Defending Enterprises – 2021

£925.00 inc. VAT

New for 2021, in.Security’s immersive 2-day Defending Enterprises training is the natural counterpart to their popular Hacking Enterprises course.
From SIEM monitoring, alerting and threat hunting, you’ll play a SOC analyst in their cloud-based lab and try to rapidly locate IOA’s and IOC’s from an enterprise breach executed by the trainers.
You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises, creating your own queries to detect potential compromises and highlight interesting activity.



Out of stock

SKU: 44CON-2021-TRN-HE-1 Category: Tags: , , , ,

Live Online Training

Presented By: Will Hunt and Owen Shearing

The 2 day course will take place online on the

The price is £1,110 (inc VAT/£925 ex VAT).


Also included

We realise that training courses are limited for time and therefore students are also provided with the following:

  • Completion certificate
  • 14-day extended LAB access after the course finishes
  • Discord support channel access where our security consultants are available


  • MITRE ATT&CK framework
  • Defensive OSINT
  • Linux/Windows auditing and logging
  • Using Logstash as a data forwarder
  • Overview of the Kibana Query Language
  • Overview of the Kusto Query Language
  • Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC)
  • Detecting phishing attacks (Office macros, HTA’s and suspicious links)
  • Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)
  • Creating alerts/rules in Azure Sentinel
  • Detecting lateral movement within a network (WinRM, WMI, SMB, DCOM, MSSQL)
  • Detecting data exfiltration (HTTP/S, DNS, ICMP)
  • Detecting persistence activities (userland methods, WMI Event Subscriptions)
  • C2 Communications

Who Should Attend:

This training is suited to a variety of students, including:

  • SOC analysts
  • Security professionals
  • Penetration testers / Red Team operators
  • IT Support, administrative and network personnel

Prerequisite Knowledge:

  • Understanding of networking concepts
  • Previous SOC and/or pentesting experience is advantageous, but not required
  • Previous experience with the Kusto Query Language (KQL) is beneficial, but not required

Hardware / Software Requirements:

  • Students will need to have access to a laptop and their favourite browser!

Read more

About the instructors

Will Hunt

Will (@Stealthsploit) co-founded in 2018. Will’s been in infosec for over a decade and has helped secure many organisations through technical security services and training. Will’s delivered hacking courses globally at several conferences including Black Hat and has spoken at various conferences and events. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer.

Owen Shearing

Owen (@rebootuser) is a co-founder of, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events as well as Black Hat, Wild West Hackin’ Fest, NolaCon, 44CON and BruCON. He keeps projects at

Additional information


16-17 September 2021, 9-10 December 2021