Improve how you use the detection techniques in your existing enterprise stack and get to grips with some you’ve probably not heard of. Our consultants will refer to live attack examples (like Emotet), explain how each detection technique is effective against different attacks, and map detection techniques to the cyber kill chain. Expect hands-on demonstrations that you can start using straight away.
The workshops are now available on demand
Workshop #1
Initial access - with Alfie Champion and Riccardo Ancarani
Alfie and Riccardo kicked off Attack Detection Fundamentals with a workshop on initial access. In this video:
- Learn the techniques threat actors use to bypass mail filtering controls and obtain foothold
- Make use of open-source tools to emulate the initial access vectors of Emotet and those used in Operation Cobalt Kitty
- Learn how to detect these attacks using endpoint logs or memory analysis
Access the guides here:
Initial access - Lab guide 1
Initial access - Lab guide 2
Initial access - Lab guide 3
Initial access - Lab guide 4
Workshop #2
Code execution and persistence - with Anartz Martin
In workshop #2, Anartz Martin helps you get to know code execution and persistence tactics. Follow along with demos that illustrate the techniques used by attackers in the wild to:
- Run malicious code to gain foothold on a target’s system (code execution)
- Maintain this system access consistently through reboots, credential changes, and other operational interruptions (persistence)
- Consultants will also cover how code execution and persistence can be detected before attackers advance further down the kill chain.
Access the guides here:
Code execution and persistence - Lab guide 1
Code execution and persistence - Lab guide 2
Workshop #3
Discovery and lateral movement - with Alfie Champion
Alfie is back for workshop #3 to explore and demo opportunities to detect attackers, in a session focused on discovery and lateral movement.
- Detect an attacker as they seek to discover high-value assets within your environment, including file shares and Active Directory groups.
- Observe how attackers could pivot through open shares to hide their lateral movement, using C3 as an example.
- Identify detection strategies for lateral movement using legitimate system administration tools.
Access the guides here:
Discovery and lateral movement - Lab guide 1
Discovery and lateral movement - Lab guide 2
Discovery and lateral movement - Lab guide 3
Discovery and lateral movement - Lab guide 4
Discovery and lateral movement - Lab guide 5
Workshop #4
C2 and exfiltration - with Jordan LaRose and Derek Stoeckenius
Jordan LaRose and Derek Stoeckenius conclude the series with a workshop on C2/C3 and exfiltration. In this workshop:
- Learn about commonly-used Command and Control (C2) channels including HTTP and DNS.
- Make use of open-source tools to detect C2 traffic.
- Explore how threat actors use legitimate services, like Dropbox, to hide C2 traffic, through demonstrations with F-Secure's C3 framework.
Access the guides here:
C2 and exfiltration - Lab guide 1
C2 and exfiltration - Lab guide 2
C2 and exfiltration - Lab guide 3
