Assumed Compromise
This course will deep dive into what we call threat optics: auditing endpoints, centralizing logs, and visualizing results.
Assumed Compromise – A Methodology with Detections and Microsoft Sentinel is for you if:
You need a methodology for assessing networks and domains. You want to improve the efficiency of your red and blue teams. You have an interest in threat optics. You want to implement a methodology for improving business processes around your security culture. Your business executives require ROI data to warrant further capital expenditure on threat-optic and threat-hunting initiatives. You want to see Azure Sentinel’s threat visualizations in near real-time.
You have interest in modern post-exploitation and pentest-related activities, including:
- Active Directory Certificate Services
- Command and Control
- Credential Attacks
- Impacket’s Heavy Hitters
- Kerberoasting
- Shadow Credentials
- Threat actor TTPs
You have interest in deception techniques and detection engineering, including:
- Honey accounts and service principals
- BloodHound and Kerberoasting detections
- Password spray and credential attack detects
- Certificate request and KeyCredentialLink auditing
- Real world attacker attribution using services
Assumed Compromise: This is an Active Directory post-exploitation course where students can walk through penetration testing methodology with two well-seasoned veterans. The courseware is entirely lab based and most of those labs are based on attacks used as part of an industry proven penetration testing methodology.
Trainers: Kent Ickler and Jordan Drysdale
Kent started his Information Technology career working for an Internet Service Provider supporting the MidWest’s broadband initiatives of the early 2000s. His interest in technology and business operations drove his career into working for multiple Fortune 500 companies and equipping their organizational leadership with business analytical data that would support their technology initiatives. With an understanding of Information Technology, System Administration, Accounting, and Business Law, Kent has helped businesses leverage technology for competitive advantage while balancing the risks associated with today’s dynamic network environments. Kent has been with Black Hills Information Security for three years in security and administration roles.
Jordan Drysdale has been with the Black Hills Information Security (BHIS) tribe since December 2015. He is a Security Analyst, as well as a member of the systems administration team. Jordan came to BHIS with a strong background, including many years in networking tech support and engineering for HP, UNi, and Managed Services — he never stops learning and sharpening his skills.