This course takes on an “Attack Vs Detection” approach in a condensed format. It's a dedicated program for students who have a basic understanding of Linux OS and have to deal with advanced threats. Furthermore, the course is also dedicated to experienced DFIR/SOC/CERT members who aim to dig deeper into the understanding of Linux internals and corresponding attacks.

Through the hands-on labs, you will gain a perfect understanding of important DFIR Linux/Network internals and investigation steps needed to get the full picture of post-exploitation activities and artifacts left behind. At scale.

What you can expect:

• Hands-on experience in the format of Attack-Detection-Response which is the basis for Detection Engineering

• Coverage of many different open source security solutions for blue/DFIR teams vs many different tactics, techniques, and projects for the offensive side

• We are going to explore and discuss many publicly available research and blog posts as well

• The scope is huge:

  • from Linux in-memory process injections to memory forensics

  • from different C2 communications like Sliver/MSF to Zeek/Suricata on the network level and Falco/Tracee on the endpoint level

  • from web shells to Yara scanning

  • from yum persistence to auditd alerting

  • from LKM rootkits to LKRG prevention

  • from eBPF rootkits to eBPF detection ^^

  • and many more

Enjoy! :)