Join us for Wild West Hackin’ Fest Deadwood virtual conference! Register Here

Assumed Compromise: A Methodology with Detections and Microsoft Sentinel with Alyssa Snow and Kaitlyn Wimberley

Course Authored by and .

Assumed Compromise - A Methodology with Detections and Microsoft Sentinel with Alyssa Snow and Kaitlyn Wimberley

You want to take this course if you need a clear methodology for assessing networks and domains for common attacker TTPs, while also improving the efficiency of your red and blue teams.

Course Length: 16 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: WWHF Mile High 2026 - Link at bottom.

Description

You want to take this course if you need a clear methodology for assessing networks and domains for common attacker TTPs, while also improving the efficiency of your red and blue teams. If you have an interest in threat optics, you can take this course for practical exposure to Azure Sentinel’s detection, alerting, and near real-time threat visualization capabilities. The skills and techniques taught during this course may be used to strengthen your organization’s security culture, providing executives with the ROI data they need to justify further investment in threat-optics and threat-hunting initiatives.

 

Topics that will be covered:

Assumed Compromise: This is an Active Directory post-exploitation course where students can walk through penetration testing methodology with two experienced security practitioners. The courseware is entirely lab-based and most of those labs include attacks used as part of an industry proven penetration testing methodology.

Detections: The course provides configuration walkthroughs for Linux syslog and Windows event log data connectors for Microsoft Sentinel. An introduction to Kusto Query Language and Microsoft Sentinel alerts is provided to demonstrate threat detection. Association between attacker techniques, Windows event IDs, and detection logic is provided for most of the courseware’s attack labs.

Defenses: Students are guided through highly effective Active Directory deception techniques. Deception tech is then used throughout the courseware as a baseline for detecting common Active Directory enumeration like ADExplorer, BloodHound, and the Impacket toolkit. Alongside the assumed compromise methodology and detection logic is a thorough discussion of security defenses and best practices.

You will gain exposure to:

Modern post-exploitation and pentest-related activities, including:

  • Active Directory Certificate Services
  • Command and Control
  • Credential Attacks
  • Impacket’s Heavy Hitters
  • Kerberoasting
  • Shadow Credentials
  • Threat actor TTPs

Deception techniques and detection engineering, including:

  • Honey accounts and service principals
  • BloodHound and Kerberoasting detections
  • Password spray and credential attack detects
  • Certificate request and KeyCredentialLink auditing
  • Real world attacker attribution using services

Syllabus

  • Lab Environment Setup
  • Initial Access & Verification
  • Active Directory & Deception
  • Reconnaissance & Network Operations
  • Tooling & Adversary Simulation
  • Credential Attacks
  • Command & Control
  • Lateral Movement & Escalation
  • Detection & Attribution

FAQ

Is the course live?  
Yes, it is live and typically is 8 hours per day for 2 days, unless we are doing custom training (hours vary depending on the team we are training).
Are there hands-on labs? 
Absolutely! That’s half the fun! 
Who Should Take This Course
• General security practitioners
• Network Admins
• Penetration Testers
• Red Teamers
• Blue Teamers looking to broaden their knowledge
Prerequisites
• Access to an Azure Subscription for this lab environment.
• A GitHub account to access all course materials including lab contents.
• Ability to SSH and RDP to your lab IP addresses hosted on Microsoft Azure.
• Prior exposure to Active Directory is nice.
• Prior exposure to Linux command line and PowerShell is also nice.

About the Instructors

Pixel splash background
Alyssa Snow
Bio

Alyssa Snow studied computer science and began her infosec career as an intern automating tooling to scale application security at a software company. Originally, Alyssa aspired to be a developer; however, over time, she learned that she was better at breaking things than making things, and she transitioned to working on an internal red team. Currently, Alyssa is a Security Analyst at BHIS, on the traditional penetration testing and the ANTISOC (Continuous Penetration Testing) teams.

Pixel splash background
Kaitlyn Wimberley
Bio

Kaitlyn became an official part of BHIS in 2022 after being a long-time Community Leader on the BHIS Discord server. She loves to learn and share her knowledge and is an active participant in the community, having spoken at several security-focused events. She holds an M.S. in Cybersecurity from NYU, with a focus in offensive security. She started working at BHIS as a SOC analyst before becoming an operator on the BHIS ANTISOC team. Her current areas of focus are assumed breach and cloud tests.

This class is being taught at Wild West Hackin’ Fest – Mile High 2026.

For more information about our conferences, visit Wild West Hackin’ Fest!

REGISTER HERE

Clicking on the button above will take you to our registration page

Related products

Shopping Cart

No products in the cart.