Who Should Attend?
All IT personnel who want to know how to detect, investigate, fix and recover systems that have been compromised at the endpoints of the organization. Especially for:
- Information Security Professionals
- SOC Analysts
- Incident Response Team Members
- Blue Team Members
- Penetration Testers
Course Syllabus
Traditional Security Architecture
Perimeter-focused
Addressed Layer 3/4
Traditional Attack Techniques
SOC Architecture
- Firewalls
- Web Application Firewall
- HTTP Proxies, Web Content Filtering, and SSL Decryption
- SIMs, NIDS, Packet Captures, and DLP
- Honeypots/Honeynets
- Network Infrastructure - Routers, Switches, DHCP, DNS
- Mobile Devices and Wireless Access Points
- Threat Intelligence
Network Security Monitoring
Evolution of NSM
NIDS Design
Analysis Methodology
Practical NSM Issues
Tracking EXE Transfers
Identifying Command and Control (C2) Traffic
Tracking User Agents
C2 via HTTPS
Pre-requisites
This is an advanced course. A solid knowledge of attack techniques, networking, malware investigations, including network and forensic investigations are also prerequisites for attending this course.
- Fundamental understanding of computer networks, OSI (TCP/IP), DNS, HTTPS, SMTP, etc. knowledge
- Understanding of fundamental information security concepts
- Knowledge of networking devices and security solutions: firewalls, antivirus, and endpoint security applications, Switches, Routers
- Basic knowledge of Linux and Windows command line