About

Defensive

We strongly believe that only combination of deep, low-level defensive and offensive security hands-on skills can guarantee secure operations and successful IT deployments.

Our mission

Our mission is to help organizations have more secure infrastructures, better utilize Open Source software in Security Operations, and enable businesses to improve the detection capacity and skills of their SOC/Incident Response teams.

Why us

Our Certificates

Conferences

I. Install EDR engine

Choose and install EDR engine you want to evaluate. 

II. Search Technique

Identify relevant techniques from a comprehensive EDRmetry database.

III. Choose offensive commands

Extract the necessary commands or code snippets and follow step-by-step instructions.

IV. Run attack emulations

Prepare attack chains or manually execute single offensive tests on vulnerable-by-design Linux-based systems.

V. Verify detections and alerts

Check detections, telemetry, and alerts generated within the chosen EDR/SIEM platform.

VI. Dig deeper

Make configuration changes or ask questions to the EDR/SIEM vendor.

Why us

  • Defensive Security provides high-quality cyber security services including Linux / Windows digital forensics, incident response, latest threat analysis, and hunting, penetration testing, and infrastructure hardening. We successfully deliver a combination of Threat/Adversary Emulations vs network/endpoint investigations and log analysis at scale which is known as Purple Teaming.
  • We are trusted by the biggest customers from the private, oil and gas, insurance, and financial sector. 
  • Advanced training sessions delivery during the biggest conferences including Hack In The Box, BruCON, 44CON, OWASP AppSec US, and Black Hat US.
  • Almost 20 years of hands-on experience with Open Source Security Solutions go directly into the full spectrum of technology solutions to support customers achieving better visibility and detections, improving offensive and defensive Red / Blue and Purple team skills, validating defensive technology stacks, and helping understand the value of the Assume Breach approach and emulation of threats after getting initial access (C2, Lateral Movement, Persistence, Evasion).
  • Defensive Security offers advanced, hands-on cyber security training programs backed by PurpleLabs - a fully customized Cyber Range Environment enriched by step-by-step offensive/defensive lab instructions. Want to sharpen your Purple team skills? Try PurpleLabs where you will be playing with chained attack paths, emulating attacker's TTPs, and running detection/response at the same time by using Sysmon and EVTX, Auditd, Wazuh, Graylog, HELK, ElastAlert, Falco, OSQuery, Velociraptor, Zeek, Suricata, Moloch FPC, Volatility Framework, theHive, MISP, and Sigma Rules.
  • Talks at conferences: Secure 2019, Cyber Hagen 2019, Advanced Threat Summit 2019, Confidence 2016 (“Honey(pot) flavored hunt for cyber enemy), PLNOG 2016 (“Yoyo! It’s us, packets! Catch us if you can”), NGSEC 2016 (“Many security layers for many defensive opportunities”), Open Source Day 2010/2011/2012/2013/2014, SysDay 2008 (“SELinux vs exploits”), Confitura 2014 (“Detection and elimination of threats in real-time - OWASP Appsensor in action.”), Red Hat Roadshow 2014, OWASP Chapter Poland 2015(“Does your WAF can handle it?), ISSA InfoTrams 2015, BIN Gigacon 2015(“Mapping pentester's knowledge for the need to protect a critical IT infrastructure”).
  • An associate member of ISSA and OWASP Poland Poland.

See our services Get Access to PurpleLabs and Courses Contact

If you need to get deep and broad knowledge in the scope of Defensive Security using Open Source software then don't hesitate and just grab for it - definitely worth to attend and meet Leszek in person and his experience during 3 days long comprehensive technical training. "

Wojciech Dworakowski CEO at SecuRing

Our clients include

PGNiG