Actionable Defense: Understanding Adversary Tactics

Ben Mauch


  • Ben Mauch
  • Actionable Defense: Understanding Adversary Tactics
  • $1,495
  • 2 Days
  • October 27-28
  • 8:30AM
  • Hands-On Zoom

Speaker Bio:

Ben Mauch
Team Lead, Defense & Countermeasures

Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies.

Education & Certifications
GIAC Certified Penetration Tester (GPEN)
Professional Affiliations

Board Member for Secure Chicago, LLC
Passion for Security
Ben has dedicated himself to the security industry for the past 15 years. He speaks at several conferences a year across the US and he has presented in Oslo, Norway. Ben is active in the security community by offering talks, training, and encouraging new people to get involved. Ben has released open source tools including The PoshSec Framework, HoneyCreds, and Not PowerShell (nps) which are designed to help organizations refine their security posture.

Actionable Defense: Understanding Adversary Tactics

Date: October 27-28, 2021
Location: Virtual

Join Ben Mauch and the TrustedSec Training Team, for our virtual two-day training course “Actionable Defense: Understanding Adversary Tactics.”


Most organizations struggle with understanding specific techniques and methodologies around attacks. This class is designed for both penetration testers and defenders in a unique blend of both offensive techniques and how to best defend against them. Each module is designed to demonstrate the latest attack vectors used to simulate attacks against organizations and most importantly how to write detection’s for them. This class focuses on the “purple team” approach which focuses on attacking and working on building detection’s based on the attacks applied. This is a completely immersive experience with a simulated corporate infrastructure that allows you to focus on identifying attack behavior within a corporate infrastructure. The students will be provided with everything they need to understand how to conduct attacks as well as how to best detect them in a large environment. This class will go through the tactics, techniques, and procedures (TTPs) of attacks while building knowledge around how to write rules that focus on the behavior exhibited from them in order to better refine detection’s within an organization.

Day 1 (Attack and Defense)

  • Introduction to Defense
  • Introduction to Linux
  • Discovery
  • Exfiltration
  • Responder
  • Kerberoast

Day 2 (Attack and Defense)

  • Password Cracking
  • Lateral Movement
  • Persistence
  • Getting DA
  • Secondary Attack Paths
  • Event Search with PowerShell
  • Paths of Least Resistance

Note: These topics are based on course pace based on student learning rates. Not all of these topics may be covered if the class is behind on topics and grasping concepts and understanding. We will make every attempt to cover all of these during the course.

Each module has a clear understanding of the attack and how the attack works as well as how to best effectively write detections for the attacks.

Learn from both offensive and defensive (red and blue) practitioners in the industry on the latest techniques and ways to defend/detect against attacks.

Utilize a simulated environment to practice your skills and learn in a controlled environment aimed at simulating attacks and defenses.

Improve your overall understanding in the ability to defend enterprises and learn the latest techniques around attack patterns.


Ability to understand advanced attacker techniques and directly write detections to identify them. Understand unusual behavior in an organization and identify threats earlier on. Structure your program to handle new threats that come at your organization.


This class is great for defenders and penetration testers looking to learn more about defense and offensive capabilities. Individuals that want to leave the course with direct actionable items they can directly apply in their day to day jobs.

  • Defenders
  • Penetration Testers
  • Beginners to Offense or Defense
  • Wanting to learn coding
  • Hunt Teams
  • Anyone looking to strengthen their offensive and detection capabilities.




Students should have an understanding of basic Linux commands and be able to navigate through Linux.


Students must have a laptop with VMWare/Fusion or similar (VirtualBox is not recommended) and ability to run multiple VMs.
The machine should have 40GB of free disk space available for the virtual machines.


Virtual machine infrastructure provided by TrustedSec, all course material including commands, slides, and walkthroughs.
Early registration pricing ends September 26, 2021.