INCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1

Similar documents
PRACTICAL NETWORK DEFENSE VERSION 1

PENETRATION TESTING EXTREME VERSION 1

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

CPTE: Certified Penetration Testing Engineer

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Certified Ethical Hacker (CEH)

RSA INCIDENT RESPONSE SERVICES

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

RSA INCIDENT RESPONSE SERVICES

Building Resilience in a Digital Enterprise

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

Incident Scale

Managing an Active Incident Response Case. Paul Underwood, COO

Behavioral Analytics A Closer Look

CyberArk Privileged Threat Analytics

RiskSense Attack Surface Validation for Web Applications

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

RSA NetWitness Suite Respond in Minutes, Not Months

CompTIA Cybersecurity Analyst+

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

A YEAR OF PURPLE. By Ryan Shepherd

Training for the cyber professionals of tomorrow

PRACTICAL WEB DEFENSE VERSION 1

Curso: Ethical Hacking and Countermeasures

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Hands-On Hacking Course Syllabus

Course 831 Certified Ethical Hacker v9

Ethical Hacking and Prevention

CompTIA CSA+ Cybersecurity Analyst

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

SentinelOne Technical Brief

ANATOMY OF AN ATTACK!

SentinelOne Technical Brief

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Building a Threat-Based Cyber Team

CEH: CERTIFIED ETHICAL HACKER v9

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Advanced Diploma on Information Security

Fidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

WAPT in pills: Self-paced, online, flexible access interactive slides. 4+ hours of video materials

Understanding Cisco Cybersecurity Fundamentals

Reducing the Cost of Incident Response

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

WEB APPLICATION PENETRATION TESTING VERSION 2

CCNA Cybersecurity Operations. Program Overview

BUILDING AND MAINTAINING SOC

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

CHCSS. Certified Hands-on Cyber Security Specialist (510)

DIS10.1 Ethical Hacking and Countermeasures

RSA. The security division of EMC. Visibilidad total en el entorno de seguridad. Javier Galvan Systems Engineer Mexico & NOLA

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Web Application Penetration Testing

Threat Hunting in Modern Networks. David Biser

DIS10.1:Ethical Hacking and Countermeasures

Resolving Security s Biggest Productivity Killer

Cisco Networking Academy CCNA Cybersecurity Operations 1.1 Curriculum Overview Updated July 2018

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

[MS20744]: Securing Windows Server 2016

Implementing Cisco Cybersecurity Operations

Traditional Security Solutions Have Reached Their Limit

6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are

CCNA Cybersecurity Operations 1.1 Scope and Sequence

Live Attack Visualization and Analysis. What does a Malware attack look like?

Certified Secure Web Application Engineer

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

Microsoft Securing Windows Server 2016

You Can t Stop What You Can t See

Security+ SY0-501 Study Guide Table of Contents

Incident Response Agility: Leverage the Past and Present into the Future

Network Intrusion Analysis (Hands on)

Transforming Security from Defense in Depth to Comprehensive Security Assurance

ForeScout Extended Module for Carbon Black

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

CompTIA. PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo. m/

Imperva Incapsula Website Security

Managed Endpoint Defense

Course Outline. Course Outline :: 20744A::

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

WEB APPLICATION PENETRATION TESTING EXTREME VERSION 1

the SWIFT Customer Security

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 12 May 2018

Automating the Top 20 CIS Critical Security Controls

Securing Windows Server 2016

Transcription:

INCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1 The most practical and comprehensive training course on incident handling & response elearnsecurity has been chosen by students in over 140 countries in the world and by leading organizations such as:

INTRODUCTION COURSE GOALS The Incident Handling & Response Professional course (IHRP) is an online, self-paced training course that provides all the advanced knowledge and skills necessary to: Professionally analyze, handle, and respond to security incidents on heterogeneous networks and assets; Understand the mechanics of modern cyber-attacks and how to detect them; Effectively use and fine-tune open source IDS, log management, and SIEM solutions; and, Detect and even (proactively) hunt for intrusions by analyzing traffic, flows and endpoints, as well as utilizing analytics and tactical threat intelligence. Thanks to the extensive use of Hera Lab and the coverage of the latest research in the incident handling & response field, the IHRP course is not only the most practical training course on the subject but also the most up to date. Penetration Testers and Red Team members can also benefit from this course; this is due to the fact that the IHRP course provides invaluable and in-depth information regarding detection tactics and procedures, that, if studied, could result in stealthier penetration testing or red teaming activities. More specifically, the course covers detection tactics and procedures against all stages of the cyber kill chain. COURSE ORGANIZATION The training course is entirely self-paced with interactive slides and videos that students can access online without any limitation. Students have lifetime access to the training material and can also study from home, the office, or anywhere an internet connection is available. The Incident Handling & Response Professional v1 course is integrated with Hera Labs, the most sophisticated virtual lab in IT Security. A minimum of 60 hours is advised. For more intensive use, 120 hours may be necessary. Hera Lab provides a dedicated and isolated environment where a student can practice topics seen in the course.

