BLACK HILLS INFORMATION SECURITY, & DEFENSIVE ORIGINS
The Applied Purple Teaming (APT) workshop will introduce attendees to a business methodology for improving organizational security. The course includes an overview of threat optics management on Windows systems. This process will provide instruction for configuring and installing Sysmon to gather endpoint logs. Attendees will also be introduced to Windows Audit Policies and will get to review a high visibility audit policy stack. Windows Event Collection and Forwarding will be discussed to demonstrate the free Windows logging stack built in and licensed under the existing agreement you have with Microsoft. Log shipping will also be discussed in the context of the Hunting ELK (HELK) where students will get to review these threat optics using Kibana.
This workshop is technical in nature, fast-paced, and hands on. Attendees who sign up for labs will have the opportunity to interact with their own domain controller, member server, and a tool-packed Linux installation. PowerShell and command transcription will quickly populate in Kibana and allow attendees to query commands and elevate their detective hunting skills in just a few short hours.
Two structured labs will be guided during the workshop, but attendees will be encouraged to dig deeper and go farther.
- All attendees will be encouraged to use Discord for communication during presentation and for questions about the labs
- All attendees will be provided a registration link for GoToWebinar
- All attendees will be provided a Github link with all workshop materials including:
- slide content
- lifecycle report templates and examples
- credentials and lab access detail