Cyber Threat Emulation - Initial Access™

Instruction Level

Status

Our courses are designed to cater to different levels of expertise, ensuring that every learner can find a suitable starting point and grow their skills progressively.

Course Duration

Status

Our flexible training arrangements allow you to learn at your best pace without sacrificing instructional quality.

Course Summary

Threat emulation / Red teaming has a become a collection of TTPs and TCCs (Tradecraft Core Concept) to achieve an objective and accelerate detection capabilities while identifying coverage gaps of the opposing component. Red team engagements are a way of approaching a problem set and training analytic thought patterns of those involved. During this course, you will gain the knowledge to not only plan, execute and report on red team engagements but also the critical thought patterns that are needed to adopt a technique rather than a tool set. This course focuses on Initial Access and compromise component of a Red Team engagement.

Course Core Objectives

SOC Immersion Training is designed for Intermediate level cybersecurity and/or hunt team analysts to increase their functional knowledge of analytical thinking & analysis concepts. By using demonstrated real-world attack methodologies in a step-by-step manor, SIT provides analysts with an in-depth understanding of how to analyze attack TTPs, and the ability to construct complex IOCs derived from environment specific threats and constraints. SOC Immersion Training will accomplish these course goals by providing labs taught from an attack specific perspective, coupled with well-designed detection & analysis capabilities to produce forensic evidence from multiple emulated advanced adversary attacks.

Course Differentiators

Our team has identified the following key areas you should consider when picking this course or others within the industry.

Cyber Range
Custom range with complete coverage into each of the key data points required to provide each student with access to a range representative of an enterprise security stack.
Lab Driven
Course is heavily focused around our labs, and lab environment. Instruction consists of short blocks of instruction followed by instructor led demonstrations, then a hands-on student lab
Tangible Metrics
Students will be able to decrease their mean time to detection and show improvements by determining the difference between their pre & post course KPIs
Personnel
Each course is taught by Red and Blue Team SMEs. This combination provides students with various viewpoints of both the offensive and defensive tradecraft.

Testimonials

Alexander Rymdeko-Harvey
was an excellent insight into the tasks of a SOC. Not only did it have actionable lessons on the tools and techniques needed to run a SOC, but also gave insight on ways to improve the operations of the team.
Alexander Rymdeko-Harvey
was an excellent insight into the tasks of a SOC. Not only did it have actionable lessons on the tools and techniques needed to run a SOC, but also gave insight on ways to improve the operations of the team.
Alexander Rymdeko-Harvey
was an excellent insight into the tasks of a SOC. Not only did it have actionable lessons on the tools and techniques needed to run a SOC, but also gave insight on ways to improve the operations of the team.

Skills You Will Obtain

Empower Your Growth: Cyber Threat Emulation - Initial Access™ can enhance your skills and advance your career.

Layered Analysis Methodology
Capability Mapping
Understanding of security capabilities & analysis methods versus tool usage.
Attack Analysis
Develop analysis skills to better comprehend, synthesize, and leverage data to resolve complex attack scenarios.
IOC Signature Development
Identify and create intelligence requirements for IOCs using threat modeling
Artifact Identification
Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, & attack vectors

Prerequisites

  • Entry level of Windows IT principles
  • Entry level of Linux IT principles

Required Materials

- Student will bring a laptop and charger - Student will need a modern Linux, OSX or Windows host - Student will **NOT** need virtualization, it will be supplied

Provided Materials

- Essential cheat sheets for tools and complex analysis tasks - VOD (Video-on-Demand) training course access for 180 days following the class - Certification of completion

Designed For You

This course is a perfect match for these roles.

  • Security engineers
  • Security analysts
  • Security managers
  • SOC analysts
  • CND analysts
  • HUNT analysts
  • Detection engineers
  • Cyber threat investigators