Threat Defense Workshop

On April 25th I was fortunate enough to participate in the Trend Micro Threat Defense workshop.

You’ll find a quick explanation of this event and some screenshots.

What is a Threat Defense Workshop?


At this workshop you will be working in teams with a scenario - a company is currently under attack. You are in charge of its protection. Live the adrenaline by defending the company from different attacks in real time whose objective is to steal the most important part of your business: Information. Be part of this experience and strengthen your security strategy, with the expert help. The aim is to win the Threat Defense Challenge, by gaining the most points through a series of discovery and attack challenges. Are you ready for the challenge?

The workshop had three phases based on hybrid data centre use cases:

  • Forensic - to find out what happened – to discover/obtain information
  • Defense – to define the protection strategy
  • Proactive – to set the security needed to avoid being compromised again

Organized by whom?

The workshop was created by Trend Micro and organized in conjunction with the DC416 crew.

How long was the event?

It was on a Saturday from 9am to 3:30pm. 6 and a half hours

What was Involved


The network was accessed via the cloud.

Systems within the game:

  • A Jump host to RDP into others
  • Docker Host
  • IIS Webserver
  • Database Server (MySQL)


This was a Trend Micro event, meaning it was all designed and created by their team. As such the only tool given was Deep Security

Deep Security example:

However there were other tools that were required:

  • John The Ripper
  • OpenSSL
  • Windows Event logs itself
  • Command line - for both Linux and Windows

We did not finish all the challenges, so there was much more to explore.


Varied from basic to hard.

Basic examples:

  • what account is being brute forced
  • What is the name of malware on

To more thinking outside the box:

  • Need to find a password to open a file or gain access to something. Would you brute-force, or look on a server for the password?
  • Enabling features within Deep Security tool to give more visibility, or fine tuning

Example finding malware:

Example using hexdump, which was NOT the way to solve the challenge:

Example viewing Windows events through Deep Security:

What Did The Scoreboard Look Like?

This was a unique take on scoreboards.

Instead of just having a ladder and challenges. The idea was that you were ‘hacking around the world’. Each country had its own challenge. Obviously it started off in Canada!

Example Challenges:

How Did We Place

5th! Which I feel is pretty awesome. Also not bad for a team missing 1 team member. 3 members instead of 4 :D - Thanks Team mates! It was great to try a new tool and continue challenging myself.


Connect to Splunk with Python

This post will cover the following: Connecting to Splunk with the Python SDK, executing a search and receiving the results Connecting to Splunk without ...

Back to Top ↑


Winlogbeat & ELK

TL;DR: Create Logstash conf.d file to allow Winlogbeat to be ingested into Logstash. Change Winlogbeat config file to use Logstash instead of Elasticsearch.

Golang and Windows Network Interfaces

I have been working on Windows and needed to connect to a Network Interface (NIC). I ran into problems, here is what I learned and hope it saves the same tro...

Tcpdump Notes

I have been using tcpdump recently and wanted to note down some of the commands Y’know, for future reference.

Pivoting with SSH

Today I was trouble shooting a machine at work. I did not have access via RDP or VNC, so I used SSH to forward my traffic to the host so I could access a URL.

GitHub Actions

I participated in a DevSecOps type workshop on Saturday (May 9th) in which we created some GitHub Actions. This is a post to solidify the learning and be a c...

Threat Defense Workshop

On April 25th I was fortunate enough to participate in the Trend Micro Threat Defense workshop.

Incident Handling Certification

Since I blogged about my experience at OpenSoc, I wanted to expand on the value I found in my eLearnSecuirty Incident Response course. What you will find bel...

OpenSoc Experience

So Thursday (April 9th) I participated in an online blue team defense simulation event, known as OpenSOC.

Golang Parsing Strings

I have been working with Golang strings and how to manipulate them. Working from other blogs posts I’ve found. When I sit down to code, I seem to forget ever...

Welcome to Jekyll!

You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different wa...

Back to Top ↑