Innovation

Expert Training
TRAINING CATALOG
Advanced Services
FY – 19 TRAINING, OFFERING AND COURSE OVERVIEW
www.obscuritylabs.com
 Innovation
FY-19 TRAINING CATALOG

Expert Training
Advanced Services
www.obscuritylabs.com

Our Training Courses are Built,

Different.
As veteran members of both the Information Technology and Cyber Security fields we recognized many of the issues
with training and certifications that plagues both communities.

Courses That Lack

Overpriced Individual Inadequacy of Annual Fees,
Hands on
Training Courses Course Depth vs Length & CPE’s
Reinforcement

Our Training Courses are Built Around,

Training Philosophy

“Since Red Team Operations take place in
phases, it only made sense for us to offer our
courses broken down by the various phases.”
As veteran members of both the Information Technology and
Cyber Security fields we recognized many of the issues with
training and certifications that plagues both communities. After
conducting in-depth research and drawing from our own
personal experiences we identified certain issues that were
present across the board:
Overpriced Individual Training Courses
Courses with too broad of a scope for the course
length
Annual Fees, & CPE’s
Poorly designed courses or courses that didn’t
thoroughly teach specific topics

To address these issues, we decided to create courses that

thoroughly teach individual concepts from beginning to end,
maintain a more than adequate course length, minimize the
costs, eliminated CPE’s, & Annual Fees.

ADDRESS: 44927 GEORGE WASHINGTON

PHONE: +1 (800) 757-1644
BLVD, ASHBURN, VA 20147
OBSCURITY LABS LLC ©
Table of Contents
SIT ™ - SOC IMMERSION TRAINING™ .................................................................................................. 3
Course Summary ........................................................................................................................................... 3
Course Core Objectives ................................................................................................................................. 3
SIT will teach you to: ..................................................................................................................................... 3
Attack TCCs: .................................................................................................................................................. 3
Hands-on laboratory exercises: ..................................................................................................................... 4
The following tools will be used during this course: ...................................................................................... 4
SIT-HIA-1 ™ - SOC IMMERSION TRAINING – HOST INTRUSION ANALYST 1 ™ ....................................... 5
Course Summary ........................................................................................................................................... 5
Course Core Objectives ................................................................................................................................. 5
SIT-HIA-1 will teach you to: ........................................................................................................................... 5
This course will involve hands-on laboratory exercises that involve the latest Microsoft technologies: ......... 6
The following tools will be used during this course: ...................................................................................... 6
SIT-HIA-2 ™ - SOC IMMERSION TRAINING – HOST INTRUSION ANALYST 2 ™ ....................................... 7
Course Summary ........................................................................................................................................... 7
Course Core Objectives ................................................................................................................................. 7
Host Intrusion Analyst – 2 will teach you to:.................................................................................................. 7
This course will involve hands-on laboratory exercises that involve the latest Linux technologies: ................ 8
The following tools will be used during this course: ...................................................................................... 8
SAT - SOC ANALYST FOUNDATION ...................................................................................................... 9
Course Summary ........................................................................................................................................... 9
Course Core Objectives ................................................................................................................................. 9
SOC Analyst Foundation will teach you to: .................................................................................................... 9
CWLC - CYBER WARFARE LEADERSHIP CRS ....................................................................................... 10
Course Summary ......................................................................................................................................... 10
Course Core Objectives ............................................................................................................................... 10

ADDRESS: 44927 GEORGE WASHINGTON

PHONE: +1 (800) 757-1644
BLVD, ASHBURN, VA 20147
OBSCURITY LABS LLC ©
 SIT ™ - SOC IMMERSION TRAINING™
SOC IMMERSION TRAINING

