Hands-On Lab Workshop: Mastering Threat Detection and Incident Response
Event Overview
Join our Virtual Lab Workshop to explore the Mastering Threat Detection & Incident Response Learning Path. Inspired by a real Pass-the-Hash attack simulation, this session follows a red team campaign across the full cyber kill chain—credential theft, lateral movement, and privilege escalation. Gain hands-on experience with tools like Falcon XDR, Falcon ITDR, Security Onion, and SOAR as you learn to detect and respond to early-stage threats, escalate incidents, and defend Active Directory from Kerberoasting. Work through real-world scenarios with guidance from experienced analysts and red teamers. Ideal for Tier 1 SOC analysts aiming to level up to Tier 2/3 roles. Stick around for live Q&A with our experts.
Featured Speakers
What to expect
- Introductory Experience: Gain a high-level understanding of how it works and its benefits through a guided walkthrough
- Genesis of the Lab.
- Challenges and opportunities encountered during the design of the lab.
- Hands-On Lab: Perform real-time queries.
- Interactive Q&A: Engage with the host and other participants through live Q&A sessions.
- Practical Applications: Discover how the technology can significantly benefit your organization.
Goals and Objectives
• Simulate real-world attacks using tools like Responder, Mimikatz, and obfuscated PowerShell to understand adversary behavior from an attacker’s perspective • Detect and investigate threats with Falcon XDR and Security Onion by correlating behavioral, identity, and network telemetry • Respond to and contain incidents using Falcon SOAR, including host isolation, credential resets, and automated playbooks • Fine-tune detection rules and document incidents to reduce false positives and enhance SOC response effectiveness
Who should attend?
• Are familiar with the MITRE ATT&CK framework, including core tactics and techniques • Possess basic knowledge of navigating Windows and Linux systems