دسته: دوره ها

Have fun learning Windows security and PowerShell scripting at the same time in course SEC505 at SANS. No prior PowerShell scripting experience is required. Attendees will have fun using generative AI to help write PowerShell scripts, including a fully functional ransomware script that attendees will write and unleash in their training virtual machines in order to learn about defenses against PowerShell malware. This is a course mainly for on-premises Windows environments, such as for GOV and MIL networks, but PowerShell is popular for Azure and AWS too. The course author, Jason Fossen, is a Faculty Fellow who has taught Windows security at SANS for more than 25 years and PowerShell for more than 15 years. Jason gives away his PowerShell scripts for free at https://BlueTeamPowerShell.com.

Syllabus

SEC505.1: Learn PowerShell Scripting for Security
SEC505.2: You Don’t Know THE POWER!
SEC505.3: PowerShell for WMI and Active Directory
SEC505.4: PowerShell DevOps and AI-Generated Code
SEC505.5: Certificates and Multifactor Authentication
SEC505.6: PowerShell Ransomware and Security

SEC505: Securing Windows and PowerShell Automation

ادامه مطلب

Become an Enterprise Defender! Enhance your knowledge and skills in the specific areas of network architecture defense, penetration testing, security operations, digital forensics and incident response, and malware analysis. SEC501: Advanced Security Essentials – Enterprise Defender is an essential course for members of security teams of all sizes. That includes smaller teams where you wear several (or all) hats and need a robust understanding of many facets of cybersecurity, and larger teams where your role is more focused, and gaining skills in additional areas adds to your flexibility and opportunities. This course concentrates on showing you how to examine the traffic that is flowing on your networks, look for indications of an attack, and perform penetration testing and vulnerability analysis against your enterprise to identify problems and issues before a compromise occurs. When a compromise does occur – and it will – you’ll be able to eradicate it because you will have already scoped your adversaries activities by collecting digital artifacts of their actions and analyzing malware they have installed on your systems. That done, you can then undertake the recovery and remediation steps that would have been pointless if your adversary had persisted on your network. 26 Hands-on Labs + Capstone CTF

Syllabus

SEC501.1: Defensible Network Architecture
SEC501.2: Penetration Testing
SEC501.3: Security Operations Foundations
SEC501.4: Digital Forensics and Incident Response
SEC501.5: Malware Analysis
SEC501.6: Enterprise Defender Capstone

SEC501: Advanced Security Essentials – Enterprise Defender

ادامه مطلب

More businesses than ever are moving sensitive data and shifting mission-critical workloads to the cloud, and not just to one cloud service provider (CSP). Something that is unclear to many, is that organizations are still responsible for securing their data and mission-critical applications in the cloud. The benefits in terms of cost and speed of leveraging a multi cloud platform to develop and accelerate delivery of business applications and analyze customer data can quickly be reversed if security professionals are not properly trained to secure the organization’s cloud environment and investigate and respond to the inevitable security breaches. New technologies introduce new risks. The SEC488 cloud security course helps your organization successfully navigate both the security challenges and opportunities presented by cloud services. 20 Hands-on Labs + CloudWars Capstone Challenge.

Syllabus

SEC488.1: Identity and Access Managment (IAM)
SEC488.2: Compute and Configuration Management
SEC488.3: Data Protection and Automation
SEC488.4: Networking and Logging
SEC488.5: Compliance, Incident Response, and Penetration Testing
SEC488.6: CloudWars

SEC488: Cloud Security Essentials

ادامه مطلب

SEC575 will prepare you to effectively evaluate the security of iOS and Android mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test, which are all critical skills required to protect and defend mobile device deployments. You will learn how to pen test the biggest attack surface in your organization; dive deep into evaluating mobile apps and operating systems and their associated infrastructure; and better defend your organization against the onslaught of mobile device attacks.

Syllabus

SEC575.1: Device Architecture and Application Interaction

SEC575.2: The Stolen Device Threat and Mobile Malware

SEC575.3: Static Application Analysis

SEC575.4: Dynamic Mobile Application Analysis and Manipulation

SEC575.5: Mobile Penetration Testing

SEC575.6: Hands-on Capture-the-Flag Event

SEC575: iOS and Android Application Security Analysis and Penetration Testing

ادامه مطلب

“Security” is arguably one of the most challenging disciplines to move from being an individual contributor (IC) to being a manager. While security ICs can perform most tasks in isolation, a manager needs to regularly interact with people both inside and outside of the team. Further, “security” has its own language which can be completely foreign to people outside of the discipline. How do you take security concerns and convert them into a language that senior leaders and “C” levels can understand? Honing these skills will be the primary objective of this course. In this course, we will cover all of the steps needed to stand up and lead a security team within an organization. We start with a clean slate so that every aspect gets covered. If you are in an environment that already has a security team, this can help fill in the gaps. This course will have a heavy focus on how to integrate the security team with the rest of the business units. We’ll look at strategies for increasing funding, as well as converting “security risks” into “business risks” so they are better understood by the organization’s leadership. The course includes a lot of collateral like a full set of pre-written security policies. The goal is to help you build an effective security team in as little time as possible.

Antisyphon: Security Leadership and Management w/ Chris Brenton

ادامه مطلب

Security Defense and Detection TTX is a comprehensive four-day tabletop exercise that involves the introduction to completion of security TTXs (tabletop exercises), IR playbooks, and after-action reports. The exercises are paired with video and lab demonstrations that reinforce their purpose. The training as a whole is compatible with the world’s most popular RPG rules.

The preparation phase will walk students through the creation of specific IR playbooks that can be utilized in any environment as well as during later parts of the class. The next phase introduces the gamification of the TTXs. The students split up into separate “corporations” with assigned verticals, hit points, armor class, budgets, strengths, and weaknesses. Selection of departments and skills allow the players to further their modifiers. Throughout the exercise, each company will take turns rolling their way through decisions such as large purchases, attack severity, defense capability, and incident response decisions.

 Antisyphon: Security Defense and Detection TTX w/ Amanda Berlin and Jeremy Mio

ادامه مطلب