About the course
This course takes on an “Attack Vs Detection” approach in a condensed format. It's a dedicated program for students who have a basic understanding of Linux OS and have to deal with advanced threats. Furthermore, the course is also dedicated to experienced DFIR/SOC/CERT members who aim to dig deeper into the understanding of Linux internals and corresponding attacks.
Through the hands-on labs, you will gain a perfect understanding of important DFIR Linux/Network internals and investigation steps needed to get the full picture of post-exploitation activities and artifacts left behind. At scale.
Through the hands-on labs, you will gain a perfect understanding of important DFIR Linux/Network internals and investigation steps needed to get the full picture of post-exploitation activities and artifacts left behind. At scale.
What you can expect:
- Hands-on experience in the format of Attack-Detection-Response which is the basis for Detection Engineering
- Coverage of many different open source security solutions for blue/DFIR teams vs many different tactics, techniques, and projects for the offensive side
- We are going to explore and discuss many publicly available research and blog posts as well
- The scope is huge:
- from Linux in-memory process injections to memory forensics
- from different C2 communications like Sliver/MSF to Zeek/Suricata on the network level and Falco/Tracee on the endpoint level
- from web shells to Yara scanning
- from yum persistence to auditd alerting
- from LKM rootkits to LKRG prevention
- from eBPF rootkits to eBPF detection ^^
- and many more
Enjoy! :)