Description

During this module, participants will further explore data packets’ and study on a deeper level, learn to identify network anomalies, and understand system alerts. Students will master the use of well-known command-line-interface (CLI) and graphic-user-interface (GUI) tools to further specialize in the field. Students will learn methodologies to approach investigations of incidents.

Technical content

• Networking
  Network Protocols
  The OSI Model
  Analyzing Packets

• Basic Intrusion Detection Tools and Methods
  Wireshark
  GeoIP Integration
  TShark
  Sysmon

• Using the Scapy Module
  Crafting and Analysing Packets
  Working with PCAP Files
  Replaying Packets for Investigating

Description

Companies regularly deploy various security technologies designed to prevent and detect threats and strengthen and protect assets. During this module, we will detail SOC environments and how they work. The student will know to build and properly configure his SOC environment and correlate it with other security products/assets. Having a SOC allows you to have dynamic security that acts as a real bastion of analysis, monitoring, prevention, and remediation.

Technical content

• Preparing the Framework
  Introduction to ELK
  Deploying Beat
  Identifying Threats
  Aggregating Data
  Real-Time Monitoring
• Hands-on PfSense
  Setting and Configuring Rules
  Passing Traffic using the NAT Feature
  Configuring Firewall Rules
  Managing Network Security
  Snort

Learning about the SIEM (Security Information and Event Management), the primary system used by SOC analysts for monitoring the network. Participants will install a freely-available open-source SIEM platform and simulate different scenarios through a pre-prepared virtual environment, mimicking an organization.

• Building SIEM Environment Configuring Your Domain Setting-Up an Open Source SIEM Deploying Security-Onion Network and Host DLP Monitoring and Logging
• Monitoring using the Virtual Environment Firewall Monitoring and Management Email and Spam Gateway and Web Gateway Filtering Vulnerability Assessment and Monitoring Setting your Rules for Cyber Threats

Description

In this module, students will learn to use the Windows Management Instrumentation. Students will learn how the core management process is accomplished and use WMI to manage both local and remote computers on the LAN network to consolidate the acquired knowledge into building tools skills in PowerShell scripts and regular WMI usage.

Technical content

• WMI Architecture
  Using WMI Methods
  Working with Remote Computers
  Access to the Registry
  Information Gathering
  Storage Information
  Command Execution
  Common Events
  Detection with WMI