Advanced Detection Engineering in the Enterprise

Building resilient and automated detection capabilities require a detailed understanding of attackers and their known or expected behavior. By thinking like an attacker, understanding the different techniques and procedures used by attackers and what indicators can be extracted, better detection capabilities can be developed. This training focuses on the entire methodology of a detection engineering cycle. We guide participants in defining a scope, researching the relevant (sub-)techniques, building the detection analytic, investigating which logs can be utilized, and validating the resilience of the analytic against evasion. Maintenance, testing and improvement is part of proper engineering. The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises, in which the students execute all attacks themselves in a dedicated lab environment. The training covers a full, realistic attacker scenario in an enterprise environment: from the endpoint, through the Active Directory and into the cloud environment.