SEC599 Defeating Advanced Adversaries GIAC Defending Advanced Threats (GDAT)


Price: 10.00 USD | Size: 2.38 GB | Duration : 14+  Hours |15 Video Lessons | PDF Guides




Price: 10.00 USD | Size: 2.38 GB | Duration : 14+  Hours |15 Video Lessons | PDF Guides



Defeating Advanced Adversaries GIAC Defending Advanced Threats (GDAT)

“Mastering Cyber Defense: A Guide to Defeating Advanced Adversaries with GIAC Defending Advanced Threats (GDAT)”


What You Will Learn

You just got hired to help our virtual organization “SYNCTECHLABS” build out a cyber security capability. On your first day, your manager tells you: “We looked at some recent cyber security trend reports and we feel like we’ve lost the plot. Advanced persistent threats, ransomware, denial of service… We’re not even sure where to start!”

Cyber threats are on the rise: ransomware tactics are affecting small, medium, and large enterprises alike, while state-sponsored adversaries are attempting to obtain access to your most precious crown jewels. SEC599: Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses will arm you with the knowledge and expertise you need to overcome today’s threats. Recognizing that a prevent-only strategy is not sufficient, we will introduce security controls aimed at stopping, detecting, and responding to your adversaries.

Course authors Stephen Sims and Erik Van Buggenhout (both certified as GIAC Security Experts) are hands-on practitioners who have built a deep understanding of how cyber attacks work through penetration testing and incident response. While teaching penetration testing courses, they were often asked the question: “How do I prevent or detect this type of attack?” Well, this is it! SEC599 gives students real-world examples of how to prevent attacks. The course features more than 20 labs plus a full-day Defend-the-Flag exercise during which students attempt to defend our virtual organization from different waves of attacks against its environment.

Our six-part journey will start off with an analysis of recent attacks through in-depth case studies. We will explain what types of attacks are occurring and introduce formal descriptions of adversary behavior such as the Cyber Kill Chain and the MITRE ATT&CK framework. In order to understand how attacks work, you will also compromise our virtual organization “SYNCTECHLABS” in section one exercises.

In sections two, three, four and five we will discuss how effective security controls can be implemented to prevent, detect, and respond to cyber attacks. The topics to be addressed include:


  • Leveraging MITRE ATT&CK as a “common language” in the organization
  • Building your own Cuckoo sandbox solution to analyze payloads
  • Developing effective group policies to improve script execution (including PowerShell, Windows Script Host, VBA, HTA, etc.)
  • Highlighting key bypass strategies for script controls (Unmanaged Powershell, AMSI bypasses, etc.)
  • Stopping 0-day exploits using ExploitGuard and application whitelisting
  • Highlighting key bypass strategies in application whitelisting (focus on AppLocker)
  • Detecting and preventing malware persistence
  • Leveraging the Elastic stack as a central log analysis solution
  • Detecting and preventing lateral movement through Sysmon, Windows event monitoring, and group policies
  • Blocking and detecting command and control through network traffic analysis
  • Leveraging threat intelligence to improve your security posture

SEC599 will finish with a bang. During the Defend-the-Flag challenge in the final course section, you will be pitted against advanced adversaries in an attempt to keep your network secure. Can you protect the environment against the different waves of attacks? The adversaries aren’t slowing down, so what are you waiting for?



GIAC Defending Advanced Threats

The GDAT certification is unique in how it covers both offensive and defensive security topics in-depth. GDAT-certified professionals have a thorough understanding of how persistent cyber adversaries operate and how the IT environment can be improved to better prevent, detect, and respond to incidents.


  • Advanced persistent threat models and methods
  • Detecting and preventing payload deliveries, exploitation, and post-exploitation activities
  • Using cyber deception to gain intelligence for threat hunting and incident response




  • Experience with Linux and Windows from the command line (including PowerShell)
  • Familiarity with Windows Active Directory concepts
  • A baseline understanding of cyber security topics
  • A solid understanding of TCP/IP and networking concepts


There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

You may also like…

    Your Cart
    Your cart is emptyReturn to Shop

    Add to cart