• KURZY
    • GDPR Kurzy
      • DPO Bootcamp IV.
      • Elektronický podpis a jeho využitie v praxi
      • GDPR Vakcína
      • GDPR v informačnej bezpečnosti
      • Koronavírus (COVID-19) a spracúvanie osobných údajov podľa GDPR (videozáznam)
      • Marketing vo svete GDPR
      • Práca z domu “v novom normále”
    • InfoSec & CyberSec
      • AWS Security Hub
      • Becoming a digital detective
      • Bezpečná elektronická komunikácia
      • How to build and run in-house SOC
      • How to spot and defend against adversaries movements in your network
      • Monitorovanie hrozieb v SCADA ICS
      • Privilegovaní používatelia – hrozba, o ktorej by ste mali vedieť
      • Security Basics for Managers
      • Security Information & Event Management
      • Security Operation Center
      • Your Android has been hacked
  • Interné školenia
  • Prieskumy
  • Podujatia
    • Audit Club
    • CISO Club
    • CySec Club
    • DPO Club
    • Qubit Conference Belgrade
    • Qubit Conference New York
    • Qubit Conference Prague
    • Qubit Conference Sofia
    • Qubit Conference Tatry
  • Blog
  • O NÁS
  • KONTAKT
Qubit Academy
  • KURZY
    • GDPR Kurzy
      • DPO Bootcamp IV.
      • Elektronický podpis a jeho využitie v praxi
      • GDPR Vakcína
      • GDPR v informačnej bezpečnosti
      • Koronavírus (COVID-19) a spracúvanie osobných údajov podľa GDPR (videozáznam)
      • Marketing vo svete GDPR
      • Práca z domu “v novom normále”
    • InfoSec & CyberSec
      • AWS Security Hub
      • Becoming a digital detective
      • Bezpečná elektronická komunikácia
      • How to build and run in-house SOC
      • How to spot and defend against adversaries movements in your network
      • Monitorovanie hrozieb v SCADA ICS
      • Privilegovaní používatelia – hrozba, o ktorej by ste mali vedieť
      • Security Basics for Managers
      • Security Information & Event Management
      • Security Operation Center
      • Your Android has been hacked
  • Interné školenia
  • Prieskumy
  • Podujatia
    • Audit Club
    • CISO Club
    • CySec Club
    • DPO Club
    • Qubit Conference Belgrade
    • Qubit Conference New York
    • Qubit Conference Prague
    • Qubit Conference Sofia
    • Qubit Conference Tatry
  • Blog
  • O NÁS
  • KONTAKT

How to spot and defend against adversaries movements in your network

  • Home
  • How to spot and defend against adversaries movements in your network

How to spot and defend against adversaries movements in your network

MITTRE ATT&CK HandsOn Training

Contact

Denisa Lavková
+421 948 959 957
Register 

Once the attacker infiltrate to the network they have various goals and targets. Attack can be initiated by phishing or attacker can simply use social engineering technique and gain user credentials. Having stolen credentials there is small step to became domain admin. In situation like this where no exploit is used, and valid credentials play primary role in initial phase of attack SOC have hard time to distinguish from normal traffic. With legit credentials attacker can and will move laterally. During the attack “credential dance” will be used as that is common pattern how to move laterally.

In this training we will focus on detections of these movements and techniques. We will use Bloodhound to detect possible movement path. And we will use this knowledge to improve our detections patterns. This training is 90% blue team and 10% red team and 80% technical where time will be spent in lab. After this training you will have knowledge how to detect attacker sneakily moving through the company systems.

Table of contents

Day 1

  • Event ID’s – what is important to know
    • What must be logged
    • Where to get logs
    • Which tools to use
      • Lab 1.1 – Event ID’s foundation
  • Logging standard
    • What we really need to log
  • Attack types – commonly used types of attacks
    • What is used by adversaries
    • Which attacks you should test regularly
  • Lateral movement - foundation
    • Lab 1.2 – User session tracking
  • Bloodhound
    • Lab 2.1 Bloodhound foundation
    • Lab 2.2 Bloodhound for defenders

Day 2

  • ATT&CK Mapping
    • How to work with the matrix
    • Practical usages of ATT&CK
  • Common misused tools
    • Lolbin & Lolbas
  • Detection for leaked accounts
    • Lab 3.1 – Tracking for newly created account
  • How to investigate
    • Lab 3.2 – Tracking for misused account
  • Password basics
  • Password hygiene
    • Lab 4.1 – Password cracking
  • Domain password auditing
    • Lab 4.2 – Password auditing

Key takeaways

Understanding what needs to be monitored

Understanding adversaries movement

Be confident with ATT&CK matrix

Understanding why is important to know the environment

Proficient with password auditing

Target audience

  • Security manager
  • Chief security analyst
  • Security Operator
  • Security Specialist
  • Security Analyst

Requirements

  • Laptop with 60GB of free space, local administrator rights and ability to start VirtualBox or Vmware.

Duration: 2 x 8 hours (9am – 5pm) including lunch break and two 15-minutes coffee breaks


Maximum number of participants is 20.

Workshop will be taught in slovak.

Lukáš Ciasnoha

CSIRT Team Lead | NN Group

Lukas Ciasnoha has been working in the field of IT security for almost 15 years. He held the position of security administrator for first eBook CZ platform, position of Security Architect in the Accenture consultancy company where majority of time was spent on project for financial sector in biggest EU bank.

Since 2015, he has held the position of Chief Security Analyst for the NN group where recently moved to CSIRT unit. In 5 years, with his 18 - member International team, he has managed to improve SocOperations from compliancy centric SOC to “real security” SOC. Recently was part of big migration project where new SIEM was implemented and ATT&CK was main of the tool for security use cases migration.


Juraj Přibyl

Security Operation Center Manager | NN Group

Juraj Přibyl sa v oblasti IT bezpečnosti pohybuje už bezmála 13 rokov. Zastával pozície Špecialistu na informačnú bezpečnosť v skupine Slovak Telekom, od roku 2010 pracoval na pozícii CISO v oblasti finančného a bankového sektoru v Českej republike a neskor bol ako CISO zodpovedný za celý CEE región. Od roku 2015 zastáva vedúcu pozíciu SOC manažéra pre skupinu NN. Za 5 rokov sa mu s jeho bezmála 35 členným multikultúrnym tímom podarilo na zelenej lúke vybudovať v Prahe globálny SOC, ktorý sa stará o bezpečnosť 12 krajín po celom svete a je jedným z najväčších in-house SOCov v našom regióne. 

Registration 
I am interested in in-house training 

Najnovšie články

  • V online svete číha čoraz viac nástrah a je dôležité sa proti nim brániť
  • Bezpečná komunikácia
  • Bezpečnosť informácií v online svete
  • Blue Teaming – Prípadová štúdia
  • Red Teaming – Prípadová štúdia

Pridajte sa k nám

Copyright © 2016-2022 QuBit Security s.r.o., Všetky práva vyhradené. - Vyhlásenie o spracúvaní osobných údajov - Všeobecné obchodné podmienky - O cookies

LinkedIn  Twitter  Facebook