Training Defend against modern targeted attacks

What techniques do cybercriminals use to attack an organisation? How can you effectively arm yourself against cyber attacks? During this 3-day training course, you will learn how different attack techniques work and how you can effectively arm yourself against them.

Verschillende iconen met focus op icoon training
03 — 05 Jun 2024
09:00 to 17:00
SURF office, Utrecht

Training course

The training course 'Defend against modern targeted attacks' is a technical training course in which you will learn how cyber criminals attack an organisation, how different attack techniques work and how to effectively arm your organisation against them.

During this training:

  • you will learn all about attacks, because that will make you a better defender.
  • You will learn extensively about core theoretical concepts such as:
    • The Cyber Kill Chain
    • The Course of Action Matrix
    • The Pyramid of Pain
  • you will hear about the latest developments in hacking and detection techniques.
  • Besides theory, there is also a lot of focus on 'learning by doing' in a lab environment. Roughly 50 per cent of your time will be spent in the lab.
  • The lab environment is representative of IT networks in the real world.
  • you gain a lot of practical experience with various hacking tools, combined with tools for detection and investigation.
  • you will be given tools and scripts to work with immediately after the training.
  • you will receive a Lab Manual with the exercises written out for clarity and efficiency.

For whom?

The training is suitable for participants with a background in technical IT and IT security. The training is designed so that both experienced professionals and starters can learn a lot. Besides Blue team and CERT members, the training is also relevant for all IT professionals with technical IT security work.


Day 1

Morning programme:

  • Introduction
  • Core theoretical concepts on attack and defence
  • Dark web and underground market
  • Reconnaissance phase of your target
  • Hands-on lab: explore the Dark Web
  • Hands-on lab: recon of your target
12.00 Break

Afternoon programme

  • Theory of attack vectors (e.g. watering hole, phishing)
  • The Microsoft Office attack vector
  • Hands-on lab: create, modify and review rogue Office documents
  • The infrastructure of modern attackers highlighted, e.g. C2, redirectors, 'low and slow' principle, beacon traffic
  • Hands-on lab: set up your own attack infrastructure, and use your previously created malicious Office document to attack and infect your target
17.00 End - Summary of the day and key lessons learned
Day 2

Morning programme

  • Macro security methodologies, e.g. Trusted Locations, signing and Event logging
  • Introduction anti-virus bypassing
  • Hands-on lab: Office documenting anti-virus circumvention and beacon traffic, and detecting it
  • Getting 'persistence' on your Windows targets
  • Hands-on lab: create and detect some known and less known ways of persistence
12.00 Break

Afternoon programme

  • Windows OS setup from the attacker's perspective, e.g. privilege model, tokens, NTLM hashing, pass-the-hash, the LSASS process
  • Hands-on: performing some recent Windows hacking techniques, and detecting them
  • Windows Active Directory from the attacker perspective, e.g. Forest vs. Domain, high privilege users (more than just Domain Admins), SPN, searching users in the domain
  • Hands-on lab: perform some 'lateral movement' attacks
  • Ways to detect 'lateral movement' and key Windows event Ids.
  • Hands-on lab: detecting 'lateral movement' traffic
17.00 End - Summary of the day and key lessons learned
Day 3

Morning programme

  • Advanced attacks on Windows and Kerberos networks, e.g. pass-the-token, Kerberoasting, LLMNR & NBNS attacks
  • PowerShell attacks and PowerShell security
  • Hands-on lab: detection of more advanced Windows attacks
  • Advanced C2, e.g. SMB named pipes and domain fronting
  • Hands-on lab: using and detecting domain fronting and SMB named pipes
12.00 Break

Afternoon programme

  • Log analysis and alerting (SIEM)
  • Forensic log analysis and artefacts
  • Hands-on lab: performing a forensic investigation
  • Quick wins to quickly implement in own IT environment based on 10+ years of red-teaming experience
17.00 End - Summary of the day and key lessons learned

Registration and cancellation