SIT Overview

In 2018 there were over 6,500 cyber incidents that resulted in the compromise of over 5 billion sensitive records, with the average cost of a single data breach at $3.9 million.

Malicious attacks were the root cause of almost 50% of these data breaches. Rather than focusing on “toolset mastery”, Obscurity Labs’ Security Operations Center (SOC) Immersion Training (SIT) aims to disrupt breach statistics by educating SOC analysts in critical analyst concepts and methodologies necessary to detect and respond to current real-world advanced persistent threat (APT) Tactics Techniques and Procedures (TTP) and Tradecraft Core Concepts (TCC). Instead of the traditional “lecture, followed by static lab” concept; SIT utilizes a unique training model with hands-on, live attack scenarios, performed by experienced Red Team Operators, to reinforce the SOC analyst’s understanding of lecture materials.

SIT Core Concepts

  • Executing a Layered Analysis Methodology

    When analyzing an alert, it is important to follow a methodology that encourages analytical thought. This enables the SOC analyst to draw conclusions that transcends alerts generated by tools.

  • Creating Indicators of Compromise (IOC)

    Understanding the difference between hard and soft IOC allows an analyst to make tactical assumptions. This enables the SOC analyst to reduce the “mean time to react” and improves their overall ability to detect and respond to malicious activity.

  • Identifying Artifact and Evidence Locations

    SOC analysts must use multiple data sources to create high fidelity alerts, correlate events, and focus their analysis. This enables SOC analysts to improve processes, reduce triage timing, and identify detection gaps.

Course Curriculum

  • 1

    Day 1 – Introduction & Analysis Methodology

    • Welcome & Team Introductions

    • Tactics Tools & Techniques

    • Layered Analysis Methodology

  • 2

    Day 2 - Initial Access

    • Initial Access Overview

    • HTML Application (HTA)

    • Microsoft Office Macros

    • Microsoft Silverlight

  • 3

    Day 3 - Persistence

    • Persistence Overview

    • Registry Modification

    • Service Abuse

    • Windows Management Interface (WMI) Subscriptions

  • 4

    Day 4 - Privilege Escalation

    • Privilege Escalation Overview

    • PowerUP

    • User Account Control (UAC) Bypass

    • Remote Privilege Escalation

  • 5

    Day 5 - Lateral Movement & Objective Achievement

    • Lateral Movement & Objective Achievement Overview

    • PsExec / Powershell

    • WMI Process Creation

    • WMI Subscription

  • 6

    Next steps

    • Congrats! Here's what's next...

    • More resources for you

    • Before you go...

Countdown Until The Next SIT!

The next SIT will be held on (TBD).

  • 00Days
  • 00Hours
  • 00Minutes
  • 00Seconds