Constructing Defense
Buy now
Learn more
๐จImportant Changes Coming to Constructing Defense - Please Read โ ๏ธ
Welcome to Constructing Defense!
Welcome & Introduction
Changelog
Lab Overview
Lab Overview
General Lab Build Approach
Lab Construction
ISO Downloads - Windows Server 2019
ISO Downloads - Windows 11
ISO Downloads - Ubuntu
ISO Downloads - PCAP
Lab Construction - AWS Version
Terraform Setup
Domain Controller
Windows 11 A & V
Certer
Linux A & Linux V
[Splunk] - Lab Construction & Provisioning - Ludus Version
[Splunk] - Ludus Overview
[Splunk] - Ludus Deploy
[Splunk] - Ludus Post Deploy Setup
Lab Construction & Provisioning - Ludus Version
Ludus Overview
Ludus Setup
Ludus Post Deploy Setup
Lab Provisioning
Domain Controller
Windows 11 A & V
Certer
Linux A & Linux V
PCAP
PCAP - New Malcolm Version
Cloud Accounts - Azure
Cloud Accounts - Amazon Web Services (AWS)
Kubernetes Setup
Sysmon Setup
Telemetry Setup & Miscellaneous Lab Configuration
Section Intro
Windows Auditing and GPO Setup
Disabling Defender
Certificate Enrollment
Linux Auditd + Laurel
Sumo Logic SIEM Account
[Sumo Logic] - Windows Event Collection
[Sumo Logic] - Linux Event Collection
[Legacy] - Kubernetes Monitoring
[Sumo Logic] - Kubernetes Monitoring
[Sumo Logic] - Cloud Collection - AWS
[Sumo Logic] - Cloud Collection - Azure
[Splunk] - Splunk Setup
[Splunk] - Forwarder Setup (Windows)
[Splunk] - Forwarder Setup (Linux)
[Splunk] - Kubernetes Monitoring
[Splunk] - Cloud Collection - AWS
[Splunk] - Cloud Collection - Azure/Entra
Lab Executions
Section Intro
Getting to Know Ourselves
Our First Shell
First Shell - Detection 1
First Shell - Detection 2
Our Second Shell - Exploring the Network Layer
Second Shell - Bonus Round
Credential Access on Windows Hosts - LSASS
Credential Access on Windows Hosts - File Shares
Credential Access on Windows Hosts - Kerberoasting
Credential Access on Windows Hosts - DCSync
Lateral Movement in Windows Environments - WMIExec
Lateral Movement in Windows Environments - PSExec
Discovery/Recon Detection on Windows Hosts
Profiling Rundll32 Executions on Windows Hosts
LOLBAS / LOLBINs
Active Directory Certificate Services
Authentication Anomalies on Windows Hosts - The Classic Brute Force
Authentication Anomalies on Windows Hosts - The Kerberos Approach
Credential Access on Linux Hosts - The Shadow File
Credential Access on Linux Hosts - Through a C2 Framework
Lateral Movement on Linux Hosts - Interactive Bash Prompts
Web Shell Detections on Linux Hosts
Kubernetes Threat Detection - Dipping our Toes
Kubernetes Threat Detection - The Host Layer
Kubernetes Threat Detection - The Host Layer - Enumeration
Kubernetes Threat Detection - Tunneling & Exposed Services
Kubernetes Goat ๐
Kubernetes Threat Detection - Poisoned Pod
Azure - Password Sprays
Azure - MFA Madness
Azure - Wrangling Applications
[Legacy] - Azure - Bad to the Bone
[Updated] - Azure - Bad to the Bone
Azure - AzureHound
Azure/Entra Session Hijacking via Browser Cookie Theft ๐ช
Azure Session Hijack via HAR File
AWS - Account Set Up and CLI Access
AWS - CloudTrail - IAM User Creation
AWS - CloudTrail - IAM User Enumeration
AWS - CloudTrail - Pacu - IAM Brute Force
AWS - CloudTrail - Pacu - S3 Bucket Exfil
Adding a bit of Purple
Endpoint Analysis with Hayabusa and Langchain
Kerberos Attacks & Defenses - Pass the Ticket
Kerberos Attacks & Defenses - Golden Ticket
Web Sockets & .NET Assemblies
DPAPI at the Host and Network Layer
Purple Teaming Memory Forensics with MemProcFS
Lab Executions - Splunk
[Splunk] - Getting to Know Ourselves
[Splunk] - Our First Shell
[Splunk] First Shell - Detection 1
[Splunk] - First Shell - Detection 2
[Splunk] - Our Second Shell - Exploring the Network Layer
[Splunk] - Second Shell - Bonus Round
[Splunk] - Credential Access on Windows Hosts - LSASS
[Splunk] - Credential Access on Windows Hosts - File Shares
[Splunk] - Credential Access on Windows Hosts - Kerberoasting
[Splunk] - Credential Access on Windows Hosts - DCSync
[Splunk] - Lateral Movement in Windows Environments - WMIExec