Course Summary
SOC Immersion Training is a deep dive into Hunt Teaming & SIT™ (SOC IMMERSION TRAINING)
Intrusion Analysis. Actions taken by an adversary can be generally COURSE ABREVIATION: SIT
defined as a collection of TTPs and Tradecraft Core Concept (TCCs) COURSE LENGTH: 5 Days
to achieve specific objectives. SOC Immersion Training will deep COURSE CATEGORY: A&R
dive into the analysis and detection of both threat actor TTPs and COURSE LEVEL: Intermediate
TCCs. This course will identify and explain the critical data points PRICE PER STUDENT $5250.00
that drive the creation of the forensic artifacts necessary for
analysis of TTPs & TCCs. COURSE DIFFERENTIATORS
Cyber Range: Custom range with
Course Core Objectives complete coverage into each of the
SOC Immersion Training is designed for Intermediate level cyber key data points required to provide
security and/or hunt team analysts to increase their functional each student with access to a range
knowledge of analytical thinking & analysis concepts. By using representative of an enterprise
demonstrated real-world attack methodologies in a step by step security stack.
manor, SIT provides analysts with an in-depth understanding of Lab Driven: Course focused around
how to analyze attack TTPs, and the ability to construct complex labs, providing short blocks of
IOCs derived from environment specific threats and constraints. instruction followed by instructor led
SOC Immersion Training will accomplish these course goals by demonstrations, then a student lab
providing labs taught from an attack specific perspective, coupled Tangible Metrics: Students will be
with well-designed detection & analysis capabilities to produce able to decrease their mean time to
forensic evidence from multiple emulated advanced adversary detection and show improvements
attacks. by determining the difference
between their pre & post course
SIT will teach you to: statistics
Layered Analysis Methodology Personnel: Each course will be taught
Understand capabilities & analysis instead of any with an active Red Team and Blue
particular tool Team SMEs
Understand and create hard Indicators of
Compromise (IOCs) for detection
Identify artifact and evidence locations to answer STUDENT PRE-REQ
critical questions, including application execution, MATERIALS
file access, data theft, external device usage, cloud Student will bring a laptop and
services, geolocation, file download, anti-forensics, charger
and detailed system usage Student will need a modern Linux,
OSX or Windows host
Attack TCCs: Student will NOT need
virtualization it will be supplied
Initial Access Privilege Escalation SUGGESTED KNOWLEDGE
o HTAs o Powerup Entry level of Windows IT
o Microsoft Office Abuse o Remote Privilege principles
Persistence Escalation Entry level of Linux IT principles
o Registry Abuse o Local Exploitation
o Service Abuse Lateral Movement
o GPO Abuse PsExec
o WMI Subscriptions WMI-PowerShell
WMI-Subscriptions
ADDRESS: 44927 GEORGE WASHINGTON
PHONE: +1 (800) 757-1644
BLVD, ASHBURN, VA 20147
OBSCURITY LABS LLC ©
Hands-on laboratory exercises: The following tools will be used during this
Windows 7 course:
Windows 8/8.1 SecurityOnion
Windows 10 Sysinternals Suite
SharePoint OSSEC/Wazuh
Exchange, Outlook Winlogbeat
Windows File Structures Auditbeat
Application File Structures Filebeat
Windows Registry Essentials ELK
Identifying Suspect Files Redline
Sensor Tuning Memoryze
Memory Analysis Sysmon
Infection Vectors Netsniff-NG
Malware Behaviors and Anti-Forensics Bro
Hard & Soft IOCs Suricata
Tcpdump

ADDRESS: 44927 GEORGE WASHINGTON

PHONE: +1 (800) 757-1644
BLVD, ASHBURN, VA 20147
OBSCURITY LABS LLC ©
 SIT-HIA-1 ™ - SOC IMMERSION TRAINING – HOST INTRUSION ANALYST 1 ™
SOC IMMERSION TRAINING

