/APT06202001

Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020

Primary LanguageHTML

Applied Purple Teaming

Infrastructure, Threat Optics, and Continuous Improvement

Defensive Origins Course: APT0602020 June 6, 2020

A Defensive Origins and Black Hills Information Security Collaboration


Who he heck is Defensive Origins? https://defensiveorigins.com/about-us/
Join the Defensive Origins Mailing List: https://register.defensiveorigins.com
Upcoming Defensive Origins Training: https://training.defensiveorigins.com
Upcoming BHIS & WWHF sponsored Training: https://wildwesthackinfest.com/online-training/


Training Schedule

Event Date Cost Registration
Applied Purple Teaming: Infrastructure, Threat Optics, and Continuous Improvement (4 hrs)

Self Hosted Labs Environment

Saturday June 6, 2020
11AM-4PM EDT
FREE!

Sponsored by BHIS & WWHF

Course Information

Applied Purple Teaming
Full three day course, 5.5 hrs per day.


Defensive Origins Hosted Lab Environment

June 30th - July 2nd 2020 $395

Sponsored by BHIS & WWHF

Register

Course Information

Courseware

Section Link
APT: Infrastructure, Threat Optics, Continuous Improvement
Book
PDF
C0100-1: APT Course Introduction PDF
C0310-1: Event Baselines and Sysmon PDF
C0320-1: Event Handlers and Subscriptions PDF
C0330-1: Log Shipping and Event Ingests PDF
C0150-1: Applied Purple Team Lifecycle / Continuous Improvement PDF

Course Content

Component Information
Course Information Course Abstract, Objectives, Schedule
Lab-Build-PreReq Optional Pre-Req Lab

This includes instructions on setting up the optional lab-environment. If you wish to complete the labs during class, have the lab Pre-Reqs completed before class starts.

DomainBuildScripts Optional Pre-Req Lab Domain Scripts

Additional information on building the optional lab
Master: DefensiveOrigins/DomainBuildScripts

Lab-GPOs This section will be covered in class.
These are GPOs that are imported into the lab environment
Lab-Sysmon

Sysmon Batch Fule
sysmon-modular
This section will be covered in class.
Sysmon batch (bat) file.
Note: Due to licensing, it is not possible to include sysmon in the APT repository. Download Sysmon binaries here: Sysmon - ZIP

Sysmon-Modular (olafhartong) - GIT (included)

Lab-WEF-Palantir This section will be covered in class.
WEF configuration static repo for APT.
Master: palantir/windows-event-forwarding
Lab-WinLogBeat This section will be covered in class.
WinLogBeat configuration file for lab.
Note: Due to licensing, it is not possible to include WinLogBeat in the APT repository. Download WinLogBeat binaries here: WinLogBeats

Community Provided Additional Configuration

Component Information
Lab-Template-Vagrant Vagrnat template provided by @ianblenke
NOTE: Defensive Origins has not tested this configuration.

Copyright - All Rights Reserved, Defensive Origins LLC