We’re getting closer to Black Hat USA 2019, whose program is loaded with scores of research briefings and training courses. For attendees, it’s always a challenge to decide which ones to put on their schedule — and which ones to leave out.

To help with this task, we’re recommending a Black Hat USA 2019 session every week. Adding to our top recommended sessions, here’s our third choice: Windows Enterprise Incident Response.

This course teaches how to do triage on a potentially compromised system, uncover attack evidence, recognize persistence mechanisms, and more. Key takeaways include learning incident response principles, and scaling analysis to an enterprise environment.

The instructors are Mandiant consultants Austin Baker and Julian Pileggi, who have expertise in digital forensics, incident response, proactive security and threat hunting. The course is intended for people with backgrounds in forensic analysis, pen testing, security architecture, sysadmin, incident response and related areas.

Continue reading …