Defending the Enterprise w/ Kent Ickler and Jordan Drysdale – (16 Hours)

Defending the Enterprise w/ Kent Ickler and Jordan Drysdale

Instructors: Kent Ickler and Jordan Drysdale


For the luckiest of enterprises, the awareness of an insecure environment is proven not in public discord after a breach but instead by effective security penetration tests. Time and time again Jordan and Kent have witnessed organizations struggle with network management, Active Directory, organizational change, and an increasingly experienced adversary.

For new and legacy enterprises alike, Defending the Enterprise explores the configuration practices and opportunities that secure networks, Windows, and Active Directory from the most common and effective adversarial techniques. Have the confidence that your organization is prepared for tomorrow’s security threats by learning how to defend against network poisoning, credential abuse, exploitable vulnerabilities, lateral movement, and privilege escalation.

Learn cost-effective mitigations to contemporary adversarial attacks:

  • Credential Abuse
    • Password Reuse
    • Password Sprays / Password Brute-Force
    • Pass-The-Hash
    • Credential Dumping
    • Kerberos Abuse
  • Network Protocol Poisoning
    • LLMNR, LNK, NBNS
    • NTLM Hash Theft / SMB
  • Security Authorization and Delegation Abuse (Active Directory Control Paths)
  • Process Injection and Manipulation
    • Process Hollowing and Side-Loading
    • Remote Code Execution
    • Command and Control
    • Persistence
  • Enterprise Landscape and OSINT
    • Data Exposure / File-Share Abuse
    • System Information Discovery

The best defended networks are those which have matured from countless penetration tests and security incidents. Learn from Kent and Jordan, two seasoned offensive and defensive security experts, to shortcut your organization’s security posture into a well-fortified fortress.


KEY TAKEAWAYS

In this course, students will learn how to:

  • Build a managed secure Active Directory operational environment
  • Deploy effective security controls and strategic change management
  • Defend against the most common and effective adversarial techniques
  • Prepare for an effective security penetration test
  • Understand security risks and defensive mitigations

WHO SHOULD TAKE THIS COURSE

This course is a must for corporations just bringing their information security program online and for organizations seeking to improve their security posture. This course will prepare an organization for detecting and defending against modern attackers, for penetration tests, and for any security audit or compliance framework.

Organizations looking to effectively defend their information security operations without costly additional administrative overhead will also benefit from the demonstrated defensive methodology. Defending the Enterprise provides budget conscious solutions that limit and reduce additional product licensing costs. The tools and techniques demonstrated in this course will also supplement an organization’s existing software and tools that may be underutilized or not utilized at all.

The following types of individuals may also find this course of interest:

  • IT Systems Administrators
  • IT Security Management and Leadership
  • Helpdesk Technicians and Analysts
  • Network Engineers
  • Information Security Professionals
  • General Security Practitioners and Enthusiasts
  • Active Directory / Windows Engineers

AUDIENCE SKILL LEVEL

Students should have general Windows operating knowledge. Ideally, students should be in a position to make lasting changes to a Windows Active Directory environment. A motivated student will be ready to learn best practice configurations, build system security policies, manage strategic change, and operate defensive controls to stop adversarial attack chains.


COURSE PREREQUISITES

Prior to attending the course, students should have:

  • Some experience with Active Directory
  • The ability to access RDP (Remote Desktop)
  • A GitHub account to access course content

WHAT STUDENTS WILL BE PROVIDED WITH

  • Access to digital copy of course content, including all of the labs, slide decks, sample packet captures, and other course-related artifacts
  • Access to course recordings
  • Best practice guides, cheat sheets, syntax cards (digital)
  • Six months of free access to the Antisyphon Cyber Range
  • A certificate of completion

TRAINERS & AUTHORS

Jordan Drysdale
Jordan was around for the inception of Napster and the explosion of P2P networks. This drove his fascination with network systems and led him toward a career in IT. Jordan’s first gig in the industry included supporting Latin American networking customers for Hewlett Packard’s network support division. After five years of support, engineering, training, and stress, Jordan became a wireless escalations team lead and multi-vendor certified problem solver. With kids in tow, Jordan headed back toward the Dakotas to be nearer extended family and friends where he learned Citrix, VMware, VDI, supported Cisco gear, implemented profile management solutions, deployed remote networks at scale, and ensured performance across infrastructure. Before becoming a penetration tester, Jordan supported multiple (50+) domains as part of an MSSP’s rock star team. Solutions utilized included HP Networking, FortiGate/FortiManager/FortiWeb/FortiAnalyzer et al., Cisco ASA, HP DL/GL/ML, Dell, VMware, NetApp, and the list goes on. For the last five years, Jordan has been a penetration tester with the Black Hills InfoSec team.

