Antisyphon Training

Antisyphon offers a wide variety of information security training courses tailored to beginners and seasoned professionals alike. WWHF proudly offers Antisyphon training throughout the year. On this page, you can find a list of courses offered by Antisyphon.

Please click here for a list of upcoming training courses.

Antisyphon Training Courses:

  • Active Defense & Cyber Deception w/ John Strand

    16 Hours

    Course Description: Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.

    Learn more about this course.

  • Advanced Network Threat Hunting w/ Chris Brenton

    16 Hours

    Course Description: We will spend most of this class analyzing pcap files for Command and Control (C2) communications in order to identify malware back channels. It is assumed that the student will already understand the basics of network threat hunting, so we can immediately jump into applying that knowledge. The goal will be to create a threat hunting runbook that you can use within your own organization in order to identify systems that have been compromised.

    Learn more about this course.

  • Applied Purple Teaming w/ Kent Ickler and Jordan Drysdale

    16 Hours

    Course Description: Applied Purple Teaming (APT) will first introduce students to threat optics on Windows systems. This course will provide instruction for configuring and installing Sysmon to gather endpoint logs. Students will also be introduced to Windows Audit Policies and will get to deploy a high visibility audit policy stack. Windows Event Collection and Forwarding will be implemented to demonstrate the free Windows logging stack built in and licensed under the existing agreement you have with Microsoft. The event collector will finally be configured to ship logs to the Hunting ELK (HELK) where students will get to review threat optics using Kibana. The majority of the class will be iterating through the TTPs of a standard pentest to demonstrate effective logging and detections against some attacks that are challenging to detect. The Atomic Purple Team lifecycle will be used to attack, hunt and detect, and defend against all of the attacks! Come join us for another round of APT with updated materials and to have a great time in the Wild West!

    Learn more about this course.

  • Attack Emulation Tools: Atomic Red Team, CALDERA and More w/ Darin and Carrie Roberts

    16 Hours

    Course Description: Attack Emulation tools help you measure, monitor and improve your security controls by executing scripted attacks. Atomic Red Team and CALDERA are two open source attack emulation projects that are mapped directly to the Mitre ATT&CK Framework. This class will provide an overview of the Mitre ATT&CK framework and give you in-depth, hands-on knowledge of how to execute scripted attacks that exercise many of the techniques defined in Mitre ATT&CK. You will be provided with hands-on lab instructions for emulating a variety of attacks and creating visualizations using Mitre ATT&CK Navigator. At the end of this class you will have the knowledge and tools to begin executing simulated attacks within your own test environment where you can create and validate detections in a script-able and consistent way.

    Whether you are a student of information security or a seasoned network defender there is something to learn from getting involved in the Attack Emulation space and this course will help you do that.

    Learn more about this course.

  • Breaching the Cloud w/ Beau Bullock

    16 Hours

    Course Description: This training walks through a complete penetration testing methodology of cloud-based infrastructure. Starting with no information other than the company name you will learn to discover what cloud-specific assets your target is using. Following the enumeration of cloud services, you will learn how to discover misconfigurations that commonly expose sensitive data as well as a thorough understanding of how to get an initial foothold into a cloud-based organization.

    Learn more about this course.

  • Enterprise Attacker Emulation and C2 Implant Development w/ Joff Thyer

    16 Hours

    Course Description: This class focuses on the demonstration of an Open Command Channel framework called “OpenC2RAT”, and then developing, enhancing, and deploying the “OpenC2RAT” command channel software into a target environment. Students will learn about the internal details of a command channel architecture and methods to deploy in an application-whitelisted context. The class will introduce students to blocks of code written in C#, GoLang, and Python to achieve these goals. In addition, the class will introduce some ideas to deploy existing shellcode such as Cobalt Strike Beacon or Meterpreter within a programmed wrapper to enhance success in the age of modern endpoint defense. Many of the techniques introduced in this class can be used to evade modern defense technologies.

    Learn more about this course.

  • Getting Started in Security with BHIS and MITRE ATT&CK w/ John Strand

    16 Hours

    Course Description: This 16-hour (4-days, 4-hour sessions) information security training class is designed for people who are new to computer security. We will cover the core fundamentals with lots of hands-on labs demonstrating the attacks and defenses every security professional must know to be successful.

    Learn more about this course.

  • Modern WebApp Pentesting w/ BB King

    16 Hours

    Course Description: Modern WebApp Pentesting is unique in its approach to testing webapps. Too many courses are built around the assumption that a webapp pentester’s skills should grow along a straight line, starting with something like the OWASP Top Ten and culminating in something like Attacking Web Cryptography. Real webapps don’t follow that same path, and neither should real webapp pentesters. Attacking Web Sockets is not more difficult than attacking HTTP traffic, it’s just different. Web APIs are not something you’re qualified to test only after you’ve put your time in on traditional webapps … they’re just different.

    Learn more about this course.

  • Security Leadership and Management w/ Chris Brenton

    16 Hours

    Course Description: “Security” is arguably one of the most challenging disciplines to move from being an individual contributor (IC) to being a manager. While security ICs can perform most tasks in isolation, a manager needs to regularly interact with people both inside and outside of the team. Further, “security” has its own language which can be completely foreign to people outside of the discipline. How do you take security concerns and convert them into a language that senior leaders and “C” levels can understand? Honing these skills will be the primary objective of this course.

    Learn more about this course.

  • SOC Core Skills w/ John Strand

    16 Hours

    Course Description: This 16-hour (4-days, 4-hour sessions) information security training course will cover the core security skills all Security Operation Center (SOC) analysts need to have. These are the skills that all Black Hills Information Security (BHIS) SOC team members need to have.

    Learn more about this course.