Course Summary
Host Intrusion Analyst – 1 is a deep dive into Microsoft Windows SIT™ (SOC IMMERSION TRAINING)
Host analysis. This course is designed for Junior to Intermediate COURSE ABREVIATION: SIT-HIA-1
level cyber security analysts to increase their functional knowledge COURSE LENGTH: 5 Days
of analyzing Windows hosts for evidence of potential compromise COURSE CATEGORY: A&R
and analyzing potential infection vectors. SIT-HIA-1 uses an
approach similar to SOC Immersion Training by using COURSE LABS
demonstrated real-world attack methodologies in a step by step Cyber Range: Custom range with
manor to provide an in-depth understanding of analyzing attack complete coverage into each of the
TTPs. key data points required to provide
each student with access to a range
Course Core Objectives representative of an enterprise
When analyzing an alert, it is important to follow a methodology security stack.
that encourages analytical thought which then enables the Lab Driven: Course focused around
analysts to draw conclusions that transcends alerts generated by labs, providing short blocks of
tools. This course is not a tools course, but a course that focuses instruction followed by instructor led
on teaching proper analysis techniques for advanced adversary demonstrations, then a student lab
threat detection! Tangible Metrics: Students will be
Deep dive into our developed Layered Analysis able to decrease their mean time to
Methodology detection and show improvements
Understanding environmental capabilities by determining the difference
Understanding primary artifacts for developing hard & between their pre & post course
soft IOC’s statistics
Mapping and tactical analysis of our TCC™ (Trade Craft Personnel: Each course will be taught
Core Concepts) for each phase of the attack lifecycle with an active Red Team and Blue
Team SMEs
SIT-HIA-1 will teach you to:
Conduct in-depth forensic analysis of Windows operating
systems and media exploitation focusing on Windows 7, STUDENT PRE-REQ
Windows 8/8.1, Windows 10, and Windows Server MATERIALS
2008/2012/2016 Student will bring a laptop and
Identify artifact and evidence locations to answer critical charger
questions, including application execution, file access, Student will need a modern Linux,
data theft, external device usage, cloud services, OSX or Windows host
geolocation, file download, anti-forensics, and detailed Student will NOT need
system usage virtualization it will be supplied
Focus your capabilities on analysis instead of on how to SUGGESTED KNOWLEDGE
use a particular tool Entry level of Windows IT
Layered Analysis Methodology principles
Extract critical answers and build an in-house forensic Entry level of Linux IT principles
capability via a variety of free, open-source tools
Develop analysis skills to better comprehend, synthesize,
and leverage complex scenarios
Identify and create intelligence requirements for IOC’s
through practices such as threat modeling
Create Indicators of Compromise (IOCs) in formats such
as YARA, OpenIOC, and STIX
ADDRESS: 44927 GEORGE WASHINGTON
PHONE: +1 (800) 757-1644
BLVD, ASHBURN, VA 20147
OBSCURITY LABS LLC ©
This course will involve hands-on laboratory The following tools will be used during this
exercises that involve the latest Microsoft course:
technologies: Sysinternals Suite
Windows 7 OSSEC/Wazuh
Windows 8/8.1 Winlogbeat
Windows 10 Auditbeat
SharePoint Filebeat
Exchange, Outlook ELK
Windows File Structures Redline
Application File Structures Memoryze
Windows Registry Essentials Sysmon
Identifying Suspect Files Regshot
Sensor Tuning ProcessExplorer
Memory Analysis
Infection Vectors
Malware Behaviors and Anti-Forensics
Hard & Soft IOCs

ADDRESS: 44927 GEORGE WASHINGTON

PHONE: +1 (800) 757-1644
BLVD, ASHBURN, VA 20147
OBSCURITY LABS LLC ©
 SIT-HIA-2 ™ - SOC IMMERSION TRAINING – HOST INTRUSION ANALYST 2 ™
SOC IMMERSION TRAINING

