Threat Defiance Report

2017 Training Schedule

2017 Training Schedule



9 Texas ATT 5 Weeks

23 Colorado HUNT [Windows] 1 Week

30 Colorado HUNT [Linux] 1 Week

30 Hawaii ATT 5 Weeks



6 Colorado HUNT [Network] 1 Week

13 Maryland CTIA 1 Week

27 Texas HUNT [Windows] 1 Week



6 Texas HUNT [Linux] 1 Week

6 Maryland ATT 5 Weeks

13 Texas HUNT [Network] 1 Week

27 Texas CTIA 1 Week



3 Texas ATT 5 Weeks

17 Hawaii1 CTIA 1 Week



1 Hawaii HUNT [Windows] 1 Week

8 Hawaii HUNT [Linux] 1 Week

15 Hawaii HUNT [Network] 1 Week

22 Colorado CTIA 1 Week



5 Hawaii ATT 5 Weeks

19 Texas ATT 5 Weeks

19 Maryland CTIA 1 Week



10 Maryland HUNT [Windows] 1 Week

17 Maryland HUNT [Linux] 1 Week

24 Maryland HUNT [Network] 1 Week

31 Georgia ATT 5 Weeks



7 Texas CTIA 1 Week

21 Colorado HUNT [Windows] 1 Week

28 Colorado HUNT [Linux] 1 Week



4 Colorado HUNT [Network] 1 Week

4 Hawaii CTIA 1 Week

25 Texas HUNT [Windows] 1 Week



2 Texas HUNT [Linux] 1 Week

9 Texas HUNT [Network] 1 Week

16 Texas ATT 5 Weeks

30 Hawaii ATT 5 Weeks



6 Colorado CTIA 1 Week



root9B’s Adversary Tactics and Techniques course is an intense 5-week hands-on course that teaches students the methodology and technical details of how attackers recon, gain access to, pivot, and remain hidden within a target network, and any artifacts their actions may leave behind. Whether they’re on a path to become pen-testers, red team members, or cyber defenders, the Adversary Tactics and Techniques course prepares students to excel by establishing a rm foundation in operational cyber exploitation methodologies. The course takes students with a basic understanding of computers and computer networks to a level where they are capable of executing fundamental exploitation operations in Windows and Linux environments.


root9B’s 1-week Cyber Threat Intelligence Analysis course teaches network defenders to collect, analyze and apply targeted intelligence to defensive operations in order to proactively act on and adapt to sophisticated, dedicated attacks by cyber adversaries. This course applies the Intelligence Analysis process to the full-spectrum cycle of proactive network defense. The principle objective of this course is to equip network defenders, intelligence analysts, and other security operations personnel with a modern methodology to characterize, investigate, attribute, and respond to advanced cyber threats in a collaborative, real-time environment.


root9B’s Hunt course for Windows operating systems introduces cyber security professionals to the digital arena of real-time, proactive adversary detection and identification. This course teaches students how to efficiently characterize and interrogate remote Windows systems in order to collect, analyze, and identify advanced cyber threats that evade traditional detection mechanisms. Students will demonstrate the ability to recognize indicators of malicious code, lateral movement, and evidence of adversary presence within Windows hosts. This course is ideal for cybersecurity professionals who need to learn how to ‘Hunt’ within their Windows networks for Advanced Persistent Threats that have eluded detection by automated enterprise security solutions.


root9B’s Hunt course for Linux operating systems provides cybersecurity professionals with methodologies to actively defend Linux systems and discover advanced threats. Students will demonstrate the ability to characterize systems, perform local and remote enumeration, collect data, and perform real-time analysis, detection, and identification of adversary attacks. Students will learn the tactics and techniques employed by adversaries, with an emphasis on Linux system manipulation and persistence techniques to bypass cybersecurity systems and infrastructure. This course is designed for cyber security professionals who need to learn the skills, knowledge, and methodologies required to determine if an adversary is successfully avoiding detection from automated security products.


root9B’s Hunt course for Network Infrastructure focuses on preserving the integrity of devices and systems that serve as the conduit of information across networks. This course emphasizes the aggregation, correlation, and analysis of data across multiple network systems (i.e., IDS, Syslog/Windows Events, Netflow, Authentication) in order to identify sophisticated and tailored adversary attacks. Students will demonstrate how to actively and passively enumerate and characterize systems, verify configurations, validate the integrity of those systems and the data flows between them. Adversary tactics, techniques and procedures will be replicated in a controlled environment where students will perform Hunt operations in order to detect malicious activity.

AAPC [Active Adversary Pursuit Certification]

root9B’s Active Adversary Pursuit Certification is the industry’s first hands-on certification to provide cybersecurity professionals with the opportunity to prove their skills and ability to detect advanced cyber threats that defeat automated cybersecurity devices and solutions. Candidates are given access to a controlled environment where Advanced Persistent Threats are replicated, and are evaluated on their proficiency in network enumeration and characterization, data collection and analysis, identifying indicators of compromise, and response actions while hunting for the threat actors. root9B’s series of three Hunt courses [Windows, Linux and Networks] provide the foundation and knowledge required to successfully complete this Certification Assessment.