Date/Time: April 3rd, 2026 10:00 am – 6:00 pm EDT
Location: Online
Cost: $295
Description: Complexity is the enemy of security. This is especially true in crisis. When responding to a cybersecurity incident, you need a simple, effective, repeatable plan.
In this course, we’ll discuss the three primary threat vectors, outline the two most important IR playbooks, and review the two most critical IT assets: identity and endpoint. Then we’ll roll up our sleeves and practice identity and endpoint investigations, including forensic-artifact selection and acquisition, rapid processing, and prioritized investigative workflow in the context of a real-world business compromise.
We’ll discuss Active Directory and M365 Identity; Windows; and Linux OS “attack surface;” and get hands-on experience performing rapid endpoint investigations using PowerShell, Velociraptor offline collector, KAPE, and csv/xlsx output analysis.
