Instructors: Kent Ickler and Jordan Drysdale
Mon, Nov 2, 11:00 AM – 4:00 PM EST
Tue, Nov 3, 12:00 PM – 4:00 PM EST
Wed, Nov 4, 12:00 PM – 4:00 PM EST
Thu, Nov 5, 12:00 PM – 4:00 PM EST
Applied Purple Teaming (APT) will first introduce students to threat optics on Windows systems. This course will provide instruction for configuring and installing Sysmon to gather endpoint logs. Students will also be introduced to Windows Audit Policies and will get to deploy a high visibility audit policy stack. Windows Event Collection and Forwarding will be implemented to demonstrate the free Windows logging stack built in and licensed under the existing agreement you have with Microsoft. The event collector will finally be configured to ship logs to the Hunting ELK (HELK) where students will get to review threat optics using Kibana. The majority of the class will be iterating through the TTPs of a standard pentest to demonstrate effective logging and detections against some attacks that are challenging to detect. The Atomic Purple Team lifecycle will be used to attack, hunt and detect, and defend against all of the attacks! Come join us for another round of APT with updated materials and to have a great time in the Wild West!
Learn more about this course
Register here | Return to top