Defensive Cybersecurity Fundamentals

Everyone talks about the intrusion kill chain (sometimes called the “cyber kill chain”)—a model for actionable intelligence in which defenders align enterprise defensive capabilities to the specific processes an adversary might undertake to target that enterprise. However, much of what’s discussed publicly is misinformation and scare tactics.

Join expert Amanda Berlin to learn the most effective steps you can take to protect your organization from the vast majority of threats with defensive mitigation and monitoring. Through use cases such as ransomware, data exfiltration, and lateral movement, you’ll see how to improve the standard of defense at each level, then discover step-by-step what you can accurately cover using the kill chain by working through use cases that outline the specifics of attacks. You'll also gain hands-on experience through tabletop exercises and drills to strengthen your understanding.

Much of what’s covered will be hands-on walk-throughs in a Microsoft Windows environment. Windows domains are the most popular target for attackers as they’re frequently the most insecurely configured.

By the end of this course, you’ll understand:

• Offensive and defensive tactics, techniques, and procedures surrounding three important use cases that constantly are a threat to enterprises
• How to complete 10 or more specific configuration changes to increase the security against the use cases listed

And you’ll be able to:

• Gather open source intelligence (OSINT), including names and emails that an attacker may be able to take advantage of
• Navigate several built-in Windows tools, including Group Policy and AdsiEdit
• Implement LAPS

<

• You’re a systems administrator looking for a step-by-step guide to configuration changes in an enterprise.
• You’re a general security practitioner looking to gain insight on defensive security strategies.
• You’re an IT practitioner who's being encouraged by your organization to step into an information security role.

Prerequisites

• A general understanding of operating systems and technology in general
• The ability to navigate the command line at a novice level
• Knowledge of common security terminology (macros, attacker, threat, data exfiltration, etc.)
• Set up three virtual machines with up-to-date patching (instructions below)

Create three virtual machines:

1. Create a Windows Server VM.

• Any supported version is fine, but the instructor will be using Server 2016.
• Walk through installation and get to a stable, barebones state.
• Create a C:\temp folder to store files in.
• Save in C:\temp.

2. Create a VM of a supported enterprise version of Windows Desktop.

• Any supported version is fine, but the instructor will be using Windows 10.
• Walk through installation and get to a stable, barebones state.

3. Create a Kali Linux VM.

• Walk through installation and get to a stable, barebones state.

Windows Server Files

Powershell Script

Save the following as HoneyDirectory.ps1 in C:\temp:

Let's grab the DeviceID for the C volume

$Volume_info_for_C = Get-WMIObject -Class Win32_Volume -Filter "driveletter='c:'"

$Device_ID_of_C = $Volume_info_for_C.DeviceID

Normally, everything is mounted only to the root (C:) but we are going to get creative.

$Sinkholes = @('$$')

ForEach($Sinkhole in $Sinkholes){

New-Item c:$Sinkhole -ItemType directory

$Volume_info_for_C.AddMountPoint("c:$Sinkholes")

}

Bloodhound:

1. Download Bloodhound.
2. Save in C:\temp.

LAPS:Download LAPS.Save in C:\temp.