Network Defense Range (NDR) Returning to BlackHat 2020

We're thrilled to be accepted back to BlackHat to run our live-fire Network Defense Range (NDR) course again this year! We received overwhelmingly positive feedback from last year's attendees and we have even bigger plans this year.

What is NDR?

NDR is a one-of-a-kind training platform that enables SOC analysts, threat hunters, and incident responders to go toe-to-toe with advanced adversaries in a low-stakes/zero-risk environment. We pride ourselves in the high-fidelity nature of our simulated environment from the organic traffic generation down to the simulated users on workstations carrying out their day-to-day tasks.

Matt Bromiley and Eric Capuano leading NDR: Crucible @ BlackHat 2019

Amidst the noise of this busy enterprise network, sophisticated adversaries are doing what they do best, finding and exploiting weaknesses in the armor of this fictitious corporation. We go to great lengths to make these attacks comprehensively realistic to todays most prolific threats. It is up to participants to identify the initial intrusion vector and follow the adversary through the environment to fully identify intentions as well as actions-on-objective.

WHAT DO STUDENTS SAY ABOUT NDR?
"Absolutely fantastic course.  Provides invaluable "live-fire" experience in incident response and threat hunting.  Far better than any previous training (I've) taken."
"Cannot recommend highly enough!"
"Best hunt/detection class ever!"
"Course pushes you to think and use newly acquired skills."
"Great 'hands-on' experience.  I love the fact that it is not 'death by powerpoint.' Instructors did a great job of mentoring and coaching through-out. Sharing real-world experience added to the course value. Lastly, the lab environment and recreating actual APT attacks was outstanding."
“Perfect!!”
“Best course I’ve attended.  Engaging, entertaining, and very educational.”
“One of the most entertaining/engaging courses done at Black Hat.  Technical training of top quality”

What's in store for BlackHat 2020?

This year, we have adapted the structure of the course to be more accessible to all skill levels. Instead of a single 4-day structure, we have broken it into two 2-day courses that will run back-to-back. The idea is that entry-level participants and those looking for a refresher on investigative methodology could attend the first half and those looking to dive straight into highly sophisticated scenarios based on recent threat actors could hit the ground running on the second 2-day event.

Our hope is that many will consider attending both events as they will build upon one another. We want to provide more flexibility to meet the needs of all students.

Day 1-2: Adversary Detection & Incident Response - Network Defense Range Essentials

Detecting and retracing the steps of today’s network attacker requires experience. Experience requires hands-on, response and hunting activities.

With Network Defense Range Essentials, you will spend two days gaining hands-on experience in analyzing and hunting for advanced threat actors. This class begins by establishing sound incident response best practices and teaching you the most effective ways to track and correlate threat actor activity. You will then put these practices and methodologies to work by hunting for advanced adversaries in our live enterprise network. You’ll be going toe-to-toe with some of the most prolific threat groups out there, all the while building your investigations, collecting indicators, and correlating activity across multiple systems.

Key Takeaways for Day 1-2:
  1. A foundation of EXPERIENCE with recognizing and understanding the tactics and techniques that are utilized by active threat groups and advanced adversaries around the globe.
  2. A foundation of EXPERIENCE with detecting and defending against these advanced techniques.
  3. A foundation EXPERIENCE with the real-world methodologies to build out investigative work flows and track incidents from initial indicator to final reporting.

Day 3-4: Adversary Detection & Incident Response - Network Defense Range Crucible


As a network defender, how do you keep your skills sharp?  Chances are your organization’s defenses are pretty good so you don’t go up against Advanced Persistent Threat actors very often.  Well, Network Defense Range Crucible is your opportunity.

Network Defense Range Crucible is almost entirely hands-on.  It includes a full enterprise network with all the trimmings: “users” generating email and web traffic, work stations, servers, firewalls, etc.  We also provide state-of-the-art digital forensics and incident response tools.  

Then we attack it with ultra-realistic simulations of current, active threat actors.  We emulate their tactics, techniques and procedures exceptionally closely, down to the IP addresses and hashes.

Key Takeaways for Day 3-4:
  1. More EXPERIENCE with recognizing and understanding the tactics and techniques that are utilized by active threat groups and advanced adversaries around the globe.
  2. More EXPERIENCE with detecting and defending against these advanced techniques.
  3. More EXPERIENCE with the real-world methodologies to build out investigative work flows and track incidents from initial indicator to final reporting.

Be sure to follow us on Twitter for more updates as we get closer to BlackHat 2020! Have questions? Email us at bh2020[@]reconinfosec.com

Update: BlackHat registration is now live!

Day 1-2: Adversary Detection & Incident Response - Network Defense Range Essentials

Day 3-4: Adversary Detection & Incident Response - Network Defense Range Crucible

Show Comments