INTRODUCTION TARGET AUDIENCE AND PRE-REQUISITES The IHRP training course benefits the career of SOC Analysts, CSIRT members, Incident Handlers, Incident Responders, Red Team members who want to understand blue team tactics and deliver stealthier penetration tests, and IT Security personnel in charge of defending their organization s assets. This course allows organizations of all sizes to effectively and timely analyze and respond to recurring alerts and incidents by building strong, practical in-house skills. Organizations can now train their teams with a comprehensive and practical training course without having to deploy internal labs that are often outdated and not backed by solid, theoretical material. A student who wants to enroll in the course must possess a solid understanding of networking, protocols, operating systems and security devices. No programming skills are required. However, snippets of code will be used during the course. WILL I GET A CERTIFICATE? The IHRP course leads to the elearnsecurity Certified Incident Responder v1 (ecirv1) certification. The certification can be obtained by successfully completing the requirements, which is a practical response exam that consists of a complex, real-world infrastructure hosted in our elearnsecurity Hera Labs. An ecirv1 voucher is included in all the plans of the IHRP course.

ORGANIZATION OF CONTENTS The student is provided with a suggested learning path to ensure the maximum success rate at the minimum effort. INCIDENT HANDLING OVERVIEW SECTION The Incident Handling Overview section will introduce you to the Incident Handling Process. Specifically, the Preparation -> Detection & Analysis -> Containment, Eradication & Recovery -> Post-Incident Activity cycle will be covered in detail. Additionally, Incident handling procedures, activities and best practices for maximizing efficiency and performance, as well as reducing important security metrics such as time to detect, time to respond and points of risks per host are also covered. Module 1: Incident Handling Process NETWORK TRAFFIC & FLOW ANALYSIS SECTION The Network Traffic & Flow Analysis section will cover how you can detect intrusions or intrusion attempts by analyzing network traffic and network flows. This section consists of three modules that are accompanied by both the required theory and numerous hands-on labs, where you will be tasked with detecting real-world attacks and malware. More specifically, this section s modules and a non-exhaustive list of covered topics are: Module 1: Intrusion Detection by Analyzing Traffic (Part 1) Detecting attacks in the IEEE 802.x Link and IP layers Module 2: Intrusion Detection by Analyzing Traffic (Part 2) Analyzing common application protocols for suspicious behavior or abnormalities Effectively using open source IDS solutions o Snort o Bro o Suricata Module 3: Intrusion Detection by Analyzing Flows Volumetric discovery Anomalous DNS discovery Anomalous SMB discovery Visualization to support detection

PRACTICAL INCIDENT HANDLING SECTION The Practical Incident Handling section will cover how you can prepare and defend against each stage of the cyber kill chain. The goal of this section is to first educate you on the techniques, tactics, and procedures that modern adversaries use and then, make you capable of preparing and defending against them, using a variety of detection techniques, tools, logs, and events. Once again, modules will be accompanied by numerous hands-on labs, where you will be tasked with detecting intrusions or intrusion attempts during all stages of the cyber kill chain. More specifically, this section s modules and a non-exhaustive list of covered topics are: Module 1: Preparing & Defending Against Reconnaissance & Information Gathering Web-Site Searches & Google Hacking Search Engines & OSINT as Recon Tools DNS and SMTP Interrogation Reconnaissance through OWA Reconnaissance through SSL Certificates Reconnaissance through JavaScript Injection Module 2: Preparing & Defending Against Scanning War Dialing / Driving Nmap/Nessus Scans Scanning through WebRTC IDS/IPS Evasion for Scanning SMB Session Scanning Malicious LDAP Query Detection Abnormal Protocol Usage for Scanning Module 3: Preparing & Defending Against Exploitation Gaining Access o BGP Hijacking o Passive & Active Sniffing o Session Hijacking o DNS Cache Poisoning o Remote Exploits o Password Cracking o Malicious Attachments o NetNTLM Hash Capturing & Relaying o Pass-the-Hash Attacks o Kerberos Attacks o Remote Linux Host Attacks

