silver ticket
c. Pass the PRT
d. Shadow Credentials / NGC
2. NBNS/LLMNR spoofing, NTLM Relay,
Kerberoasting
3. DCSync and DCShadow
4. AdminSDholder
5. Other Modern identity attack techniques
Module 7: Case Study – Determining Identity Theft in the Infrastructure
Module 8: eXtended Detection and Response with Sentinel
1. Sentinel 101 - Azure Sentinel Dashboards, Connectors
2. Understanding Normalization in Azure Sentinel
3. Cloud & on-prem architecture
4. Workbooks deep dive - Visualize your security threats and hunts
5. Incidents
6. KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL
7. Auditing and monitoring your Azure Sentinel workspace
8. Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
9. Fusion ML Detections with Scheduled Analytics Rules
10. Deep Dive into Azure Sentinel Innovations
11. Investigating Azure Security Center alerts using Azure Sentinel
12. Introduction to Monitoring GitHub with Azure Sentinel for Security Professionals
13. Hunting in Sentinel
14. Deep Dive on Threat Intelligence
15. End-to-End SOC scenario with Sentinel
Module 9: Case Study – Detecting a Complex Threat with Sentinel
Module 10: Practical and Advanced Use Cases of Sentinel
1. Visualizing Sentinel data with Workbooks
2. Creating automation playbooks in Microsoft Sentinel
3. KQL for Sentinel hands-on lab
4. Proactively hunt for threats using Microsoft Sentinel
5. Basic SOC investigation scenario
6. Auditing and monitoring Microsoft Sentinel workspace
7. Creating scheduled analytics rules for Microsoft Sentinel alerts
8. Manage Cloud App Discovery and protect your environment from risky applications
9. Microsoft Cloud App Information Protection activities
10. Investigating risky users with Defender for Cloud apps user entity behavioral analytics
Ziele
Over the course of 3 days participants will learn some of the modern attack techniques, local privilege escalation methods, and identity infrastructure attacks as well as the ways how those attacks could be detected and mitigated.
This knowledge will be enhanced with case studies which will demonstrate how real-world attacks happen using the methods learned. Additionally, participants will be introduced to Microsoft Sentinel SIEM solution and will learn how to properly set-up, configure, and use this solution.
The course will conclude with showcasing how threat hunting and threat detection design can be performed by leveraging manual and
automated methods.
This is an international course, which means you will share the learning experience in a group of IT pros from around the world! The class is taught in English by CQURE Cybersecurity Experts!
During this course you will have an opportunity to interact with the instructor and get their help with any problems you might encounter, just as if it was a regular class.
Voraussetzungen
To attend this training, you should have a good hands on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).
2.575,00 €Gesamt inkl. 20% Ust.
Aktuell stehen keine zukünftigen Termine zur Verfügung.