[Splunk] - Lateral Movement in Windows Environments - PSExec
[Splunk] - Discovery/Recon Detection on Windows Hosts
[Splunk] - Profiling Rundll32 Executions on Windows Hosts
[Splunk] - LOLBAS / LOLBINs
[Splunk] - Active Directory Certificate Services
[Splunk] - Authentication Anomalies on Windows Hosts - The Classic Brute Force
[Splunk] - Authentication Anomalies on Windows Hosts - The Kerberos Approach
[Splunk] - Credential Access on Linux Hosts - The Shadow File
[Splunk] - Credential Access on Linux Hosts - Through a C2 Framework
[Splunk] - Lateral Movement on Linux Hosts - Interactive Bash Prompts
[Splunk] - Web Shell Detections on Linux Hosts
[Splunk] - Kubernetes Threat Detection - Dipping our Toes
[Splunk] - Kubernetes Threat Detection - The Host Layer
[Splunk] - Kubernetes Threat Detection - The Host Layer - Enumeration
[Splunk] - Kubernetes Threat Detection - Tunneling & Exposed Services
[Splunk] - Kubernetes Goat ๐
[Splunk] - Kubernetes Threat Detection - Poisoned Pod
[Splunk] - Azure - Password Sprays
[Splunk] - Azure - MFA Madness
[Splunk] - Azure - Wrangling Applications
[Legacy] - Azure - Bad to the Bone
[Updated] - Azure - Bad to the Bone
[Splunk] - Azure - AzureHound
[Splunk] - Azure/Entra Session Hijacking via Browser Cookie Theft ๐ช
[Splunk] - Azure Session Hijack via HAR File
[Splunk] - AWS - Account Set Up and CLI Access
[Splunk] - AWS - CloudTrail - IAM User Creation
[Splunk] - AWS - CloudTrail - IAM User Enumeration
[Splunk] - AWS - CloudTrail - Pacu - IAM Brute Force
[Splunk] - AWS - CloudTrail - Pacu - S3 Bucket Exfil
[Splunk] - Adding a bit of Purple
[Splunk] - Endpoint Analysis with Hayabusa and Langchain
[Splunk] - Kerberos Attacks & Defenses - Pass the Ticket
[Splunk] - Kerberos Attacks & Defenses - Golden Ticket
[Splunk] - Web Sockets & .NET Assemblies
[Splunk] - Purple Teaming Memory Forensics with MemProcFS
Saying Goodbye ๐
Outro
Products
Course
Section
Lesson
DPAPI at the Host and Network Layer
DPAPI at the Host and Network Layer
Constructing Defense
Buy now
Learn more
๐จImportant Changes Coming to Constructing Defense - Please Read โ ๏ธ
Welcome to Constructing Defense!
Welcome & Introduction
Changelog
Lab Overview
Lab Overview
General Lab Build Approach
Lab Construction
ISO Downloads - Windows Server 2019
ISO Downloads - Windows 11
ISO Downloads - Ubuntu
ISO Downloads - PCAP
Lab Construction - AWS Version
Terraform Setup
Domain Controller
Windows 11 A & V
Certer
Linux A & Linux V
[Splunk] - Lab Construction & Provisioning - Ludus Version
[Splunk] - Ludus Overview
[Splunk] - Ludus Deploy
[Splunk] - Ludus Post Deploy Setup
Lab Construction & Provisioning - Ludus Version
Ludus Overview
Ludus Setup
Ludus Post Deploy Setup
Lab Provisioning
Domain Controller
Windows 11 A & V
Certer
Linux A & Linux V
PCAP
PCAP - New Malcolm Version
Cloud Accounts - Azure
Cloud Accounts - Amazon Web Services (AWS)
Kubernetes Setup
Sysmon Setup
Telemetry Setup & Miscellaneous Lab Configuration
Section Intro
Windows Auditing and GPO Setup
Disabling Defender
Certificate Enrollment
Linux Auditd + Laurel
Sumo Logic SIEM Account
[Sumo Logic] - Windows Event Collection
[Sumo Logic] - Linux Event Collection
[Legacy] - Kubernetes Monitoring
[Sumo Logic] - Kubernetes Monitoring
[Sumo Logic] - Cloud Collection - AWS
[Sumo Logic] - Cloud Collection - Azure
[Splunk] - Splunk Setup
[Splunk] - Forwarder Setup (Windows)
[Splunk] - Forwarder Setup (Linux)
[Splunk] - Kubernetes Monitoring
[Splunk] - Cloud Collection - AWS
[Splunk] - Cloud Collection - Azure/Entra
Lab Executions
Section Intro
Getting to Know Ourselves
Our First Shell
First Shell - Detection 1
First Shell - Detection 2
Our Second Shell - Exploring the Network Layer
Second Shell - Bonus Round
Credential Access on Windows Hosts - LSASS
Credential Access on Windows Hosts - File Shares
Credential Access on Windows Hosts - Kerberoasting
Credential Access on Windows Hosts - DCSync
Lateral Movement in Windows Environments - WMIExec
Lateral Movement in Windows Environments - PSExec