Course Summary
Host Intrusion Analyst – 2 is a deep dive into Linux Host analysis. SIT™ (SOC IMMERSION TRAINING)
This course is designed for Junior to Intermediate level cyber COURSE ABREVIATION: SIT-HIA-2
security analysts to increase their functional knowledge of COURSE LENGTH: 5 Days
analyzing Linux hosts for evidence of potential compromise and COURSE CATEGORY: A&R
analyzing potential infection vectors. SIT-HIA-2 uses an approach
similar to SOC Immersion Training by using demonstrated real- COURSE LABS
world attack methodologies in a step by step manor to provide an Cyber Range: Custom range with
in-depth understanding of analyzing attack TTPs. complete coverage into each of the
key data points required to provide
Course Core Objectives each student with access to a range
When analyzing an alert, it is important to follow a methodology representative of an enterprise
that encourages analytical thought which then enables the security stack.
analysts to draw conclusions that transcends alerts generated by Lab Driven: Course focused around
tools. This course is not a tools course, but a course that focuses labs, providing short blocks of
on teaching proper analysis techniques for advanced adversary instruction followed by instructor led
threat detection! demonstrations, then a student lab
Deep dive into our developed Layered Analysis Tangible Metrics: Students will be
Methodology able to decrease their mean time to
Understanding environmental capabilities detection and show improvements
Understanding primary artifacts for developing hard & by determining the difference
soft IOC’s between their pre & post course
Mapping and tactical analysis of our TCC™ (Trade Craft statistics
Core Concepts) for each phase of the attack lifecycle Personnel: Each course will be taught
with an active Red Team and Blue
Host Intrusion Analyst – 2 will teach you to: Team SMEs
Conduct in-depth forensic analysis of Linux operating
systems, focusing on Ubuntu 16.04, Ubuntu 18.04,
CentOS 6.x, CentOS 7.x STUDENT PRE-REQ
Identify artifact and evidence locations to answer critical MATERIALS
questions, including application execution, file access, Student will bring a laptop and
data theft, external device usage, cloud services, charger
geolocation, file download, anti-forensics, and detailed Student will need a modern Linux,
system usage OSX or Windows host
Focus your capabilities on analysis instead of on how to Student will NOT need
use a particular tool virtualization it will be supplied
Layered Analysis Methodology SUGGESTED KNOWLEDGE
Extract critical answers and build an in-house forensic Entry level of Linux IT principles
capability via a variety of free, open-source tools
Develop analysis skills to better comprehend, synthesize,
and leverage complex scenarios
Identify and create intelligence requirements for IOC’s
through practices such as threat modeling
Create Indicators of Compromise (IOCs) in formats such
as YARA, OpenIOC, and STI

ADDRESS: 44927 GEORGE WASHINGTON

PHONE: +1 (800) 757-1644
BLVD, ASHBURN, VA 20147
OBSCURITY LABS LLC ©
This course will involve hands-on laboratory The following tools will be used during this
exercises that involve the latest Linux course:
technologies: Mobius Forensic Toolkit
Ubuntu 16.04-18.04 Autopsy
CentOS 6.x – 7.x Radare
NGINX OSSEC/Wazuh
Apache Auditbeat
Chroot() Filebeat
Linux Filesystem Structures ELK
Journaling file system Redline
ELF File Structures Memoryze
Linux Essentials
Identifying File tampering & Suspect Files
Sensor Tuning
System Logs
Memory Analysis
Timeline Analysis
Attack / Infection Vectors
Exif Data
Malware Behaviors and Anti-Forensics
Linux Rootkits
Hard & Soft IOCs

ADDRESS: 44927 GEORGE WASHINGTON

PHONE: +1 (800) 757-1644
BLVD, ASHBURN, VA 20147
OBSCURITY LABS LLC ©
 SAT - SOC ANALYST FOUNDATION
SOC ANALYST FOUNDATION