Web Attacks o Account Harvesting o Password Spraying o RCE (incl. deserialization attacks) o SQLi/NoSQLi o XSS o XXE Denial of Service o Local DoS o Remote (D)DoS Module 4: Preparing & Defending Against Post-Exploitation Backdoor / Trojan / RAT Detection Intro to Memory Analysis Rootkits (User-mode & Kernel-mode) Possible Attack Paths Detection Credential Reuse Detection Lateral Movement Detection Privileged Access Monitoring / Privilege Escalation Detection Abnormal System Interaction Monitoring (Responder & DCSync examples) Hiding Files (examples hiding in ADS, GIF webshells, etc.) Log Editing Defense Solution Tampering Covert Channels Persistence Detection (registry, WMI, misusing Kerberos functionality, Linux-related persistence methods, etc.)

SOC 3.0 OPERATIONS & ANALYTICS SECTION The focus of the Practical Incident Handling Section was to educate you on the techniques, tactics, and procedures that modern adversaries use, as well as teach you how to detect them. Now, it is time to scale things up The SOC 3.0 Operations & Analytics Section first introduces you to the world of SIEM so you can become comfortable with working with some of the most effective and open-source SIEM solutions. You will then witness how common protocol analytics can greatly increase your network visibility in an attempt to detect abnormal and probably malicious actions at scale. Endpoint analytics are up next, covering the most important logs/events, correlation strategies, regex usages, and SIEM queries that you can leverage to detect adversaries on your network and endpoints. As usual, modules will be accompanied by numerous hands-on labs, where you will be tasked with detecting real-world attacks and malware. As this section progresses, you will also see how tactical threat intelligence and adversary simulation can help you upgrade your detection capabilities. Module 1: SIEM Fundamentals & Open Source Solutions Customized ELK Stack Splunk Osquery Additional tools CONTENTS Module 2: Logging (incl. formats, manipulation, custom parsing, etc.) Module 3: SMTP, DNS & HTTP(S) Analytics SMTP o What to Collect/Monitor o Detecting Phishing Proactive Similar Domain & Bulk Detection Monitoring for Whaling Cases Outbound SMTP Monitoring DNS o What to Collect/Monitor o Filtering Records o DNS Sinkholing o Frequency Analysis to Detect Evil Entropy-based Attacker Detection o Statistical Analysis Domain Occurrence-based Detection Domain Age-based Detection

o NXDomain DNS Enumeration Detection o DNS Tunneling Detection o Malware Domain Identification HTTP o Inbound / Outbound HTTP o What to Collect/Monitor o Abnormal HTTP Method / User Agent Detection o HTTP Status Code Monitoring o Direct IP Monitoring o Abnormal URL Lengths HTTPS o What to Collect/Monitor o Analyzing SSL Certificates Insufficiently Filled / Self-signed SSL Certificates Impersonating Certificates o Unusual/Random Common Names Module 4: Endpoint Analytics Windows Log & Event Analytics Linux Log & Event Analytics CONTENTS Module 5: Creating a Baseline & Detecting Deviations Asset Inventory Detecting Changes in Filesystem Access, Software, Scripting Usage, and System Interactions Detecting Abnormalities in Generated Traffic Detecting Changes in the User s Behavior What else to Collect/Monitor

We are elearnsecurity. Based in Santa Clara, California, with offices in Pisa, Italy, and Dubai, UAE, Caendra Inc. is a trusted source of IT security skills for IT professionals and corporations of all sizes. Caendra Inc. is the Silicon Valley-based company behind the elearnsecurity brand. elearnsecurity has proven to be a leading innovator in the field of practical security training, with best of breed virtualization technology, in-house projects such as Coliseum Web Application Security Framework and Hera Network Security Lab, which has changed the way students learn and practice new skills. Contact details: www.elearnsecurity.com contactus@elearnsecurity.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback