Who Should Attend?
All employees who want to know how to detect, investigate, repair, and recover the compromised systems at the end points of the organization with data to be collected over the network. Especially for:
- Information Security Professionals
- SOC Analysts
- Incident Response Team Members
- Blue Team Members
Course Syllabus
Capture devices:
- Switches
- taps
- Layer 7 sources
- NetFlow
Firewall, Intrusion Detection System, and Network Security Monitoring Logs
- Firewalls
Log Data Collection, Aggregation, and Analysis
- SOF-ELK Platform
- Basics and pros/cons of the Elastic stack
NetFlow Collection and Analysis
- NetFlow
- NetFlow artefacts useful for examining encrypted traffic
- Open-Source Flow Tools
SSL/TLS
- Encoding algorithms
- Encryption algorithms
- Symmetric & Asymmetric
- Profiling SSL/TLS connections with useful negotiation fields
Man-in-the-Middle
- Malicious uses
- Common MITM tools
- Artefacts of common MITM techniques
Threat Intel
Pre-requisites
This is an advanced course. A solid knowledge of attack techniques, networking, malware investigations, are prerequisites for attending this course.
- Fundamental understanding of computer networks, OSI (TCP/IP), DNS, HTTPS, SMTP, etc. knowledge
- Understanding of fundamental information security concepts
- Knowledge of networking devices and security solutions: firewalls, antivirus, and endpoint security applications, Switches, Routers
- Basic knowledge of Linux and Windows command line