ISSA-LA Information Security Summit XII

(1-DAY)  TRAINING WORKSHOPS

Sept 21, 2022

10:30-6:30pm

Michael Wylie, MBA, CISSP

Senior Manager, Crowdstrike

Jose Barajas

Director of Global Sales Engineering, AttackIQ

Jaymin Patel

AttackIQ Systems Engineer

Sign Up Today for HIGH-IMPACT Training

Wireshark for Incident Response and Threat Hunting Workshop Setup

Michael Wylie (Training Session – September 21, 2022). Wylie is a technology business and M&A expert, influencer, thought leader, speaker and author, and President of the National Society of IT Service Providers.

This workshop will take attendees’ Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and identifying anomalous network traffic. This workshop will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Throughout the workshop, we’ll examine what different attacks and malware look like while using Wireshark. Attendees will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and TTPs utilizing staged packet capture files. Labs start out easy and quickly progress in difficulty. There will be plenty of take-home labs for additional practice.

Attendee and Computer Requirements: https://github.com/themikewylie/wireshark/blob/main/README.md

AttackIQ – MITRE ATT&CK and Foundations Class (Purple Teaming & Building Threat-Informed Emulation Plans)

Jaymin Patel and Jose Barajas (Training Session – September 21, 2022)

AM session: MITRE ATT&CK and Foundations Class on Purple Teaming

1) Foundations of Operationalizing MITRE ATT&CK – https://academy.attackiq.com/courses/foundations-of-operationalizing-mitre-attck

This training session introduces students to the basics of the MITRE ATT&CK Framework. Topics include the history and evolution of MITRE ATT&CK, why organizations are adopting it, and how an organization can use MITRE ATT&CK to make its security program more efficient and effective. The class will also cover the tools and resources available for supplementing MITRE ATT&CK testing, including ATT&CK Navigator and MITRE CAR. AttackIQ’s book, The Dummies Guide to MITRE ATT&CK, serves as a foundational book for the course. You can download the Dummies Guide to MITRE ATT&CK on the AttackIQ website at www.AttackIQ.com/dummies

2) Foundations of Purple Teaming – https://academy.attackiq.com/courses/foundations-of-purple-teaming

This training session introduces the state-of-the-art practice of purple teaming and its essential nature as the joint operation of red and blue teams. Students will learn the core concepts, workflows, activities, and artifacts underpinning purple team methodology and will finish the class able both to explain how its programmatic implementation is essential to a threat-informed defense strategy and to plan a foundational purple-team exercise in their own environment.

PM session: Building Threat-Informed Emulation Plans

Building Threat-Informed Emulation Plans is a learning experience designed to put you in the driver’s seat of a purple teaming planning exercise. This is a project-based course in which the concepts and labs build upon each other as you protect and defend our fictional company Sable Bluff Labs. During the class, you will learn about the following topics with labs to reinforce learning:

  1. Threat-Informed Defense: Introduction to the basic principles of a threat-informed defense.
  2. Mission Analysis: Analyze what the company does, what is important to keep the company running, and how those things could be exploited.
  3. Threat Profiling: Threat profiling builds upon mission analysis by understanding who would exploit your company’s vulnerabilities and how they would do it.
  4. Emulation Planning: Emulation planning takes the work done in threat profiling and mission analysis and combines it into an actionable plan to test your enterprise against likely attacks from likely attackers.
  5. Implementing Emulations in AttackIQ: Taking the plans created during emulation planning, you will learn how to implement emulations in a breach and attack simulation tool to better automate and report on emulation activities.
  6. MITRE D3FEND: Take the output of your emulations and determine which preventive or detective measures can be put in place to better mitigate weaknesses discovered during testing.

You will have full access to AttackIQ Academy instructors to answer all your questions on emulation planning, breach and attack simulation, MITRE ATT&CK, and more. This is a truly unique, interactive experience that we cannot wait to share with you.