Blue Team Incident Response Training

September 19, 2022

Background
share close
Details
Date September 19, 2022 H 16:00
End September 23, 2022 H 19:30
Book event
Sign up here
Add to Google Calendar

Click here to add this event to your google calendar

About the event

The best way in our opinion to learn to how to respond to incidents is knowing how to cause one.

At Mjolnir Security, all training courses include Capture the Flag (CTF) games where learners get to practice hacking specialized systems. This helps learners understand how to compromise a system, once they learn how to perform the compromise, they can better see what the logs looked like on the defenders side, eventually performing the role of Incident Responders.

Our next batch of Incident Response training is scheduled to begin Sept 19th 2022. It will run Monday – Friday till Sept 23rd from 4pm – 7.30pm EST

Our standard agenda is:

  • Day 1: We will attack specially hosted class websites (and the servers they are hosted on) using different online and offline methods. Some are traceable in logs, some aren’t directly. We will also use custom built Kali linux installed as a virtual machine to attack the servers live during class. We will review the attacks as they happen in real-time against the target systems. You will be introduced to a SOC environment that is specifically setup for this class.
  • Day 2: We will review the attacker activities and track/trace the attacker’s activities using Sumologic’s Cloud Analytics platform. Now that you would have experienced how the attackers actually attack, you can see what you can understand and analyze from the investigators end. You will learn how to perform threat hunting. In our targets we have Windows logs, IIS logs, Apache logs and Linux logs. You will learn what each log is, what is the use,  the relevance and how to interpret/analyze them to find relevant and actionable intelligence. This will include threat intelligence correlation and attribution.
  • Day 3: While the attacks are ongoing (our attacks and worldwide random attackers), we will take advantage of Sumologic’s Cloud SIEM to identify attack activity, general internet traffic and lateral movement which you will analyze to determine what is an attack and then trace it back to the attacker. You will learn how to identify threats over the network with OSINT tools.
  • Day 4: Malware analysis and signature creation (YARA and Sigma rules). You will learn how to create signatures for malware and attacks you have analyzed so far to run your own scans to detect threats. You will be introduced to Nextron System’s tool called THOR. Outside of Marvel cinematic universe, it is Mjolnir that uses Thor!
  • Days 5: Deep hunting of all malicious activity using SentinelOne. Followed by an Incident Response report. This report will be made using our standard reporting template utilizing all activities performed over the week.

The lab infrastructure includes VPN access to a secure training environment, Threat Intelligence aggregators, Big Data SOC tools, Virtual Machines (all tools pre-installed) that you can keep for reuse in your own investigations and more.

Lab tooling will include full and enterprise licenses for:

  1. Sumologic Cloud Analytics
  2. Sumologic Cloud SIEM
  3. Nextron System’s THOR
  4. SentinelOne

 

What you will get:

  • Our curriculum is a mix of what our lead trainer teaches in his role as a Professor at George Brown College’s (Toronto) Cyber Security Program and what we have experienced in our work during Incident Response investigations with clients.
  • Often when we are called for a cyber incident, we encounter clients and individuals who have never received any formal training on how security incidents are caused and thus do not know where to start from for the response. As a learning outcome of this training, you will learn all the common methodologies by which current threat actors infiltrate organizations and how to mitigate against their threats.
  • You will leave with your very own toolkit using which you can write security advisories, pull apart malware to write and run your own anti-malware signatures, perform the full extent of Incident Response analysis from your own private lab.
  • You will get the ability to write your own malware signatures to protect your organization instead of having to wait for your Security Providers/Vendors to take a few days to prepare mitigation measures for you. Thereby severely reducing the mean time to defend your network against the attacker by a matter of days!
  • At the end, there will be a certificate for attendance as well as a secondary certificate for those who write the incident report, thus marking a completion of the course.

Our training to Law Enforcement agencies is always FREE! But we do have costs to recoup, this is why we have made a pay what you can ticket option. Please goto the eventbrite link below and pick what you are comfortable with paying.

If you or a friend is in Law Enforcement and wants to sign up, please reach out to us [email protected] and mention what agency and unit you are with.

For everyone else, please use this link to sign up – https://www.eventbrite.ca/e/blue-team-incident-response-training-tickets-393153361287