Adversary Tactics - Detection
Important
After reading the material, use the following resources to prepare for your specific delivery:
Detection Fundamentals
The course relies on several fundamental concepts that we will cover extensively in the course. If you would like to get a preview of these concepts, please review the following:
These posts will walk you through a mindset, process, and framework for creating robust detection capabilities as well as acknowledging blind spots that may occur. In this course, we will exercise these concepts in a simulated compromised network environment.
Additional read ahead materials pertaining to the course:
- Familiarity with Sysmon, as that’s a core part of the toolset we’ll be using for the course.
- Read our blog at where we write about a lot of the same topics that we teach. For both our detection trainings and detection services for clients, our core methodology is focused on the Funnel of Fidelity. Currently, we have a three-part Detection Engineering series (#1: Capability Abstraction; #2 Detection Spectrum; and #3 Detection in Depth) where we explore the ideas that drive our actual detection engineering practice, which we will expand on during the course.