ＨｉｄｅＺｅｒｏＯｎｅ

Are you looking to improve the expertise of your in-house digital forensics and incident response team? Or do you want to train yourself in the area of incident response to identify the complex attacks? This Kaspersky Windows Incident Response course brings you concentrated knowledge from the company’s Global Emergency Response Team (GERT) experts. The course’s curriculum is heavily focused on practicing. Our experts will take you through all the stages of responding to an incident based on a real-life ransomware case. You will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics. You will be working in a simulated virtual environment with all the necessary tools to practice IR. Your coaches Ayman Shaaban and Kai Schuricht have handled security incidents for Kaspersky incident response customers around the globe. You will get not only super-clear theoretical knowledge but also tap into their up-to-date experience, skills and tips. A Kaspersky report shows malware can survive in a company’s digital environment for months and even years under the radar. After completing the course you will be able to verify and handle threats quicker in order to minimize the impact and contain the damage.

Syllabus

Introduction
Incident response process
Incident detection: Network & System based
Evidence acquisition
Memory analysis
Log file analysis
Network analysis
Cyber Threat Intelligence (CTI)

Windows incident response

Skilled reverse engineers aren’t born – they’re made by experience. If you are a cybersecurity specialist with a good understanding of malware analysis methodologies & tools and are looking for more confidence in applying your skills, you can bridge the gap by working hands-on with real-life cases.

With this challenge in mind, our intermediate-level course is built around analysis of 10 targeted malware cases used in the wild by powerful APT actors recently. Cases including MontysThree, LuckyMouse & Lazarus have been researched personally by our trainers as part of their work in the Kaspersky GReAT team – so you will get first-hand knowledge and best practices from their exclusive research.

By working in the dedicated virtual lab, using an array of tools like IDA Pro, Hex-Rays decompiler, Hiew, 010Editor and many others, you will gain practical experience analyzing real-life targeted malware and will become a more efficient malware analyst and reverse engineer and prove your skills are relevant to today’s threat landscape.

Syllabus

Introduction and Chafer
LuckyMouse
Biodata Exploit
Topinambour
Biodata Trojan
DeathStalker
MontysThree
Lazarus Group
Cloud Snooper
Cycldek’s Tried

Targeted malware reverse engineering

Suricata is the foundation for effective intrusion detection and prevention. With cyber attacks on the rise it’s more crucial than ever for businesses, enterprises or cybersecurity consultancies to have a comprehensive security strategy in place. And that’s where Suricata rules come to the rescue. The “Suricata for Incident Response and Threat Hunting” course from Kaspersky xTraining is the ultimate training program taught by Kaspersky’s leading security researcher who has spent years on the front lines of cyber defense, Tatyana Shishkova. She will share unique insights and sophisticated tips and tricks, giving you an unparalleled understanding of the IDS/IPS within the Suricata rules framework. The course is created for companies aiming to power up their security policy and individual learners, looking to advance their career in cyber security. Whether you’re a beginner specialist or a seasoned professional in security or SOC analysis, security administration, malware research or incident response, it will give you the knowledge and skills to stay ahead of the ever-evolving threat landscape. Learn how to write and implement Suricata rules to detect and block even the most advanced threats. Gain a deep understanding of how the framework works, and how to use it for identifying and responding to attacks in real-time. Get practical experience to enhance your network security with hands-on exercises and various real-life scenarios.

Syllabus

Suricata Basics
Rule writing basics
Writing rules for HTTP protocol
Writing rules for DNS,TSP and SSL/TLS protocol
Advance Suricata features
Detecting typical attacks
Problem solving

Big companies with complex IT infrastructure need to protect it – or face the consequences of being compromised. Sophisticated attackers can bypass automatic defenses unnoticed. Here’s where Security Operations Center (SOC) comes to the rescue, bringing the expertise and skills of its professionals for upgraded business protection. Developed by Kaspersky’s own SOC experts, this course offers a comprehensive training to SOC analysts and other staff dealing with security operations. The knowledge you will get is practical and tested: our experts update it daily, provide security to Kaspersky itself and deliver on-site training to clients all over the world. During the time on the course, you will get to know the diverse roles within a SOC, its services and use cases, get acquainted with the modern attack tactics, techniques, and procedures, and learn how SOC helps deal with them. Within the numerous extensive practice sessions in the restricted areas of the virtual labs, you’ll get an opportunity to develop your skills in incident detection and investigation.

Syllabus

General Cybersecurity concepts
Windows
Linux

Have you ever wondered how Kaspersky’s GReAT experts discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. Our specialists have poured years of experience from the prominent cases they have worked on into our online Threat Hunting with Yara training. Course leader Costin Raiu, a 25 year veteran of the threat hunting industry, will teach you the unconventional ways of working with Yara so that you can find threats of the same magnitude as his team. Specifically designed for self-paced learning, our course is deeply practical and enables you to learn-by-doing, hunting for real threats in our dedicated Virtual Lab. Using world-renowned cases like BlueTraveller, Sofacy & WildNeutron as the basis of the course, Costin shares insights and techniques from his team’s exclusive research on these cases. This knowledge will enhance your career and improve your organisation’s threat defences.

Syllabus

Inception
String based rules
Efficient rules
Taking advantage of Yara modules
Hunting for new samples on VTI
Wildcards
Digital Certificate, imphashes and developer footprints
Malicious Office documents, OLE format
Expert Yara exercises
YarGen, automation and a bit of magic

Hunt APTs with Yara like a GReAT ninja