Attack Emulation tools help you measure, monitor and improve your security controls by executing scripted attacks. Atomic Red Team and CALDERA are two open source attack emulation projects that are mapped directly to the Mitre ATT&CK Framework. This class will provide an overview of the Mitre ATT&CK framework and give you in-depth, hands-on knowledge of how to execute scripted attacks that exercise many of the techniques defined in Mitre ATT&CK. You will be provided with hands-on lab instructions for emulating a variety of attacks and creating visualizations using Mitre ATT&CK Navigator. At the end of this class you will have the knowledge and tools to begin executing simulated attacks within your own test environment where you can create and validate detections in a script-able and consistent way. Whether you are a student of information security or a seasoned red teamer or network defender there is something to learn from getting involved with in the Attack Emulation space and this course will help you do that.

Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.

Learn more about this course

Modern WebApp Pentesting is unique in its approach to testing webapps. Too many courses are built around the assumption that a webapp pentester’s skills should grow along a straight line, starting with something like the OWASP Top Ten and culminating in something like Attacking Web Cryptography. Real webapps don’t follow that same path, and neither should real webapp pentesters. Attacking Web Sockets is not more difficult than attacking HTTP traffic, it’s just different. Web APIs are not something you’re qualified to test only after you’ve put your time in on traditional webapps … they’re just different.

Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.

Learn more about this course

Applied Purple Teaming (APT) will first introduce students to threat optics on Windows systems. This course will provide instruction for configuring and installing Sysmon to gather endpoint logs. Students will also be introduced to Windows Audit Policies and will get to deploy a high visibility audit policy stack. Windows Event Collection and Forwarding will be implemented to demonstrate the free Windows logging stack built in and licensed under the existing agreement you have with Microsoft. The event collector will finally be configured to ship logs to the Hunting ELK (HELK) where students will get to review threat optics using Kibana. The majority of the class will be iterating through the TTPs of a standard pentest to demonstrate effective logging and detections against some attacks that are challenging to detect. The Atomic Purple Team lifecycle will be used to attack, hunt and detect, and defend against all of the attacks! Come join us for another round of APT with updated materials and to have a great time in the Wild West!

Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.

Learn more about this course

We will spend most of this class analyzing pcap files for Command and Control (C2) communications in order to identify malware back channels. It is assumed that the student will already understand the basics of network threat hunting, so we can immediately jump into applying that knowledge. The goal will be to create a threat hunting runbook that you can use within your own organization in order to identify systems that have been compromised.

Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.

Learn more about this course

Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.

Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.

Learn more about this course

This training walks through a complete penetration testing methodology of cloud-based infrastructure. Starting with no information other than the company name you will learn to discover what cloud-specific assets your target is using. Following the enumeration of cloud services, you will learn how to discover misconfigurations that commonly expose sensitive data as well as a thorough understanding of how to get an initial foothold into a cloud-based organization.

Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.

Learn more about this course