Crownless Shield – A Deep Dive into Modern Defensive Operations Description The escalating threats posed by hackers necessitate that businesses allocate substantial time and resources to fortify their defenses against the harm inflicted by these attackers. However, a significant majority of companies find themselves lacking a comprehensive understanding of critical concepts and thought processes that are essential before, during, and after an attack, not to mention the necessary cybersecurity measures. In response to this challenge, our course adopts the perspective of the blue team to comprehensively explore the essential concepts and techniques they require. The curriculum is anticipated to cover areas such as identifyication, detection engineering, detection operation, incident response, digital forensics, malware analysis, and threat monitoring. Its objective is to equip participants with the necessary knowledge and skills for their day-to-day operations, integrating theoretical understanding with practical application. By the conclusion of the course, participants will have acquired valuable insights and skills pertinent to blue team operations, thereby enhancing the cybersecurity defenses of their organizations. - Introduction to the Blue Team (~30mins) o What is the Blue Team? o Overview of Blue Team Composition and Capability Requirements - Analysis of Open-Source Intelligence (OSINT) Application (~35mins) o What is Open-Source Intelligence (OSINT)? o How Blue Team use OSINT? o OSINT Resource Overview o OSINT Lab (Hands on Labs) - Cybersecurity Threat Detection - Endpoint and Network o Introduction to SOC and SIEM (~5mins) o Threat Intelligence Overview (~10 mins) o Threat Detection Engineering and Analysis (~2.5 hrs)  Introduction to Detection Engineering  Detection Engineering on System Binary Proxy Execution (Hands on Labs)  Detection Engineering on Credential Dumping (Hands on Labs) o Network Threats Detection and Analysis (~2.5hrs)  Deep dive into Wireshark (Hands on Labs)  Network Threat Detection Operation via Intrusion Prevention System (IPS) (Hands on Labs)  Detect Network Vulnerability Attack (Hands on Labs)  Detect C2 Traffic (Hands on Labs) o Endpoint Threat Detection and Analysis (~2.5 hrs)  Introduction to Endpoint Detection Mechanism (Hands on Labs)  Build SIEM and endpoint detection with Wazuh (Hands on Labs)  Enhanced Endpoint Telemetry Collection – Sysmon (Hands on Labs) - Practical Cybersecurity Incident Response and Digital Forensics o Introduction to Incident Response (~20mins) o Introduction to Digital Forensics (~20mins) o Introduction and Exercise of Forensics Tool (Hands on Labs) o Windows Digital Forensics (~2hrs)  Windows Disk Related Artifact Analysis (Hands on Labs)  Windows Memory Related Artifact Analysis (Hands on Labs)  Windows Event Log Analysis (Hands on Labs) o Linux and Other Digital Forensics (~1.5hrs)  Linux Memory Forensics Related Artifact Analysis (Hands on Labs)  Application Log Analysis (Hands on Labs) - Practical Malware Analysis o Introduction to Malware Analysis and Tools (~10mins) o Static Analysis Techniques (~15mins) o Behavior Analysis Techniques (~15mins) o Manual Code Analysis Techniques with IDAPro, OllyDbg or x32/x64dbg (~20mins) o Real-World Malware Analysis (Hands on Labs) (~2hrs)