Assumed Compromise – A Methodology with Detections and Microsoft Sentinel

Schedule

Wed, 16 Apr, 2025 at 08:00 am to Thu, 17 Apr, 2025 at 05:00 pm

UTC-04:00

Location

NineStar Connect | Greenfield, IN

Advertisement
This is an Active Directory post-exploitation course where students can walk through penetration testing methodology.
About this Event

Assumed Compromise – A Methodology with Detections and Microsoft Sentinel is for you if:

You need a methodology for assessing networks and domains. You want to improve the efficiency of your red and blue teams. You have an interest in threat optics. You want to implement a methodology for improving business processes around your security culture. Your business executives require ROI data to warrant further capital expenditure on threat-optic and threat-hunting initiatives. You want to see Azure Sentinel’s threat visualizations in near real-time.

You have interest in modern post-exploitation and pentest-related activities, including:

  • Active Directory Certificate Services
  • Command and Control
  • Credential Attacks
  • Impacket’s Heavy Hitters
  • Kerberoasting
  • Shadow Credentials
  • Threat actor TTPs

You have interest in deception techniques and detection engineering, including:

  • Honey accounts and service principals
  • BloodHound and Kerberoasting detections
  • Password spray and credential attack detects
  • Certificate request and KeyCredentialLink auditing
  • Real world attacker attribution using services

Assumed Compromise: This is an Active Directory post-exploitation course where students can walk through penetration testing methodology with two well-seasoned veterans. The courseware is entirely lab based and most of those labs are based on attacks used as part of an industry proven penetration testing methodology.

Detections: The course provides configuration walkthroughs for Linux syslog and Windows event log data connectors for Microsoft Sentinel. An introduction to Kusto Query Language and Microsoft Sentinel alerts is provided to demonstrate threat detection. Association between attacker techniques, Windows event IDs, and detection logic is provided for most of the courseware’s attack labs.

Defenses: Students are guided through highly effective Active Directory deception techniques. Deception tech is then used throughout the courseware as a baseline for detecting common Active Directory enumeration like ADExplorer, BloodHound, and Impacket’s GetADUsers.py. Alongside the assumed compromise methodology and detection logic is a thorough discussion of security defenses and best practices.

Advertisement

Where is it happening?

NineStar Connect, 2243 East Main Street, Greenfield, United States

Event Location & Nearby Stays:

Tickets

USD 0.00

NineStar Connect

Host or Publisher NineStar Connect

Tags:

Art in Greenfield

It's more fun with friends. Share with friends

Discover More Events in Greenfield

4th Annual Scotch Doubles Bowling\/Auction
Sat, 26 Apr, 2025 at 05:00 pm 4th Annual Scotch Doubles Bowling/Auction

1539 W Main St, Greenfield, IN 46140-2704, United States

SPORTS NONPROFIT
Self Advocates Club
Wed, 11 Sep, 2024 at 05:00 pm Self Advocates Club

Community Foundation of Hancock County

COOKING WORKSHOPS
Toddler Class
Fri, 10 Jan, 2025 at 04:30 pm Toddler Class

Bradley Hall Events

WORKSHOPS ART
Line Dancing Class \u201cHoedown @ The Bear\u201d Fundraiser Event
Mon, 10 Feb, 2025 at 06:30 pm Line Dancing Class “Hoedown @ The Bear” Fundraiser Event

21 W North St, Greenfield, IN

NONPROFIT WORKSHOPS
Greenfield, IN Iron Sharpens Iron Conference
Sat, 12 Apr, 2025 at 08:30 am Greenfield, IN Iron Sharpens Iron Conference

Park Chapel Christian Church

BUSINESS CONFERENCES
Assumed Compromise \u2013 A Methodology with Detections and Microsoft Sentinel
Wed, 16 Apr, 2025 at 08:00 am Assumed Compromise – A Methodology with Detections and Microsoft Sentinel

NineStar Connect

WORKSHOPS ART

What's Happening Next in Greenfield?

Discover Greenfield Events