Discovery/Recon Detection on Windows Hosts
Profiling Rundll32 Executions on Windows Hosts
LOLBAS / LOLBINs
Active Directory Certificate Services
Authentication Anomalies on Windows Hosts - The Classic Brute Force
Authentication Anomalies on Windows Hosts - The Kerberos Approach
Credential Access on Linux Hosts - The Shadow File
Credential Access on Linux Hosts - Through a C2 Framework
Lateral Movement on Linux Hosts - Interactive Bash Prompts
Web Shell Detections on Linux Hosts
Kubernetes Threat Detection - Dipping our Toes
Kubernetes Threat Detection - The Host Layer
Kubernetes Threat Detection - The Host Layer - Enumeration
Kubernetes Threat Detection - Tunneling & Exposed Services
Kubernetes Goat ๐
Kubernetes Threat Detection - Poisoned Pod
Azure - Password Sprays
Azure - MFA Madness
Azure - Wrangling Applications
[Legacy] - Azure - Bad to the Bone
[Updated] - Azure - Bad to the Bone
Azure - AzureHound
Azure/Entra Session Hijacking via Browser Cookie Theft ๐ช
Azure Session Hijack via HAR File
AWS - Account Set Up and CLI Access
AWS - CloudTrail - IAM User Creation
AWS - CloudTrail - IAM User Enumeration
AWS - CloudTrail - Pacu - IAM Brute Force
AWS - CloudTrail - Pacu - S3 Bucket Exfil
Adding a bit of Purple
Endpoint Analysis with Hayabusa and Langchain
Kerberos Attacks & Defenses - Pass the Ticket
Kerberos Attacks & Defenses - Golden Ticket
Web Sockets & .NET Assemblies
DPAPI at the Host and Network Layer
Purple Teaming Memory Forensics with MemProcFS
Lab Executions - Splunk
[Splunk] - Getting to Know Ourselves
[Splunk] - Our First Shell
[Splunk] First Shell - Detection 1
[Splunk] - First Shell - Detection 2
[Splunk] - Our Second Shell - Exploring the Network Layer
[Splunk] - Second Shell - Bonus Round
[Splunk] - Credential Access on Windows Hosts - LSASS
[Splunk] - Credential Access on Windows Hosts - File Shares
[Splunk] - Credential Access on Windows Hosts - Kerberoasting
[Splunk] - Credential Access on Windows Hosts - DCSync
[Splunk] - Lateral Movement in Windows Environments - WMIExec
[Splunk] - Lateral Movement in Windows Environments - PSExec
[Splunk] - Discovery/Recon Detection on Windows Hosts
[Splunk] - Profiling Rundll32 Executions on Windows Hosts
[Splunk] - LOLBAS / LOLBINs
[Splunk] - Active Directory Certificate Services
[Splunk] - Authentication Anomalies on Windows Hosts - The Classic Brute Force
[Splunk] - Authentication Anomalies on Windows Hosts - The Kerberos Approach
[Splunk] - Credential Access on Linux Hosts - The Shadow File
[Splunk] - Credential Access on Linux Hosts - Through a C2 Framework
[Splunk] - Lateral Movement on Linux Hosts - Interactive Bash Prompts
[Splunk] - Web Shell Detections on Linux Hosts
[Splunk] - Kubernetes Threat Detection - Dipping our Toes
[Splunk] - Kubernetes Threat Detection - The Host Layer
[Splunk] - Kubernetes Threat Detection - The Host Layer - Enumeration
[Splunk] - Kubernetes Threat Detection - Tunneling & Exposed Services
[Splunk] - Kubernetes Goat ๐
[Splunk] - Kubernetes Threat Detection - Poisoned Pod
[Splunk] - Azure - Password Sprays
[Splunk] - Azure - MFA Madness
[Splunk] - Azure - Wrangling Applications
[Legacy] - Azure - Bad to the Bone
[Updated] - Azure - Bad to the Bone
[Splunk] - Azure - AzureHound
[Splunk] - Azure/Entra Session Hijacking via Browser Cookie Theft ๐ช
[Splunk] - Azure Session Hijack via HAR File
[Splunk] - AWS - Account Set Up and CLI Access
[Splunk] - AWS - CloudTrail - IAM User Creation
[Splunk] - AWS - CloudTrail - IAM User Enumeration
[Splunk] - AWS - CloudTrail - Pacu - IAM Brute Force
[Splunk] - AWS - CloudTrail - Pacu - S3 Bucket Exfil
[Splunk] - Adding a bit of Purple
[Splunk] - Endpoint Analysis with Hayabusa and Langchain
[Splunk] - Kerberos Attacks & Defenses - Pass the Ticket
[Splunk] - Kerberos Attacks & Defenses - Golden Ticket
[Splunk] - Web Sockets & .NET Assemblies
[Splunk] - Purple Teaming Memory Forensics with MemProcFS
Saying Goodbye ๐
Outro
Lesson unavailable
Please
login to your account
or
buy the course
.