Trainingen

This intensive five-day online course is designed to teach the fundamental investigative techniques needed to respond to today’s cyber threats. The fast-paced course is built upon a series of hands-on labs that highlight the phases of a targeted attack, sources of evidence and principles of analysis. Examples of skills taught include how to conduct rapid triage on a system to determine whether it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms and investigate an incident throughout an enterprise. 

This training is powered and delivered by Mandiant

This training has been postponed due to the corona crisis until further notice when we have found a new date.

'Threat Hunting' is all the new buzz.. 

But what defines Threat Hunting, and what not?

This technical training is the right choice for everybody interested in getting beyond the buzzwords. Combining a large and private hands-on lab and having instructors experienced in both offensive and defensive security, you will leave this training excited and prepared for Threat Hunting.

This course is powered and delivered by the experts of Outflank

This two-day knowledge-packed training is a deep-dive into the inner workings and security of Windows and Active Directory. This training will help you to understand and implement security controls that aid in stopping or detecting modern attacks attack techniques used by red teams and targeted attackers.

Combining a large and private hands-on lab and having instructors with over 12+ year’s experience in breaking into Windows networks, you will leave this training excited and prepared for the next steps in Windows and AD security.

This course is powered and delivered by the experts of Outflank

Detection engineering is a method to build and improve your detection capabilities. The Detection Engineering for Windows training brings you up-to-speed in two days.

To help building proper analytics and automated detection capabilities requires an understanding of the techniques and tooling an attacker utilizes, the various options they can use, and what kind of indicators can be extracted from them. This process is called Detection Engineering and it is a *crucial* factor in the whole chain to be truly effective in being able to catch any attacker in your network.

Additional to a solid prevention program, you will have the need for visibility of attacks. This requires developing solid detections. Regardless of the form (a hunt, an alert rule, or some other form of risk-based trigger), detection engineering entails a lot more than randomly digging through data or copy pasting queries you've found on the internet.

This 2-day training focuses on the whole detection engineering cycle, from defining an analytic to researching the relevant techniques to building the detection logic, researching which logs can be utilized and validating its resilience in attempts to bypass it.

Log data obviously has a very important role here; getting to know your data in-depth and understanding what a system can generate will allow you to focus your detective capabilities as well as utilize your data as efficient as possible. After executing multiple variants of an attack, we will examine all available data to see what kind of indicators were generated and which ones are of use with an acceptable false positive rate. This might involve more data than an organization generally onboards. In some cases, the data can be onboarded while in other cases the risk will have to be accepted due to a high volume or false positive rate.

This training consists of several hands-on exercises for the students to get used to the detection engineering methodology and to start implementing this in their organizations.

This training is powered and delivered by FalconForce

As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.

To minimize that gap we have developed a 2-day course with practical use cases, based on real world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling on the following:

• B2B web and mobile applications, sharing the same REST backend
• An Internet of Things (IoT) deployment with an on-premise gateway and a cloud-based update service
• OAuth scenarios for an HR application
• Privacy of a new face recognition system in an airport
   

After each hands-on workshop, the results are discussed, and students receive a documented solution. Based on our successful trainings in the last years, we released this advanced threat modeling training at Black Hat USA 2019.

This course is aimed at software developers, architects, system managers or security professionals. Before attending this course, students should be familiar with basic knowledge of web and mobile Applications, databases & Single sign on (SSO) principles. The students should bring their own laptop to the course.

This course is powered and delivered by the experts of Toreon

Get ready for a 3-day knowledge intensive training that teaches you how to defend against the modern offensive techniques that red teams and targeted attackers use.

We’re not going to bother you with the default tools of penetration testers. And you should forget about the out-of-the-box rules in your SIEM that trigger endless false positives. But we are going to feed you with the latest knowledge, tools and techniques of modern targeted attacks that help you become a better defender.

This course is powered and delivered by the experts of Outflank

We are organising this exclusive 2-day course for security professionals who want to take the next steps in improving their cyber defense skills. For organisations it is crucial to know how good they are at defending themselves against cyber attacks. Do you know the effectiveness of your current level of cyber defense and where you could improve?

The MITRE ATT&CK framework allows you to answer these and many more questions, and enables you to start making the right improvements. ATT&CK is an online knowledge base of adversary behaviours based on real-world observations.

This training is powered and delivered by MB Secure & Sirius Security.