Recon InfoSec
Contact Us
Recon InfoSec

Fighter Pilots Need Simulators.

So Do Security Operations Teams.

The Network Defense Range is hands-on, live-fire, scenario-based, experiential learning. It is a modern approach to security operations training that builds experience with investigative methodology and process, best of breed digital forensics and incident response tools, network defense and current Advanced Persistent Threat tactics / techniques / procedures.
Whole team training

NDR Trains Your Whole Team

If you are not training your entire team, you’re essentially not training your team. NDR shows teams how to take a structured approach to incident response. Plus it trains in effective team dynamics, such as delegation, communication, and documentation.
Building on fundamentals

NDR Builds on the Fundamentals

Ready for your team to have a solid incident response methodology? NDR is the solution you’ve been looking for. Plus it trains host and network forensics, as well as threat intelligence to enrich the indicators of compromise.
Experience development

NDR Develops Experience

Hands-on experience is a more effective teacher than a dry PowerPoint presentation. That’s why NDR delivers security ops experience to build security ops capability. No boring presentations, textbooks, or labs—just real incidents on a complex, simulated network.
Complete measuring

NDR Measures Everything

Do you know what your team is capable of? NDR can help assess what your individuals and teams can do, then provide custom training plans for the entire team. NDR documents each team member’s progress, and delivers constant feedback to training managers.

Get Started

Match Your Volume, Schedule, and Budget

Scheduled Live Online Courses

Essentials

Introductory Pricing

$2500

Essentials is a challenging, two-day course focused on developing solid security analysts and incident responders. In this course, we give students hands-on experience with significant threat groups and attacker techniques. Our live enterprise network offers individual analysts experience with systematic hunting in a complex environment.

Essentials builds upon foundational security and incident response understanding.  1 - 2 years SOC/IR experience, or participation with knowledgeable teammates, is highly recommended for this fast moving course.

See full description

Day 1 begins with an instructor-led introduction to basic threat hunting tools and methodologies. Students will gain experience detecting and scoping intrusions by gathering intelligence and classifying attacker activities leveraging the MITRE ATT&CK framework. The Day 1 intrusion scenario will focus on the most common attacker goals such as initial access, execution, persistence, and lateral movement. An instructor is present to guide students throughout the scenario and an end-of-day debrief will provide students an attacker and defender perspective of the intrusion.

Day 2 will focus on detection of combined, advanced adversary tactics such as those backed by nation-states, financially-motivated (FIN & Spiders), and disruptive/destructive groups. Students will gain experience with advanced post-compromise techniques for credential theft, data tampering/staging/exfiltration, custom malware, and more. An instructor is present to guide students throughout the scenario and an end-of-day debrief will provide students an attacker and defender perspective of the intrusion.

By the end of the NDR Essentials, students will have practiced detection capabilities, tools for incident tracking, collaboration and enrichment, and a new approach to hunt evil in their networks.

Register for Essentials:
M
T
W
T
F
November 16-17, 2020
M
T
W
T
F
Sept 26-27, 2022
2023 dates TBA

Operations

Introductory Pricing

$2500

Operations picks up where Essential leaves off with 2 range days that emphasize information security team dynamics. In this course, we give students hands-on experience operating as a team against significant threat groups and attacker techniques. Our live enterprise network enables students to hunt within a complex environment, coordinate as a team, and systematically assess efforts.

See full description

Day 1 begins with an instructor-led dive into some of the latest, more advanced threat hunting tools and methodologies; basic hunting concepts are assumed known at this point. The opening intrusion scenario will weave multiple adversary techniques together, emulating prolific threat groups, so students can hone their investigative skills combined with threat intelligence and investigation tracking. An instructor is present to guide students throughout the scenario and an end-of-day debrief will provide students an attacker and defender perspective of the intrusion.

Day 2 of Operations is an opportunity for students to utilize learned techniques and examine multi-faceted, enterprise-wide attacks. Our simulated "enterprise network" will be experiencing multiple simultaneous attacks which students need to detect, prioritize and investigate. This requires thorough data correlation and attack profiling by students - possibly in the face of additional ongoing attacks. This becomes the ultimate test of even the most seasoned defenders; can you rapidly respond to multiple real-time threats against the organization and piece together adversary attack chains based on pressing questions posed by stakeholders?

By the end of the NDR Operations, students will have significantly improved their incident response and tracking techniques. They will leave the course with improved team collaboration and enrichment, advanced detection capabilities, tools for incident tracking, and new approaches to hunt evil in their networks.

Register for Operations:
M
T
W
T
F
November 18-19, 2020
2023 dates TBA
M
T
W
T
F
Sept 28-29, 2022

Core

Introductory Pricing

$3510

Core is the 4 range day combination of Essentials and Operations. It is the most effective single week of security operations training available. Individual analysts or teams can begin with the foundations in Essentials and then seamlessly transition into more advanced, team focused training in Operations as a combined, progressive event.

Core builds upon foundational security and incident response understanding. 1 - 2 years SOC/IR experience, or participation with knowledgeable teammates, is highly recommended for this fast moving course.

