Training for the cyber professionals of tomorrow

Transcription

1 Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments in cyber topic areas including incident response, malware analysis, computer, media and mobile device exploitation, penetration testing and vulnerability assessment, reverse engineering, information assurance and cyber forensics. Our labs are available in a hosted on-demand environment so students can learn by doing wherever they are, whether in a classroom, workplace or at home. Below is a sample listing of our more than 300 available labs. Additional Scanning Options Advanced Techniques for Malware Recovery (Expected Duration 1 hours, 5 minutes) Analysis and Recommendation Report Analyze and Classify Malware Analyze Browser-based Heap Spray Attack (Expected Duration 43 minutes) Analyze Malicious Activity in Memory Using Volatility (Expected Duration 38 minutes) Analyze Packed Executable to Identify Attack Vector and Payload Analyze SQL Injection Attack (Expected Duration 42 minutes) Analyze Structured Exception Handler Buffer Overflow Exploit (Expected Duration 32 minutes) Analyze Various Data Sources to Confirm Suspected BlackHole Infection Assessing Vulnerabilities Post Addressal Auditing Service Accounts and Creation of Service Accounts To Run Specific Services Auditing Service Accounts and Setting Up Automated Log Collection

2 Automated in-depth Packet Decoding Automated Vulnerability Assessments BCP DRP and Test Planning (Expected Duration 4 hours) Block Incoming Traffic on Known Port Centralized Monitoring Check for Indicators of Other Attack Activity (Debug PE File) CIRP Creation After Cyber Attacks CIRP Creation and Disaster (Expected Duration 42 minutes) Clonezilla_Network (Expected Duration 46 minutes) Collecting Logs and Verifying SYSLOG Aggregation Comparing Controls Comprehensive Threat Response Compromise Assessment with Crowd Response (Expected Duration 48 minutes) Conduct Log Analysis and Cross Examination for False Positives Conduct Root Cause Analysis for System Crashes Conduct Supplemental Monitoring Control Assessment and Evaluation Core Impact Vulnerability Scan Core Impact Web Application Penetration Testing Create Custom Snort Rules Creating a Baseline Using the Windows Forensic Toolchest (WFT) Creating a List of Installed Programs, Services and User Accounts from a WIN2K12 Server Creating a Secondary Baseline and Conducting Comparison Creating Recommendations Based on Vulnerability Assessments Creating SEIM Reports with Splunk Creation of BCP and DRP (Expected Duration 46 minutes) Creation of Standard Operating Procedures for Recovery Cybersecurity Testing with Core Impact

3 Data Recovery with Autopsy Detect Embedded Shellcode in a Microsoft Office Document Detect the Introduction and Execution of Malicious Activity Detect Unauthorized Changes Comparing Approved Configurations Detecting Changes to System Configurations Disable User Account on Windows 7 DOS PCAP Analysis (Expected Duration 1 hours, 13 minutes) Event Log Collection Firewall Setup and Configuration Fixing a Company BCP, DRP and CIRP Gap Analysis of Firewall Rules Holistic Network Identification and Protection Host Compromise Identification Scanning Host Data Integrity Baselining Identify Access to a LINUX Firewall Through SYSLOG Service (Expected Duration 20 minutes) Identify Additional Activity - Rootkit and DLL Injection Identify and Remove Trojan Using Various Tools Identify Rootkit and DLL Injection Activity (Expected Duration 40 minutes) Identify Suspicious Information in VM Snapshots Identify Whether High-Risk Systems Were Affected Identifying Key Assets Identifying Malicious Callbacks Identifying Malicious Network Connections Identifying System Vulnerabilities with OpenVAS IDS Setup Implement Single System Changes in Firewall Incident Detection and Identification (Expected Duration 2 hours, 30 minutes) Install EMET and Edit Host Files Installing Patches and Testing Software

4 Interoffice Communications Correction Leveraging Internal Intelligence Resources Linux Users and Groups Live Imaging with FTK Imager Lite Log Analysis Log Correlation Log Correlation and Analysis (Expected Duration 49 minutes) Log Event Reports Manual Vulnerability Assessments Manually Analyze Malicious PDF Documents Manually Analyze Malicious PDF Documents 2 Manually Creating a Baseline with MD5DEEP Microsoft Baseline Security Analyzer Monitoring and Verifying Management Systems Monitoring for False Positives Monitoring Network Traffic Network Discovery Network Segmentation (FW/DMZ/WAN/LAN) Network Topology Generation Data Backup and Recovery Open and Close Ports on Windows 7 Open Source Collection Packet Analysis and Attack Scope Parse Files Out of Network Traffic Participate in Attack Analysis Using Trusted Tool Set (Expected Duration 38 minutes) Patches and Updates Performing an Initial Attack Analysis Personal Security Products Post Incident Service Restoration Preliminary Scanning Protect Against Beaconing Recover from Browser-based Heap Spray Attack (Expected Duration 1 hours, 17 minutes)

5 Recover from Illegal Bitcoin Mining Incident Recover from Incident (Expected Duration 48 minutes) Recover from SQL Injection Attack (Expected Duration 1 hours, 6 minutes) Recover from Web-Based Flashpack Incident (Expected Duration 1 hours, 19 minutes) Recovering Data and Data Integrity Checks Recovery From Inadequate Patching Revised Incident Response Course, Remove Trojan Report Comparison and Evaluation Report writing for presentation to management (Expected Duration 59 minutes) Respond to and Validate Alerts from Antivirus Software (Expected Duration 26 minutes) Rogue Device Identification and Blocking Scanning From Windows Searching for Indicators of Compromise Sensitive Information Identification Setting Up SYSLOG Forwarding From a Windows System (Expected Duration 49 minutes) Setting Up Zones in a Firewall Specialized Linux Port Scans System Hardening Techniques for Manual Malware Recovery Threat Designation Tweaking Firewall Rules for Detection Use pftop to Analyze Network Traffic (Expected Duration 40 minutes) Using Identity Finder to Identify a System Containing Sensitive Information (Expected Duration 1 hours, 9 minutes) Using Identity Finder to Manually Search a Remote System for Sensitive Data Using Identity Finder to Manually Search a System for Sensitive Data Using PowerShell to Detect Using Snort and Wireshark to Analyze Traffic Validate Indications of Compromise: Analysis of PE File Verify Attributes of Identified SilentBanker Intrusion

6 Verify Attributes of Intrusion Through Additional Analysis (Expected Duration 40 minutes) Verifying Hotfixes Vulnerability Analysis/Protection Vulnerability Scan Analysis Vulnerability Scanner Set-up and Configuration Vulnerability Scanner Set-up and Configuration, Pt. 2 Whitelist Comparison Whitelist IP Address from IDS Alerts Whitelisting & Suspicious File Verification Identifying Anomalous ARP Network Miner TCPDump Wireshark Pentesting & Network Exploitation - Linux Target Analysis Labs Pentesting & Network Exploitation - Windows Target Analysis Labs Pentesting & Network Exploitation - LAN Exploitation Labs Pentesting & Network Exploitation - WAN/DMZ Exploitation & Pivoting Labs Windows Deployment Services (Expected Duration 48 minutes) Windows Event Log Manipulation via Windows Event Viewer Memory Extraction and Analysis (Expected Duration 1 hours, 54 minutes) Open Source Password Cracking (Expected Duration 1 hours, 51 minutes) Applying Filters to TCPDump and Wireshark DNS as a Remote Shell