BlogHow to spot and defend against adversaries’ movements in your network

How to spot and defend against adversaries’ movements in your network

How to spot and defend against adversaries’ movements in your network 1

Dátum: 6 – 7. OKTÓBER 2020
Miesto konania: Ponteo Activity Park, Rusovce
Trvanie: 2 x 8 hodín (9am – 5pm)
Počet účastníkov: max. 20
Jazyk workshopu: slovenský

Lukáš Ciasnoha | CSIRT Team Lead | NN Group
Juraj Přibyl | Security Operation Center Manager | NN Group


  • Early bird: 1530,- Eur bez DPH (do 14. augusta 2020)
  • Regular price: 1710,- Eur bez DPH (od 15. augusta 2020)

Komu je workshop určený: Security manager, Chief security analyst, Security Operator, Security Specialist, Security Analyst
Požiadavky: Working laptop with 60GB of free space, local administrator rights and ability to start VirtualBox or Vmware.

Once the attacker infiltrates the network they have various goals and targets. An attack can be initiated by phishing or an attacker can simply use social engineering techniques and gain user credentials. Having stolen credentials is a small step to become a domain admin. In a situation like this where no exploit is used, and valid credentials play a primary role in the initial phase of attack, SOC has a hard time to distinguish from normal traffic. With legit credentials, attackers can and will move laterally. During the attack “credential dance” will be used as that is a common pattern how to move laterally.

In this training we will focus on detections of these movements and techniques. We will use Bloodhound to detect possible movement paths. And we will use this knowledge to improve our detection patterns. This training is 90% blue team and 10% red team and 80% technical where time will be spent in the lab. After this training you will have knowledge how to detect an attacker sneakily moving through the company systems.

Chcem sa registrovať

Lukáš Ciasnoha

Lukáš Ciasnoha has been working in the field of IT security for almost 15 years. He held the position of security administrator for the first eBook CZ platform, position of Security Architect in the Accenture consultancy company where the majority of time was spent on project for the financial sector in the biggest EU bank. Since 2015, he has held the position of Chief Security Analyst for the NN group where he recently moved to the CSIRT unit.

In 5 years, with his 18-member International team, he has managed to improve SocOperations from compliance centric SOC to “real security” SOC. Recently was part of a big migration project where new SIEM was implemented and ATT&CK was the main tool for security use cases migration

Juraj Přibyl

Juraj Pribyl has been working in the field of IT security for almost 13 years. He held the position of Information Security Specialist in Slovak Telekom Group, since 2010 he has worked in the position of CISO in the financial and banking sector in the Czech Republic and later as CISO he was responsible for the entire CEE region. Since 2015, he has held the leading position of SOC manager for the NN group.

In 5 years, with his almost 35-member International team, he has managed to build a global SOC in Prague on a green field, which takes care of the security of 12 countries around the world and is one of the largest in-house SOCs in our region.

Chcem sa registrovať

Dobrý článok? Chceš dostávať ďalšie?

Už viac ako 6 200 ITečkárov dostáva správy e-mailom. Nemusíš sa báť, nie každé ráno. Len občasne.

Súhlasím so spracovaním mojich osobných údajov. ( Viac informácií. )

Tvoj email neposkytneme 3tím stranám. Posielame naňho len informácie z Kedykoľvek sa môžeš odhlásiť.

Som admin portálu Mám rád svoju prácu. Som tu preto, aby som Vám pomohol zodpovedať Vaše otázky k

Čítaj ďalej: