Sign Up for our Free One-Day SOC Summit Event March 25, 2026 Register Here

Workshop: Rapid Endpoint Investigations

Course Authored by .

Workshop: Rapid Endpoint Investigations with Patterson Cake

In this 4-hour hands-on incident response workshop, we’ll outline rapid endpoint triage workflow, from methodology to technical steps.

Live Training $25 - $300

Course Length: 4 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: May 1st, 2026 @ 12:00 PM EDT

Description

In this 4-hour hands-on incident response workshop, we’ll outline rapid endpoint triage workflow, from methodology to technical steps.

You’ve received a “true positive” security alert for a Windows or Linux endpoint. This is not a drill! Your environment is under attack! This is war and you need to take rapid, decisive steps to determine:

  • has the endpoint been compromised?
  • have other systems been impacted?
  • what actions should come next?

Together, through hands-on labs and demonstrations, we’ll walk through gathering artifacts from Windows and Linux endpoints using Velociraptor offline collectors, parsing and analyzing artifacts using PowerShell and KAPE, consolidating output, and rapidly identifying indicators of compromise!

Syllabus

Rapid Endpoint Investigations

Section 1: Introduction and Context

    1. Class overview and schedule (lecture)

    1. Investigative workflow context (lecture)

Section 2: Workflow Methodology

    1. Artifact Selection (lecture)

    1. Artifact Acquisition (lecture)

    1. Analysis Workflow (lecture)

Section 3: Tools & Techniques

    1. Endpoint investigation tools (lecture/demo)

    1. Building an artifact “collector” (lab)

    1. Parsing triage data (lab)

Section 4: Case Studies

    1. Windows case study (lecture/demo)

    1. Windows triage-data analysis (lab)

    1. Linux case study (lecture/demo)

    1. Linux triage-data analysis (lab)

Section 5: Conclusion

    1. Workflow and tool review (lecture)

    1. References and resources (lecture)

    1. Q&A

FAQ

Lab Information:

Attendees have two options for completing workshop labs: download and run a virtual machine locally (option 1) or use a cloud virtual machine via web browser (option 2).

Option 1: Requirements – download and run VM locally
CPU: x64 Intel/AMD architecture (min. x2 “logical” processors available for Virtual Machine)
RAM: 4 GB available for Virtual Machine
HDD: 50 GB available disk space (approx. 15 GB for OVA download; approx. 25 GB for Virtual Machine; approx. 2 GB for other course content)

Option 2: Requirements – access cloud VM via web browser
You will need a web browser, to register via MetaCTF, and to pay a small fee for Virtual Machine resource utilization (approx. $5 for a four-hour workshop).

Who Should Attend:

This workshop is intended for security analysts who review and respond to security alerts and perform endpoint investigations.

Audience Skill Level:

Beginner/Intermediate

About the Instructor

Pixel splash background
Bio

Patterson Cake joined the Black Hills Information Security (BHIS) pirate ship in June of 2023 as a Security Analyst focusing primarily on detection engineering and digital forensics and incident response. He chose BHIS because, to paraphrase, “doing cool stuff with cool people” and “making the world a better/safer place” is exactly how he wants to spend his professional time and energy. It also helps that he has a bit of history with a couple of awesome folks that have been with BHIS for many moons. Prior to joining the team, Patterson helped build and lead a DFIR practice for an MSSP, worked as a senior security engineer for AWS Managed Services, and spent several years in enterprise cybersecurity, often healthcare related, focusing on intermingling offensive security and incident response in technical and leadership roles. Outside of work, he enjoys spending time with his family, which often involves motorcycles, outdoor sports, movies, and music.

Register for Upcoming

  • Filter by Product Date
  • Filter by Product Instructor
  • Filter by Product Type

Workshop: Rapid Endpoint Investigations

Pay What You Can - Complete Package

Live Training Patterson Cake

Virtual

Includes:
  • Virtual Ticket to WWHF
  • $100 off next AT class
  • 12 months Cyber Range Access
  • T-Shirt
  • The Future Is ****** comic
  • Sticker Pack
  • Certificate of completion
  • 6 months class recording access via Discord
  • Pay it forward to 6 students
  • Free ACE-T Core certification test

Pay What You Can

Live Training Patterson Cake

Virtual

Includes:
  • $50 off next AT class
  • 12 months Cyber Range Access
  • T-Shirt
  • The Future Is ****** comic
  • Sticker Pack
  • Certificate of completion
  • 6 months class recording access via Discord
  • Pay it forward to 3 students
  • Free ACE-T Core certification test

Pay What You Can

Live Training Patterson Cake

Virtual

Includes:
  • T-Shirt
  • The Future Is ****** comic
  • Sticker Pack
  • Certificate of completion
  • 6 months class recording access via Discord
  • Pay it forward to 1 student
  • Free ACE-T Core certification test

Pay What You Can

Live Training Patterson Cake

Virtual

Includes:
  • Certificate of completion
  • 6 months class recording access via Discord
  • Our appreciation for supporting PFWYC Training
  • Free ACE-T Core certification test

For tuition assistance with this course please send an email to: [email protected]

Content is loading, please wait.
Content is loading, please wait.
$25 - $300
May 1st, 2026 12:00 PM EDT - 4:00 PM EDT

Registration End Date: 10:00 PM, EDT April 30th 2026

Related products

Shopping Cart

No products in the cart.