You’ve heard this story before. Bad actor walks into a network and pillages the place in swift action. CIO asks: “Where did we go wrong?” SysAdmin replies “our password, remote access, workstation restriction, and lack of application safelisting policies. Oh, and our SIEM didn’t notify us. We just weren’t ready for that attack.”
In a significant change from the original course, students will be introduced to Microsoft Azure and Sentinel. Each student will be responsible for deploying a cloud lab that includes an Active Directory domain, a C2 server, and integration with AZ Sentinel’s detection platform. All of this will be taught through a proven framework for purple team operations that results in better business outcomes.
Each student will then pollute the AD domain with garbage using BadBlood and wreak havoc on the environment through an updated iteration of the following labs:
- Organizational reconnaissance
- Bloodhound, Sharphound and Neo4j
- Group policy preferences
- Command and control operations
- Canary accounts for detecting password sprays and Kerberoasting
- File share poisoning via URL and LNK files
- Pass the hash attacks
- DCSync operations
- Password cracking with John the Ripper
- Kerberoasting attacks
- Atomic Red Team
Students will have an opportunity to attack their own in-class Active Directory environment with Red Team tactics, implement Blue Team defensery, and manage an environment designed to prevent, slow, identify, and highlight attacks. Additionally, the course will guide students through configuring no-nonsense attack identification and alerting that is essential to an effective SOC operation.
In a live environment, students will have the opportunity to demonstrate a secured enterprise by utilizing the MITRE ATT&CK Framework, Red Team tactics and Blue Team defenses to identify, slow, and stop attacks.
Implement better security and tell your CIO how everything went right!
- Build a continuously improving IT security lifecycle of responsible network administration.
- Understand and implement “Best Practice” Security configurations for Windows and Active Directory.
- Utilize Modern red team and hacker tactics to audit security posture.
- Kill the LLMNR, NTLM, and SMB Relay attack sequence.
- Understand current frameworks in use by attackers, script kiddies, and nation-state actors.
- Understand business impact and residual risk in balancing security.
- Ability to demonstrate command and control infrastructures and relative defense mechanisms.
WHO SHOULD TAKE THIS COURSE
People interested in learning how to red team to drive home the risks of failing to implement improved password policies. Anyone interested in understanding and executing an LLMNR and NTLM relay attack against open SMB services on a network should join us. Any analyst, sysadmin, or network architect looking to build a security team focused on continual improvement should take this course.
- IT System Administrators
- IT Security Management and Leadership
- Helpdesk Technicians and Analysts
- Network Engineers
- Defenders and BlueTeamers
- General security practitioners
- Penetration testers
- Network / Domain Architects
AUDIENCE SKILL LEVEL
Students should have nominal Windows / Linux / Mac operating knowledge. An ideal candidate is in a position to make lasting changes in a Windows Domain environment. A motivated student will be ready to deploy command and control infrastructure, infect Windows systems, escalate their privileges, and learn defensive strategies to kill these attack chains.
- Exposure to Active DirectoryAccess to an Azure Subscription for this lab environment
- Signing up is free and includes a $200 credit for 30 days: (Create Your Azure Free Account Today | Microsoft Azure)
WHAT EACH STUDENT SHOULD BRING
- Remote Desktop Protocol (RDP) Client
WHAT STUDENTS WILL BE PROVIDED WITH
- Digital Copy of Book
- Best Practice guides, cheat sheets, and syntax cards
TRAINER & AUTHOR
Jordan was around for the inception of Napster and the explosion of P2P networks. This drove his fascination with network systems and led him toward a career in IT. Jordan’s first gig in the industry included supporting Latin American networking customers for Hewlett Packard’s network support division. After five years of support, engineering, training, and stress, Jordan became a wireless escalations team lead and multi-vendor certified problem solver. With kids in tow, Jordan headed back toward the Dakotas to be nearer extended family and friends where he learned Citrix, VMware, VDI, supported Cisco gear, implemented profile management solutions, deployed remote networks at scale, and ensured performance across infrastructure. Before becoming a penetration tester, Jordan supported multiple (50+) domains as part of an MSSP’s rock star team. For the last five years, Jordan has been a penetration tester with the Black Hills InfoSec team.
Kent started his Information Technology career working for an Internet Service Provider supporting the MidWest’s broadband initiatives of the early 2000s. His interest in technology and business operations drove his career into working for multiple Fortune 500 companies and equipping their organizational leadership with business analytical data that would support their technology initiatives. With an understanding of Information Technology, System Administration, Accounting, and Business Law, Kent has helped businesses leverage technology for competitive advantage while balancing the risks associated with today’s dynamic network environments. Kent has been with Black Hills Information Security for three years in security and administration roles.
In addition to their Security Analyst roles at Black Hills Information Security, Jordan and Kent are Co-Founders of Defensive Origins…a cyber-security research, training, and consulting institution designed to assist Information Security professionals, Systems Administrators, and Organizational Leadership in developing, operating, and maintaining efficient secure network operations. Both Jordan and Kent have presented at multiple conferences, webcasts, and television programs, as well as written blogs discussing the importance of Network Security, Internet Privacy, and the importance of balancing Information Security business risk in today’s organizations.