Cybersecurity attacks and defenses – Red vs. blue team!

Choose ticket:

Ticket CHICAGO - Cyber security attacks and defenses

All inclusive:
- $4995
- Hotel (5 nights)
- Food
- Training
- Fun happenings

When clicking Order now you will be sent to the Truesec checkout page on

Book 2 tickets and get 20% discount!

Use coupon code:  2020 .
Add the code in the coupon field om the checkout form. It will apply when (2 or more classes) have been added.

We regularly work hands-on, knee-deep, with Cyber Incidents, where we help mid- to enterprise-sized companies and organizations who are victims of Cyberattacks. That gives us a unique insight into how attackers operate, and the most common mistakes IT departments and humans do. 

Class Overview

During this week, you will participate in simulated attack and defense exercises as Blue and Red Team members with the task of attack and defend your enterprise lab environment. This will give you the insights into how an attacker thinks, operates and their tooling as well as how to detect, protect and respond to Cyberattacks.  

Traditional security approaches have focused on using the organization’s network as the primary security perimeter. However, in today’s world, network security is often bypassed, primarily when data and resources are hosted outside the traditional network boundary. Or when the adversaries obtain access on workstations inside the network boundary through phishing and other attacks. Cyberattackers target accounts and other elements of privileged access to rapidly gain access to targeted data and systems using various tools and skillsets to perform credential theft and reuse attacks like token manipulation, pass-the-hash, and pass-the-ticket.  

In this training, you learn the modus operandi of attackers, how they identify vulnerabilities and exploit them to take control of your enterprise environment, for example, to steal data or launch ransomware attacks. You will also learn how to detect hackers’ activities and how to protect your environment using built-in security features in Windows Client and Server, as well as those in Azure and Microsoft 365, maximizing your investments in the Microsoft platform.  

It is a unique hands-on lab for IT pros and IT managers that covers all aspects of Windows Enterprise security regarding cyberattacks and defenses.  

Instructors discuss protection and mitigation strategies for each attack scenario covered in the training, based on their extensive real-world experience and knowledge. Using examples from incidents, attacks, and red team assignments, they demonstrate the importance of governing privileged access and how it minimizes your organization’s attack surface and thwarts in-progress attacks.  

Key players of the Truesec Cybersecurity team, consisting of both red and blue team members and other security experts, developed this unique training based on real-world experience from numerous incident response cases, penetration tests, security health-checks, red team activities, and security design and architecture projects. They include some of the world’s leading security experts, Cloud and Enterprise Security MVPs, and recognized Microsoft Ignite speakers.  

After taking this course, you will fully understand the threats of today and be able to swiftly implement security controls that are proven to defend your Microsoft infrastructure effectively in the real world. You will take home key knowledge based on the instructors’ many years of experience helping customers in the field investigate and mitigate security challenges.  


300 (Advanced)


You will receive an Education Certificate after graduation.

Who Should Attend?

IT technicians, administrators, architects, and “technically focused” IT managers who want to learn more about Cybersecurity with a focus on Microsoft security.

Prerequisites  knowledge

Good IT knowledge in enterprise environments and in Windows systems, with some experience administrating cloud services. 


Recorded sessions, notes, tools and a lot of knowledge and best practices 

Lead Instructors 

Hasain Alshakarti
Markus Lassfolk
Fabio Viggiani 
Alexander Andersson
Rasmus Grönlund

Class outline

Module 1 – Introduction 

  • Intelligence report – the latest threats and notes from the field 
  • Anatomy of APTs and targeted attacks  

Module 2 – Initial recon 

  • Advanced information gathering 
  • Social engineering 
  • Network and host-based enumeration 
  • System and service enumeration 
  • Vulnerability analysis 

Module 3 – Remote attacks 

  • The anatomy of vulnerability exploitation
  • Attacking commonly exposed services
  • Attack frameworks
  • Password-based attacks, passive and active (brute force, spraying, reuse)

Module 4 – Web application attacks 

  • Exploitation of web app vulnerabilities
  • Attacking containers and web infrastructure
  • OWASP Top 10 and more

Module 5 – Client-side attacks  

  • Phishing attacks  
  • Credential theft 
  • Exploit-based attacks using attack frameworks 

Module 6 – Lateral movement 

  • Remote access tools and Trojans 
  • Lateral movement using dependencies 
  • Passing the hash and passing the ticket  
  • Token manipulation 
  • Other credential extraction  

Module 7 – Miscellaneous attacks 

  • Wireless attacks 
  • Physical attacks including attacks on encrypted laptops 
  • Mobile platforms 

Module 8 – System hardening

  • Windows enterprise-hardening strategies and patching
  • Security policy configuration, security compliance, and enterprise distribution
  • AppLocker & Application whitelisting
  • Health attestation (Hyper-V guarded fabric and physical endpoints) 
  • Device encryption (BitLocker)  
  • Device Guard (TPM, Credential Guard)  
  • Hardening system management (WinRM, PowerShell, RDP, WMI, RPC, etc.)  

Module 9 – Enterprise & Cloud authentication and authorization 

  • PKI-based authentication 
  • Virtual smartcards, smartcards 
  • Authentication Mechanism Assurance 
  • Active Directory authentication strategies 
  • Claims-based authentication and identity federation (ADFS, Azure AD, other cloud services)  
  • Authentication policies and silos (AD, Kerberos)  
  • Windows Hello for Business  
  • MFA (Azure MFA, Azure AD, token-based, passwordless)  
  • Service accounts (managed service accounts, service account strategies)  
  • Privileged Access Management (Privileged Access Management with Active Directory, Azure Privileged Identity Access Management, JIT, JEA, etc.)  
  • Secure Score (Azure AD, Office 365, Azure ATP)  
  • Dynamic Access Control and copnditional access olicies (on-prem, Azure AD)  

Module 10 – Network security 

  • IPSEC/domain Isolation (zero trust networks)  
  • Server/service isolation (OnPrem, Azure Security Groups, Azure Firewall) 
  • Windows Advanced Firewall 

Module 11 – Auditing 

  • Endpoint monitoring (Sysmon, ELK)  
  • Windows Defender ATP  
  • Azure Log Analytics  
  • PowerShell logging 
  • Advanced auditing 

Module 12 – Data protection 

  • Azure Identity Protection  
  • BitLocker  
  • Rights Management Services  
  • File system encryption  

Module 13 – Summary  

  • Mitigation and protection strategies  
  • Incident response