
Courses

Local Authentication in Windows
In this hands-on lab, you will learn about local authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a user account has logged on and logged off, including the type of authentication.

Domain Authentication in Windows
In this hands-on lab, you will learn about domain-based authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a domain user account has logged on and logged off, including the type of authentication.

Spearphishing with an Attachment
In this hands-on lab, you will learn the basics of email analysis with a special focus on malicious attachments. You will practice performing triage analysis of a spearphishing email containing a suspicious attachment.

SIEM Dashboards
In this lab, you will learn the basics of SIEM dashboards. You will practice creating your own custom dashboard using the Wazuh SIEM.

Persistence in Windows
In this hands-on lab, you will learn the basics of persistence in Windows. You will practice generating data that is representative of common persistence mechanisms, then use a SIEM to identify indicators of persistence.

Execution in Windows
In this hands-on lab, you will learn the basics of process analysis and Windows execution. You will practice using Process Explorer and a SIEM to analyze information from collected process dumps.

SIEM Detection and Alerting
In this hands-on lab, you will learn the basics of SIEM-based detection and alerting. You will practice using the Wazuh SIEM to create, modify, and test custom rules and alerts.

Spearphishing with a Link
In this hands-on lab, you will learn how to analyze spearphishing emails containing malicious links. You will practice analyzing a sample spearphishing email.

SIEM Search Expressions
In this hands-on lab, you will learn the basics of using search expressions in a SIEM. You will practice creating a series of search expressions in the Wazuh SIEM.

Web Activity Logs
In this hands-on lab, you will learn the basics of web activity logs. You will then practice identifying meaningful events in web proxy (HTTP/HTTPS) and name server (DNS) logs in the context of a new threat intelligence report.
After too many years of security operations work, Chris Daywalt tries to turn his phone off at 5:00 pm EST. While there are a bunch of training classes and education somewhere on his resume, much of what he has to teach was learned at the school of hard knocks, often at the expense of his previous clients. He wants to help you spend more time detecting and denying adversaries and less time banging your head against your keyboard. He dips his blueberry donuts in orange juice.
Chris’ 19-year career includes work for organizations of all sizes, both government and private sector, and is distributed roughly like so: