With cyber threats on the rise, ransomware tactics are affecting small, medium, and large enterprises alike. While state-sponsored adversaries are attempting to obtain access to your most precious crown jewels, this six-part journey will start off with an analysis of recent attacks through in-depth case studies. The course will explain the types of occurring attacks and introduce formal descriptions of adversary behaviour such as the Cyber Kill Chain and the MITRE ATT&CK framework. In order to understand how attacks work, you will also compromise the virtual organisation "SYNCTECHLABS" in section one exercises. In sections two, three, four and five, the course will discuss how effective security controls can be implemented to prevent, detect, and respond to cyber attacks.

Learning Outcome

SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defences will arm you with the knowledge and expertise you need to overcome today's threats. Recognising that a prevent-only strategy is not sufficient, the course will also introduce security controls aimed at stopping, detecting, and responding to your adversaries.

Who should Attend?

  • Security architects and security engineers: better understand how the defences they put in place make an impact on adversary operations
  • Red teamers and penetration testers: better understand how blue team techniques could stop their attacks
  • Technical security managers: understand what security controls should be prioritised
  • Security Operations Center analysts and engineers: better understand how they can detect adversary techniques
  • Individuals looking to better understand how persistent cyber adversaries operate and how the IT environment can be improved to better prevent, detect, and respond to incidents

Eligibility Criteria

Participants should:

  • Be experienced with Linux and Windows from the command line (including PowerShell)
  • Be familiar with Windows Active Directory concepts
  • Have a baseline understanding of cyber security topics
  • Have a solid understanding of TCP/IP and networking concepts
This course is endorsed under Critical Infocomm Technology Resource Programme Plus (CITREP+) Programme.
To find out more about CITREP+ Funding, please refer to Programme Support under CITREP+ page

Information is accurate as of 30 December 2019