Course Summary
SOC Analyst Foundation is an introduction into the core SAT ( SOC ANALYST FOUNDATION)
competencies vital for SOC analysts. This course focuses on the COURSE ABREVIATION: SAT
knowledge and tools necessary to identify modern threat actor COURSE LENGTH: 5 Days
TTPs and Tradecraft Core Concept (TCCs). SOC Analyst Foundation COURSE CATEGORY: A&R
is ideal for novice SOC analysts & will provide the fundamentals COURSE LEVEL: Level 1
necessary for identifying indicators of compromise, containing an PRICE PER STUDENT $4250.00
active intrusion, and remediating the incident. This course will
identify and explain the critical data points that drive the creation COURSE DIFFERENTIATORS
of the forensic artifacts necessary for analysis of TTPs & TCCs. Cyber Range: Custom range with
complete coverage into each of the
Course Core Objectives key data points required to provide
SOC Analyst Foundation is designed for entry level cyber security each student with access to a range
and hunt team analysts to establish & increase their functional representative of an enterprise
knowledge of cyber security related analytical thinking & analysis security stack.
concepts. This course will benefit an analyst greatly by outlining Lab Driven: Course focused around
the key capabilities necessary for a successful SOC, & the labs, providing short blocks of
techniques required by the analyst to leverage those instruction followed by instructor led
capabilities. By using demonstrated real-world attack tradecraft, demonstrations, then a student lab
SOC Analyst Foundation provides analysts with an in-depth Tangible Metrics: Students will be
understanding of how to analyze attack tradecraft, and the ability able to decrease their mean time to
to construct IOCs derived from environment specific threats and detection and show improvements
constraints. SOC Analyst Foundation will accomplish these course by determining the difference
goals by providing labs taught from an attack specific perspective, between their pre & post course
coupled with well-designed detection & analysis capabilities to statistics
Personnel: Each course will be taught
produce forensic evidence from emulated advanced adversary
with an active Red Team and Blue
tradecraft.
Team SMEs
SOC Analyst Foundation will teach you to:
Intro to critical portions of the Layered Analysis
Methodology STUDENT PRE-REQ
Common security tooling MATERIALS
Effective Security Management principles Student will bring a laptop and
IR and A&R functional requirements charger
Alerting and event management Student will need a modern Linux,
Understanding a role vulnerability programs play in a OSX or Windows host
SOC Student will NOT need
Introduction of reactive capabilities supporting virtualization it will be supplied
modern SOCs SUGGESTED KNOWLEDGE
Leveraging vulnerability Assessments None, some basic IT skill is
recommended

ADDRESS: 44927 GEORGE WASHINGTON

PHONE: +1 (800) 757-1644
BLVD, ASHBURN, VA 20147
OBSCURITY LABS LLC ©
 CWLC - CYBER WARFARE LEADERSHIP CRS
CYBER WARFARE LEADERSHIP COURSE

Course Summary
Many components of military operations rely on cyberspace, SAT ( SOC ANALYST FOUNDATION)
which includes the Internet, telecommunications networks, COURSE ABREVIATION: CWLC
computer systems, and embedded processors and controllers. The COURSE LENGTH: 5 Days
Cyber Warfare Leadership course is a deep dive into the COURSE CATEGORY: Leadership
fundamentals of cyberspace operations. This course is designed COURSE LEVEL: Level 2
for junior to intermediate cyber leaders, however it also provides PRICE PER STUDENT $5250.00
a basic understanding for senior leaders that desire to learn how
they can utilize cyberspace actions in and through the cyber COURSE DIFFERENTIATORS
domain to achieve their objectives. EXERCISE SCENARIO DRIVEN: Each
student will be engaged with
Course Core Objectives scenarios requiring hasty decision
Making decisions within cyberspace can be tough. It requires a making within the cyber domain.
thorough understanding of multiple components of military TANGIBLE METRICS: Students will be
strategy and a basic understanding of the technical components of better prepared to plan and execute
both defensive and offensive cyber operations. This course will cyber missions as cyber leaders.
bring you up to speed with the latest military doctrine from the PERSONNEL: Each course will be
United States Joint Chiefs of Staff as well as other United States taught by former United States
Department of Defense (DoD) doctrine, concepts, and processes military senior multidisciplinary
that will enable you to make better informed decisions. This course (leadership and technical) subject
will also introduce the characteristics and requirements of a leader matter experts.
responsible for a team of cyber operators.
The Cyber Warfare Leadership Course will familiarize STUDENT PRE-REQ
MATERIALS
the student with:
Student will bring a laptop and
Leadership in Battle
Cyberspace as a Domain of Warfare
charger
Offensive and Defensive Cyberspace Operations Student will need a modern Linux,
(OCO/DCO) OSX or Windows host
Information Operations (IO) SUGGESTED KNOWLEDGE
Entry level understanding of military
Cyber Threat Intelligence within Cyberspace
operations
Operations
Entry level understanding of cyber
Denial and Deception in Cyberspace
technologies and processes
Planning within Cyberspace Operations
Targeting in Cyberspace
Legal Considerations in Cyberspace
Command and Control of Cyberspace Forces
Synchronization of Cyberspace Operations

ADDRESS: 44927 GEORGE WASHINGTON

PHONE: +1 (800) 757-1644
BLVD, ASHBURN, VA 20147
OBSCURITY LABS LLC ©