We examine a series of behaviors that are adversaries use to escalate, pivot, and persist throughout the network to uncover unknown actors operating in your network. Upon discovering the indicators, our team will analyze and confirm an active breach event.
During an active breach, our team assists your team with identifying the initial breach event, tracing what actions the adversary took, which hosts were compromised, and what data was lost. We provide hard disk and memory forensics support, log analysis, and timeline creation to help you fully understand the impact of the breach event.
SpecterOps adversary detection capabilities are focused on the premise that the adversary is already in your network. Our team of detection experts, armed with knowledge of the most current adversary tactics, hone in on the most important heuristic indicators that expose active attacker activity. Equipped with tools like ACE, Uproot, and PowerForensics for network data collection and forensics, our Adversary Detection team will scan your endpoints, gather and enrich the data, identify anomalies, assess impact, and assist with removing the adversary from your network.
This course focuses on proactively searching for malicious threat actors and closing the gap from infection to detection. You will learn cutting-edge techniques to collect and analyze host-based information and stop adversaries before they cause wide-scale damage.
Your organization has just implemented the leading detection and response products. Are they configured with default configuration? How much faith should you have in your ability to detect sophisticated attacks? How would you simulate attacks to ensure robust detections are in place? This course will teach the importance of understanding the inner workings of attack techniques and telemetry availability and provide a workflow for developing robust detection analytics or data driven evasion decisions. Focusing on various Windows components and attacker TTPs, you will dive deep into how software abstracts underlying capabilities and how attackers can interact with deeper layers to bypass superficial detection capabilities.