Detailed Course Outline
Module 1: Modern Attack Techniques and Tracing Them
- Discussion: Top attack techniques
- Advanced Persistent Threats
- Initial access vectors
- Phishing – rev shell mail phishing bob
- Valid Credentials– password spray exc.
- Spoofing – DSN Twist
- Vulnerable components (drive by download)
- Weak defaults
- Other vectors Escalation through Windows Services
Module 2: Local Privilege Escalation Techniques and Tracing Them
- Unquoted service path
- Image and DLL manipulation
- Schedule Tasks
- Access Token Manipulation
- SeImpersonate
- SeTcb
- Create User Token
- Process Injection
- DLL Injection and Reflective DLL Injection
- CreateRemoteThread
- Memory Injection
- Other techniques
Module 3: Case Study – Investigating In-Place Attacks
Module 4: Windows Authentication Architecture & Cryptography
- Windows Logon
- Windows Logon Types
- LSASS Architecture
- NTLM
- Kerberos
- SAM Database
- NTDS.dit
- LSA Secrets & gMSA accounts
- Secrets, credentials and Logon Data
- SSP Providers
- Data Protection API
Module 5: Case Study –Investigating Identity Theft
Module 6: Attacks on Identity Infrastructure and Tracing Them
- Pass-the-Hash, OverPTH attacks
- Pass the ticket
- Golden and silver ticket
- Pass the PRT
- Shadow Credentials / NGC
- NBNS/LLMNR spoofing, NTLM Relay, Kerberoasting
- DCSync and DCShadow
- AdminSDholder
- Other Modern identity attack techniques
Module 7: Case Study – Determining Identity Theft in the Infrastructure
Module 8: eXtended Detection and Response with Sentinel
- Sentinel 101 - Azure Sentinel Dashboards, Connectors
- Understanding Normalization in Azure Sentinel
- Cloud & on-prem architecture
- Workbooks deep dive - Visualize your security threats and hunts
- Incidents
- KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL
- Auditing and monitoring your Azure Sentinel workspace
- Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
- Fusion ML Detections with Scheduled Analytics Rules
- Deep Dive into Azure Sentinel Innovations
- Investigating Azure Security Center alerts using Azure Sentinel
- Introduction to Monitoring GitHub with Azure Sentinel for Security Professionals
- Hunting in Sentinel
- Deep Dive on Threat Intelligence
- End-to-End SOC scenario with Sentinel
Module 9: Case Study – Detecting a Complex Threat with Sentinel
Module 10: Practical and Advanced Use Cases of Sentinel
- Visualizing Sentinel data with Workbooks
- Creating automation playbooks in Microsoft Sentinel
- KQL for Sentinel hands-on lab
- Proactively hunt for threats using Microsoft Sentinel
- Basic SOC investigation scenario
- Auditing and monitoring Microsoft Sentinel workspace
- Creating scheduled analytics rules for Microsoft Sentinel alerts
- Manage Cloud App Discovery and protect your environment from risky applications
- Microsoft Cloud App Information Protection activities
- Investigating risky users with Defender for Cloud apps user entity behavioral analytics