See full description

NDR Core is the Essentials and Operations courses combined into a 4 day event. This course is perfect for beginners who want a foundation with threat groups and attacker techniques.

The majority of the course will be a blend of adversary hunting, investigative build-out, and interactive class dissections of observed activity. We will pause throughout the course to examine adversary activity and provide students a unique "behind-the-curtain" look at attack orchestration. This is a multi-fold approach: students without attack experience will gain an understanding of how attackers operate, advanced students can compare findings against the actual attack, and teams can more effectively coordinate to address the attacker's actions. We provide technical insight into vulnerabilities and weaknesses the attacker exploited and discuss defensive implementations. We also highlight and emphasize opportunities for increased coordination and communication within participating teams.

By the end of NDR Core, students will have a solid foundation for threat hunting and incident response and will have gained significantly improved incident response and tracking techniques. They will leave the course with advanced detection capabilities, tools for incident tracking, collaboration and enrichment, and a new approach to hunt evil in their networks.

Register for Core:
M
T
W
T
F
November 16-19, 2020
2023 dates TBA
M
T
W
T
F
Sept 26-29, 2022

Range Days

Introductory Pricing

$950

Range Days are to security analysts, incident responders, and threat hunters what flight simulators are to fighter pilots: the best way to build experience without catastrophic consequence. They are opportunities for hunters and their teams to grow their experience, stay current with the latest threat actors, and keep their security operations teams sharp.

* Intended for students who have previously participated in an Essentials, Operations, or Core course.

See full description

Range Days give students hands-on experience with significant threat groups and attacker techniques in an open, more autonomous format. Our live enterprise network enables students to hunt within a complex multi-user environment, coordinate as a team, and systematically assess efforts.

The day starts with a threat intelligence brief and/or a SOC alert to provide a starting point for students to begin hunting and responding to incidents throughout the environment. The rest of the day is a blend of adversary hunting, investigative build-out, and personal dissections of observed activity. 

Instructors are available for support and provide detailed after actions and assessment at the end of the day. This course is intended to be an "open play" style event, where students have an opportunity to gain individual experience hunting and exploring specific scenarios, in a self-directed format.

By the end of a NDR Range Day, students will have gained additional experience in specific components of threat hunting and incident response. They will leave the course with practiced detection capabilities, tools for incident tracking, collaboration and enrichment, and new approaches to hunt evil in their networks.

Range days are provided for students who have previously participated in an Essentials, Operations, or Core course.  If you have previously attended, or are attending one of these courses, and would like register for a range day, please contact us and we will provide you a registration link.

Register for Range Days:
2023 dates TBA
M
T
T
W
F
November 20, 2020
M
T
T
W
F
Sept 30, 2022
Contact Us to Register

Dedicated Engagements

For organizations that want to train more than 15 hunters at a time, we offer dedicated engagements. These events are tailored to your organization's training objectives, capabilities, attack profile and schedule.
Tailor an Engagement

Year-Round Training

Train your whole team for the whole year for what you used to spend to train a few people for a few days. Our digital forensics and incident response experts will work with you to craft a comprehensive training program, host range events that will build on each, meet the needs of each member of the team, provide assessment and feedback after each event, and document the team's progression.
Plan Your Training

Participants From Around the World Rave

About the Network Defense Range

  • "Absolutely fantastic course. Provides invaluable 'live-fire' experience in incident response and threat hunting. Far better than any previous training (I've) taken."

    - Black Hat Feedback Form

  • "Instructors did a great job of mentoring and coaching through-out. Sharing real-world experience added to the course value."

    - Essentials Student

  • “Fantastic training; I thoroughly enjoyed every second of all aspects of this training.”

    - US Military Student

  • “It was a great experience. I feel as if I have significantly improved as an operator because of it.”

    - DOD Student Feedback

  • “This training was great, the range is fantastic.”

    - US Cyber Warfare Operator

  • "Course pushes you to think and use newly acquired skills."

    - Black Hat Student

  • "Best hunt/detection class ever!"

    - Black Hat Feedback Form

  • "Cannot recommend highly enough!"

    - Operations Student

  • “Your cyber range is a feat of wonder, it's detailed, realistic, and fun.”

    - CISO, Health Care Organization

  • “This was an incredibly potent learning experience!”

    - Fortune 50 Incident Responder

  • “Best course I’ve attended. Engaging, entertaining, and very educational.”

    - Core Student

  • “For any leadership reading these, this is the kind of training we want.”

    - US Cyber Warfare Operator

image/svg+xml

Prepare to Address Threats to Your Enterprise
Learn More about NDR.

Network Defense Range is

Half the Cost and Twice the Value

Traditional Training Builds a Good Foundation

 

  • Great for beginners
  • Focused on knowledge
  • Emphasize PowerPoint and textbooks
  • Widely varying quality and price
Experience-Driven Enterprise Cybersecurity Training

Recon's Network Defense Range Builds Operational Excellence

  • Builds teams and organizational capability 
  • Focuses on experience
  • Hands-on, experiential learning 
  • Unmatched value
image/svg+xml
© 2023 Recon InfoSec, Inc. All rights reserved. | Terms of Use | Privacy Policy
Created with Open Source by Freehive