 

Kent Ickler
Kent started his Information Technology career working for an Internet Service Provider supporting the MidWest’s broadband initiatives of the early 2000s. His interest in technology and business operations drove his career into working for multiple Fortune 500 companies and equipping their organizational leadership with business analytical data that would support their technology initiatives. With his continued interest in Business Operations, Kent completed his postgraduate education in Business Management. With an understanding of Information Technology, System Administration, Accounting, and Business Law, Kent has helped businesses leverage technology for competitive advantage while balancing the risks associated with today’s dynamic network environments. Kent has been with Black Hills Information Security for three years in security and administration roles.

 

In addition to their Security Analyst roles at Black Hills Information Security, Jordan and Kent are Co-Founders of Defensive Origins…a cyber-security research, training, and consulting institution designed to assist Information Security professionals, Systems Administrators, and Organizational Leadership in developing, operating, and maintaining efficient secure network operations. Both Jordan and Kent have presented at multiple conferences, webcasts, and television programs, as well as written blogs discussing the importance of Network Security, Internet Privacy, and the importance of balancing Information Security business risk in today’s organizations.

AGENDA

Includes: Four days of fast-paced interactive learning

  • A Methodology for Continuous Defensive Operations Improvement
  • Review of Enterprise Threat and Risk Optics
  • Introduction to MITRE ATT&CK
  • Introduction to Threat Optics, Including Logging and Alerting
  • Discussion of Design and Implementation of Network Defenses
    • Enterprise Security Baseline
      • Inventory Control
      • Network Poisoning
      • Authentication and Authorization
    • Active Directory Best Practices
      • Naming Conventions
      • Group Membership
      • Group Policies Objects
      • Domain Trusts
      • Hybrid Environments
      • Enforced Network Security Controls
    • Windows & Active Directory Security Hardening (Advanced and In Depth)
      • Managing Privileged (Administrative) Permission
        • User Account Privilege Separation
        • Local Administrator Password Solution (LAPS)
      • Application Control
      • Protocol Control (LLMNR, NBNS, SMB, WMI)
      • Authentication Control
      • User-Behavior Control
      • Audit Policies
      • Authentication Storage
      • Kerberoasting
      • Active Directory Control Paths
      • Credential Integrity
    • Approach to Effective Security Change Management
      • Building and Maintaining Inter-Departmental Relationships
      • Managing Change of a Progressive Security Posture
    • Introduction to Active Defense Technology
    • Interactive Exercise Labs (Attack / Detect / Defend Style)
      • Threat Optics
      • Kibana
      • BloodHound
        • PlumHound
        • NetCease
        • Session Management
      • CMD / PowerShell
        • Application Controls
      • Password Spray
        • Password Policies
        • UEBA
      • Pass the Hash
        • Protected Users
        • SMB Signing
      • LLMNR / NBNS / LNK Poisoning
        • Firewall Policies
        • NTLMv2 Restrictions
        • Network Logons
      • Kerberoasting
        • Honey Accounts
      • Command and Control
        • Network Controls
        • Wireshark
      • SysInternals Lab
        • ADExplorer
        • BGInfo
        • ProcDump
        • PSExec

COURSE SCHEDULE

Dates/Times:

Tue, June 15, 2021 9:00 AM – 5:00 PM PDT

Wed, June 16, 2021 9:00 AM – 5:00 PM PDT

Event Type: In Person

Event: Way West 2021

Location: Nugget Casino Resort, Sparks, NV

Register to attend this course in-person here

Dates/Times:

Tue, July 13, 2021 11:00 AM – 4:00 PM ET

Wed, July 14, 2021 12:00 PM – 4:00 PM ET

Thu, July 15, 2021 12:00 PM – 4:00 PM ET

Fri, July 16, 2021 12:00 PM – 4:00 PM ET

Event Type: Virtual

Register to attend this course virtually here

Join the Wild West Hackin’ Fest Discord server to stay updated on future training and webcasts: Join Our Server!