Red Team Summit CFP now open! Register Here
Shopping Cart

No products in the cart.

Assumed Compromise – A Methodology with Detections and Microsoft Sentinel with Kent Ickler and Jordan Drysdale

Assumed Compromise with Kent Ickler and Jordan Drysdale
Assumed Compromise with Kent Ickler and Jordan Drysdale

Overview

  • Course Length: 16 hours
  • Support from expert instructors
  • Includes a certificate of completion
  • 12 months access to Cyber Range
Instructors:
and

This course will deep dive into what we call threat optics: auditing endpoints, centralizing logs, and visualizing results.

Assumed Compromise – A Methodology with Detections and Microsoft Sentinel is for you if:  

You need a methodology for assessing networks and domains. You want to improve the efficiency of your red and blue teams. You have an interest in threat optics. You want to implement a methodology for improving business processes around your security culture. Your business executives require ROI data to warrant further capital expenditure on threat-optic and threat-hunting initiatives. You want to see Azure Sentinel’s threat visualizations in near real-time.  

You have interest in modern post-exploitation and pentest-related activities, including:  

  • Active Directory Certificate Services 
  • Command and Control 
  • Credential Attacks
  • Impacket’s Heavy Hitters 
  • Kerberoasting 
  • Shadow Credentials
  • Threat actor TTPs 

You have interest in deception techniques and detection engineering, including: 

  • Honey accounts and service principals
  • BloodHound and Kerberoasting detections 
  • Password spray and credential attack detects 
  • Certificate request and KeyCredentialLink auditing 
  • Real world attacker attribution using services 

The Nitty Gritty:  

Assumed Compromise: This is an Active Directory post-exploitation course where students can walk through penetration testing methodology with two well-seasoned veterans. The courseware is entirely lab based and most of those labs are based on attacks used as part of an industry proven penetration testing methodology. 

Detections: The course provides configuration walkthroughs for Linux syslog and Windows event log data connectors for Microsoft Sentinel. An introduction to Kusto Query Language and Microsoft Sentinel alerts is provided to demonstrate threat detection. Association between attacker techniques, Windows event IDs, and detection logic is provided for most of the courseware’s attack labs.  

Defenses: Students are guided through highly effective Active Directory deception techniques. Deception tech is then used throughout the courseware as a baseline for detecting common Active Directory enumeration like ADExplorer, BloodHound, and Impacket’s GetADUsers.py. Alongside the assumed compromise methodology and detection logic is a thorough discussion of security defenses and best practices.  

Wild West Hackin’ Fest at Mile High (Feb 4th – Feb 5th, 2025) – Denver, CO

  • February 4th – 8:30 AM to 5:00 PM MDT
  • February 5th – 8:30 AM to 5:00 PM MDT

Red Team Summit (March 20th – March 21st, 2025)

  • March 20th – 9:00 AM to 6:00 PM EST
  • March 21st – 9:00 AM to 6:00 PM EST
Instructors:

Jordan Drysdale

Prerequisites: 

Access to an Azure Subscription for this lab environment. 

A GitHub account to access all course materials including lab contents. 

Ability to SSH and RDP to your lab IP addresses hosted on Microsoft Azure.

Prior exposure to Active Directory is nice. 

Prior exposure to Linux command line and PowerShell is also nice. 

Common Questions:  

Q. What are the dates of your next training? 

A. The best way to know when we will be offering Attack Detect Defend (ADD) is to sign up for our email list (we rarely email, though, so you’ll know it’s important when we do).  

Q. Is the course live?  

A. Yes, it is live and typically is 4 hours per day for 4 days, unless we are doing a custom training (hours vary depending on the team we are training).  

Q. Are there hands-on labs? 

A. Absolutely! That’s half the fun! 

Who Should Take This Course

  • You want to improve the efficiencies of your red and blue teams
  • You have interest in threat optics
  • You want to implement a methodology for improving business processes around your security culture
  • Your business executives require ROI data to warrant further capital expenditure on threat-optic and threat-hunting initiatives
  • You have interest in modern pentest-related activities, including:
    • Active Directory Certificate Services
    • Command and Control
    • Credential Attacks
    • Kerberoasting
    • Password Cracking
    • Shadow Credentials
    • And much more…

Student Requirements

  • Access to an Azure Subscription for this lab environment
  • Exposure to Active Diretory

This class is being taught at Wild West Hackin’ Fest at Mile High 2025.

For more information about our conferences, visit Wild West Hackin’ Fest!

Clicking on the button above will take you
to our registration page on the website.

Live Training

  • Collaborative interaction with Instructor and fellow students through the Antisyphon Discord class channel
  • Access to course slides for future reference
  • Tips, tools, and techniques that can be applied immediately upon returning to work
  • Strengthen your skills by solving challenges within the Antisyphon Cyber Range
  • Become part of a community driven to educate and share knowledge

Complete Package

Assumed Compromise – A Methodology with Detections and Microsoft Sentinel with Kent Ickler and Jordan Drysdale
Pay
$ 575.00
Includes certificate of participation, six months access to class recordings and twelve months access to Cyber Range.
Mar 20 – Mar 21
9am EDT – 6pm EDT
Red Team Summit
$ 575.00

Course Categories:

Blue Team, Purple Team, Red Team