Assumed Compromise – A Methodology with Detections and Microsoft Sentinel

Wed, 16 Apr, 2025 at 08:00 am to Thu, 17 Apr, 2025 at 05:00 pm UTC-04:00

NineStar Connect | Greenfield

NineStar Connect
Publisher/HostNineStar Connect
Assumed Compromise \u2013 A Methodology with Detections and Microsoft Sentinel
Advertisement
This is an Active Directory post-exploitation course where students can walk through penetration testing methodology.
About this Event

Assumed Compromise – A Methodology with Detections and Microsoft Sentinel is for you if:

You need a methodology for assessing networks and domains. You want to improve the efficiency of your red and blue teams. You have an interest in threat optics. You want to implement a methodology for improving business processes around your security culture. Your business executives require ROI data to warrant further capital expenditure on threat-optic and threat-hunting initiatives. You want to see Azure Sentinel’s threat visualizations in near real-time.

You have interest in modern post-exploitation and pentest-related activities, including:

  • Active Directory Certificate Services
  • Command and Control
  • Credential Attacks
  • Impacket’s Heavy Hitters
  • Kerberoasting
  • Shadow Credentials
  • Threat actor TTPs

You have interest in deception techniques and detection engineering, including:

  • Honey accounts and service principals
  • BloodHound and Kerberoasting detections
  • Password spray and credential attack detects
  • Certificate request and KeyCredentialLink auditing
  • Real world attacker attribution using services

Assumed Compromise: This is an Active Directory post-exploitation course where students can walk through penetration testing methodology with two well-seasoned veterans. The courseware is entirely lab based and most of those labs are based on attacks used as part of an industry proven penetration testing methodology.

Detections: The course provides configuration walkthroughs for Linux syslog and Windows event log data connectors for Microsoft Sentinel. An introduction to Kusto Query Language and Microsoft Sentinel alerts is provided to demonstrate threat detection. Association between attacker techniques, Windows event IDs, and detection logic is provided for most of the courseware’s attack labs.

Defenses: Students are guided through highly effective Active Directory deception techniques. Deception tech is then used throughout the courseware as a baseline for detecting common Active Directory enumeration like ADExplorer, BloodHound, and Impacket’s GetADUsers.py. Alongside the assumed compromise methodology and detection logic is a thorough discussion of security defenses and best practices.

Advertisement

Event Venue & Nearby Stays

NineStar Connect, 2243 East Main Street, Greenfield, United States

Tickets

USD 0.00

Discover more events by tags:

Workshops in GreenfieldArt in GreenfieldTheatre in Greenfield

Sharing is Caring:

More Events in Greenfield

Turn Down for What?! 2025
Fri, 25 Apr, 2025 at 08:00 am Turn Down for What?! 2025

Indianapolis IN

Alternatives Inc. - 2025 Donut Dash 5K
Sat, 26 Apr, 2025 at 09:00 am Alternatives Inc. - 2025 Donut Dash 5K

Depot Street Park

4th Annual Scotch Doubles Bowling\/Auction
Sat, 26 Apr, 2025 at 05:00 pm 4th Annual Scotch Doubles Bowling/Auction

1539 W Main St, Greenfield, IN 46140-2704, United States

Greenfield is Happening!

Never miss your favorite happenings again!

Explore Greenfield Events