Provided by: Blue Cape Security, LLC
Instructor: *Markus Schober - Founder*
đź“ŤÂ Virtual or On-site
This three-day advanced workshop is designed to immerse participants in a full end-to-end Digital Forensics and Incident Response (DFIR) investigation of a realistic multi-system ransomware attack — and extend that experience into advanced practice scenarios featuring adversary tradecraft commonly seen in enterprise intrusions.
Over the first two days, attendees will work through a guided DFIR investigation of a ransomware incident, according to 301 DFIR course, applying structured methodologies for incident triage, forensic artifact analysis, timeline creation, and threat hunting across compromised hosts and network telemetry.
The third day introduces an advanced investigation phase drawn from the IR300 Labs, where participants will analyze additional APT-style scenarios featuring modern adversary TTPs such as reverse SSH tunnels and RDP pivoting, stealthy in-memory reflection attacks, Kerberoasting and credential dumping, data exfiltration analysis, privilege escalation, BYOVD exploits, and more.
By the end of this workshop, participants will have developed the expertise to perform and lead large-scale enterprise investigations from initial detection to full incident reconstruction — ready to handle sophisticated ransomware and APT threats with confidence.
This workshop is designed for intermediate to advanced security professionals involved in SOC monitoring, incident response, forensics, and enterprise IT security.