Buy tickets for Detection Engineering for Windows endpoints on Zoom and Discord

Mon 15 Mar 2021 2:00 PM - Thu 18 Mar 2021 6:00 PM CET

€1,950.00 + €0.00 booking fee
€1,950.00 €0.00

Subtotal: 0.00

Detection Engineering for Windows endpoints image

Online specialist training

Detection engineering is a methodology to research, develop and improve your detection capabilities. The Detection Engineering for Windows training brings you up-to-speed in 4 half-day sessions.

Trainers: Olaf Hartong and Henri Hambartsumyan.

Training description:

Building good analytics and automated detection capabilities require a detailed understanding of attackers and their known or expected behavior. By understanding the different tools and techniques used by attackers and what indicators can be extracted, better detection capabilities can be developed. This process is called Detection Engineering and it is a crucial aspect to be truly effective at discovering attackers in your network.

This instructor-led training focuses on the entire detection engineering cycle. Guiding participants in defining a scope, researching the relevant (sub-)techniques, building the detection analytic, investigating which logs can be utilized, and validating the resilience of the analytic against evasion.

The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations. The student is free to decide whether to perform the hands-on exercises using either Splunk or Azure Sentinel. While hands-on exercises focus predominantly on the endpoint, the methodology can be applied to any part of an infrastructure.

To allow maximum flexibility with your busy schedules, we have planned the training in 4 consecutive half-day sessions (constituting to a total of 16 hours).

Requirements:

Students should be familiar with Windows and have basic PowerShell experience. Furthermore, at least some experience with Splunk or Azure Sentinel and their respective query languages is required. To be able to connect to our lab environment, students should be able to use Microsoft RDP (Remote Desktop Protocol) via the Internet on port 3389 TCP. Last but not least: the training will be facilitated via Discord and Zoom.

Training date:

This training is facilitated in 4 half-day sessions, from Monday 15 March to Thursday 18 March, each day from 2 PM CET to 6 PM CET.

Signing up and payment:

Interested in this training? Sign up on this page!

The following pricing is applicable to this training:

  • General ticket: EUR 1.950

Note: all prices listed are including applicable VAT.

Payments can be done by credit card right on our TicketTailor event page.

Do you have any questions, inquiries or special requests (signing up multiple people from one company / private and on-site trainings)? Please contact us at training@falconforce.nl

Overview of training contents:

  • Introduction
  • MITRE ATT&CK
  • Detection engineering principles & theory
  • Information resources and using threat information
  • Understanding your data
  • Developing hypothesis
  • Researching technology and techniques
  • Detection development techniques
  • Creating analytics
  • (Open source) tooling
  • Resilient detections
  • Detection improvement and validation

Tools used:

  • Loads of Windows applications
  • PowerShell
  • Splunk / Azure Sentinel
  • Windows 10 Virtual Machine
  • Sysmon