Advanced detection engineering in the enterprise
Overview:
This training - facilitated by trainers from FalconForce - focuses on the entire methodology of a detection engineering cycle. We guide participants in defining a scope, researching the relevant (sub-)techniques, building the detection analytic, investigating which logs can be utilised, and validating the resilience of the analytic against evasion.
The training covers a full, realistic attacker scenario in an enterprise environment: from the endpoint, through the Active Directory and into the cloud environment.
This training is led by experienced instructors from FalconForce that teach students to:
Our training is intended for mid and senior level detection engineers / threat hunters / red teamers. The methodology will also enable anyone with a hands-on role in security to learn more to improve the security posture of a company.
Requirements:
Training date and location:
The training is facilitated in-person. The venue has been kindly supplied in partnership with TAFE Queensland at the South Bank Campus.
Location details can be found here: TAFE Queensland South Bank
Lunch:
Lunch is included with this course. There are also a selection of restaurants and cafes in the area.
Signing up and payment:
Interested in this training? Sign up through the link below! The following pricing is applicable to this training:
Note: all prices listed are excluding applicable GST except where explicitly listed. Latest ticket sales date is 1 December, 2024 at 3 PM AEST or until sold out.
Payments can be done by credit card, via the following link:
Tickets
Your company has performed a red teaming exercise to test your resilience against a realistic attack. After the engagement, it turns out a lot of techniques and procedures performed by the red team were not detected by your current detections. You have received the red teaming report and have been tasked to develop additional detection capabilities that will detect the behavior of used techniques and procedures in the future.
Building resilient and automated detection capabilities require a detailed understanding of attackers and their known or expected behavior. By thinking like an attacker, understanding the different techniques and procedures used by attackers and what indicators can be extracted, better detection capabilities can be developed. This process is called Detection Engineering and it is a crucial aspect to be truly effective at discovering attackers in your network.
This training - facilitated by trainers from FalconForce - focuses on the entire methodology of a detection engineering cycle. We guide participants in defining a scope, researching the relevant (sub-)techniques, building the detection analytic, investigating which logs can be utilised, and validating the resilience of the analytic against evasion. Maintenance, testing and improvement is part of proper engineering as well as documentation. What to do when an alert triggers is as important to describe as what you are trying to detect in the first place.
The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises, in which the students execute all attacks themselves in a dedicated lab environment. These exercises are extensively documented in our lab guide and provide the option to get hints and (partial) solutions where needed. This allows the students to get familiar with the detection engineering methodology and prepare them to start implementing this practice at their organisations.