Live Training Classes
Training week for BSidesAugusta 2021 is September 27-30. This year, there will be four live training classes at the Georgia Cyber Center. Hurry! Seats are limited. You can buy your tickets on the registration page starting August 2 at Noon Eastern Time.
See the individual class descriptions below for pre-requisites and items you need to bring to training.
Included with Each Class
Coffee through 2 PM
Bottled water all day
Validated parking at the Georgia Cyber Center parking deck
Free non-transferable ticket to Security Onion Conference October 1
Free non-transferable ticket to BSidesAugusta October 2
Individual classes may be cancelled if they do not meet a minimum enrollment up to one week prior to the first day of class. If a class is cancelled due to lack of enrollment or for any other reason, training refunds (for the cost of the training only) will be automatically issued to registered students. For all other refund requests, please see the refund policy on the BSidesAugusta registration page.
See https://bsidesaugusta.org/health for the latest information.
Course Name: Operationalizing PowerShell by Fernando Tomlinson
Date: September 30
Training Time: 9 AM – 5 PM
Trainer Name(s): Fernando Tomlinson (@Wired_Pulse)
Course Description: PowerShell is one of the most versatile languages in use today. Besides being resident on modern versions of Windows by default, the language is incorporated in nearly all Microsoft products from Exchange to even Azure. It was originally developed to assist in system administration tasks however, its use goes far beyond that. It is being used for threat hunting, forensics, attacker reconnaissance, escalation, exfiltration, lateral movement, and many other tactics. This enables entities to be able to complete vital tasks without the need for an additional toolset, adding agility to their actions. As such, the language continues to be the leading execution method during intrusions involving Windows systems and helps defenders with their visibility and detection efforts. This training event will provide hands-on exposure to the aforementioned areas all from within the PowerShell environment! Walking away, you will be better postured to identify these tactics or use them for your specific purposes without adding anything additional to the network.
Target Audience: This workshop is for those learning PowerShell or for those who want to hone the skills they already have.
What attendees need to bring: Laptop with Windows 10 (a VM suffices) with PowerShell 7.1.3 installed.
Course Name: Operation Purple by SCYTHE
Date: September 29 – 30
Training Time: 9 AM – 5 PM
Trainer Name(s): Tim Schulz (@teschulz)
Course Description: Ever wondered how purple teaming can supercharge your cyber capability? In this two day, hands-on course, attendees will learn the balance between threat understanding and detection understanding to run their own purple team exercises. Attendees will start by learning the underlying methodologies that make purple teaming successful and metrics for success before diving into leveraging the ATT&CK framework to create threat informed emulation plans. Once attendees have successfully built plans, they can leverage tools like SCYTHE or the Slingshot C2 VM to automate the emulation process. Finally, attendees will learn to identify and build detections to their emulated attacks.
Target Audience: This training is for security analysts, cyber threat intelligence analysts, red teams, and blue teams that want to add more purple teaming to their daily lives.
What attendees need to bring: Laptop with access to a web browser.
Discounts available for active duty US military, active US Federal civilian employees, full time students, and full time employees of nonprofits. Send an e-mail to Info@BSidesAugusta.org for details.
Course Name: Security Onion 2 Fundamentals for Analysts and Administrators by Security Onion Solutions
Date: September 27 – 30
Training Time: 8 AM – 5 PM
Trainer Name(s): Bryant Treacle and John Bernal
Course Description: This course is geared for analysts and administrators of Security Onion 2 (formerly known as Hybrid Hunter). Students will gain a foundational understanding of this exciting platform – how to architect, deploy, and manage their Security Onion 2 grid. The course also covers major analyst workflows, reinforced through real-world case studies. The class will cover the following topics:
- Security Onion Console
- Security Onion 2 System Architecture
- Deploying a Security Onion 2 Distributed Architecture
- Common Administrative Tasks
- Security Onion 2 Workflows
- Alert Triage & Case Creation with SOC Alerts and TheHive
- Ad hoc Hunting with Kibana and SOC Hunt
- Detection Engineering with Playbook
- Grid Management
- Tuning the Grid
- Berkeley Packet Filters
- Performance Tuning – Zeek and Suricata
- Alert Tuning – Suricata and Playbook
- Integrating Endpoint Data with Osquery and Wazuh
- Intel Framework
- Creating Custom Dashboards with Kibana
- Alternative Deployment Architectures
- Airgap Deployments
- Cloud Deployments
- Multiple Labs and Case Studies