BSides St Pete 2023 Trainings
Trainings will be 4-6 hours in duration
Sessions will start at 10 am; with a break at 12-1 pm
Be sure to register for a session below, there's a 25 person capacity per training experience!
Blue Team Workshop - M365 and Azure AD
J.R. Goldman and Arpan Sarkar
The Blue Team Workshop is an educational, hands-on training to help security analysts and leaders experience first-hand how to detect and response to advanced attacks in a simulated enterprise environment. Participants will sharpen their analysis, hunting and defending skills. Through examination of a real-world advanced attack, participants will walk away with a better understanding how to analyze behavior-based indicators that occur post-compromise. No special tools are needed for this fun, interactive training. Basic attack skills and knowledge of Linux/Kali required.
Introduction to Hands-On Purple Teaming
Bryson Bort & Chris Peacock
In this hands-on workshop you will be introduced to Purple Team Exercises and play the role of Cyber Threat Intelligence, the Red Team, and the Blue Team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will:
• Learn the basics and use Command and Control (C2)
• Consume Cyber Threat Intelligence from a known adversary
• Extract adversary behaviors/TTPs and map to MITRE ATT&CK
• Play the Red Team by creating and executing adversary emulation plans
• Emulate the adversary behaviors in a small environment consisting of a domain controller, member server, and a Linux system
• Play the role of the Blue Team and look for Indicators of Compromise and Behaviors
• Use Wireshark to identify heartbeat and jitter
• Enable detective controls (Sysmon and/or Sigma)
Splunk Boss of the SOC
Boss of the SOC (BOTS) is a blue-team capture the flag-esque competition. Participants will explore and investigate realistic event data in Splunk Enterprise and Splunk Enterprise Security.