Attack-Detect-Defend with Azure Sentinel with Kent Ickler and Jordan Drysdale
Overview
- Course Length: 16 hours
- Support from expert instructors
- Includes a certificate of completion
- 12 months access to Cyber Range
This course will deep dive into what we call threat optics: auditing endpoints, centralizing logs, and visualizing results.
Attack-Detect-Defend (ADD) With Azure Sentinel is for you if:
You want to improve the efficiency of your red and blue teams. You have an interest in threat optics. You want to implement a methodology for improving business processes around your security culture. Your business executives require ROI data to warrant further capital expenditure on threat-optic and threat-hunting initiatives. You want to see Azure Sentinel’s threat visualizations in near real-time.
You have interest in modern post-exploitation and pentest-related activities, including:
- Active Directory Certificate Services
- Command and Control
- Credential Attacks
- Kerberoasting
- Shadow Credentials
- Threat actor TTPs
You have interest in deception techniques and detection engineering, including:
- Honey accounts and service principals
- BloodHound and Kerberoasting detections
- Password spray and credential attack detects
- Certificate request and KeyCredentialLink auditing
- Real world attacker attribution using services
The Nitty Gritty:
Attack: This is an Active Directory post-exploitation course where students can walk through penetration testing methodology with two well-seasoned veterans. The courseware is entirely lab based and most of those labs are based on attacks used as part of an industry proven penetration testing methodology.
Detect: The course provides configuration walkthroughs for Linux syslog and Windows event log data connectors for Microsoft Sentinel. An introduction to Kusto Query Language and Microsoft Sentinel alerts is provided to demonstrate threat detection. Association between attacker techniques, Windows event IDs, and detection logic is provided for most of the courseware’s attack labs.
Defend: Students are guided through highly effective Active Directory deception techniques. Deception tech is then used throughout the courseware as a baseline for detecting common Active Directory enumeration like ADExplorer, BloodHound, and Impacket’s GetADUsers.py. Alongside the attacks and detects is a thorough discussion of security defenses and best practices.
Prerequisites:
- Exposure to Active Directory.
- Access to an Azure Subscription for this lab environment.
- Ability to SSH and RDP to IP addresses hosted on Microsoft Azure.
Wild West Hackin’ Fest at Mile High (Feb 4th – Feb 5th, 2025) – Denver, CO
- February 4th – 8:30 AM to 5:00 PM MDT
- February 5th – 8:30 AM to 5:00 PM MDT
Who Should Take This Course
- You want to improve the efficiencies of your red and blue teams
- You have interest in threat optics
- You want to implement a methodology for improving business processes around your security culture
- Your business executives require ROI data to warrant further capital expenditure on threat-optic and threat-hunting initiatives
- You have interest in modern pentest-related activities, including:
- Active Directory Certificate Services
- Command and Control
- Credential Attacks
- Kerberoasting
- Password Cracking
- Shadow Credentials
- And much more…
Student Requirements
- Access to an Azure Subscription for this lab environment
- Exposure to Active Diretory
This class is being taught at Wild West Hackin’ Fest at Mile High 2025.
For more information about our conferences, visit Wild West Hackin’ Fest!
Clicking on the button above will take you
to our registration page on the website.