Offensive Security for Defenders
Master Offensive Security for Defenders
Think like an attacker to defend like an expert. Learn offensive security techniques to understand real attacker campaigns, uncover detection gaps, and build resilient defences that go far beyond alerts, so you can detect, disrupt, and stop sophisticated adversaries in your environment.
What you'll be able to do
Course overview
The Offensive Security for Defenders course is built specifically for Security Practitioners who want to detect campaigns, not just alerts. You'll gain practical, hands-on expertise to:
By the end, you'll have the offensive mindset and technical skills to proactively find and close detection gaps, making your organisation significantly harder to compromise.
Who this course is for
You're a Security Practitioner (SOC analyst, Detection Engineer, Threat Hunter, or Blue Teamer) who wants to move beyond triaging alerts to detecting full attacker campaigns. This course is built for you if you want to:
In short: if you're ready to detect campaigns, not just alerts, and become a much more effective defender, this course is for you.
What you'll learn
By the end of this Offensive Security for Defenders course you will be able to:
Key course takeaways
Things you need to know
What are the prerequisites for this course?
There are no prerequisites. The course teaches offensive concepts from a defender's perspective. Familiarity with KQL, Microsoft Sentinel, and Defender XDR will help you move faster, but neither is required. Every tool and technique is explained at first use.
What are the device requirements?
A device with a modern browser. Access to a lab environment for running offensive tools (the course walks you through setup). You will also benefit from a Microsoft 365 E5 developer tenant for detection development.
How will the course benefit your career?
Defenders who understand offensive operations are dramatically more effective at detection engineering, threat hunting, and incident response. This course gives you the attacker's perspective so you can anticipate campaign patterns, build detections that survive tool rotation, and investigate incidents at the campaign level rather than the alert level.
Offensive understanding is increasingly a prerequisite for senior detection engineering, threat hunting, and security architecture roles.
Usage rights and disclaimer
Course materials: Licensed for individual professional development. You may deploy detection rules, queries, and analysis techniques in your production environment. You may not redistribute course content or share account credentials.
Offensive techniques: All attack execution is in your own isolated lab. Do not execute techniques against systems you do not own or have explicit written authorization to test.
Fictional environment: All scenarios use Northgate Engineering. Any resemblance to real organizations is coincidental.
Version and changelog
Current version: 1.0 | Last updated: June 2026
June 2026, v1.0: Course page restructured. 12 modules across the full offensive lifecycle from attacker planning through campaign reconstruction. 10 campaign telemetry datasets.
This course is actively maintained.
End of Course Exam
Complete the course, then prove your skills under time pressure. Pass mark: 70. Earn your certificate with CPE credits.
Requires 80% course completion. One random scenario per attempt. Certificate issued on pass.