MalwareLabYesterday I attended #SOC #DetectionEngineering Crash Course with Hayden Covington by @Antisy_Training
5 hours workshop (1 hour lab setup with instructor available on Zoom and 4 hours of workshop itself). Pay what you can with pricing starting from $0. Course materials such as setup guide and excellent lab instructions delivered in advance, two days before workshop.
All you need for the workshop is just the web browser - we use #MetaCTF Cloud Windows VM (credits provided by the instructor) and Elastic Security (free trial available for 14 days).
Fun fact: I test #FreeBSD as my host OS and was able to do all of the labs in FreeBSD without any issues
The content was useful, really Crash course. We started with Windows VM with Sysmon and empty Elastic. After the course, we had Elastic Agent on VM, logs in Elastic, detection rule for @mitreattack Account Discovery: Local Account (T1087.001), suppression of the alerts for particular user. We also tested the detection with Atomic Red Team test.
In overall, it was very good workshop and I am happy for opportunity to attend it. The usage of "free" cloud infrastructure is inspiring, I will consider it during my next trainings for larger group of students (instead of hosting all of the VMs in our cloud infrastructure) - this way, lot of things can students do again after the training for better understanding of the topic.
#infosec #education #training #antisyphon #soc #siem #detections #blueteam
BSides Saskatoon - 2026-09-26
Kamyar Kojouri