کاربر گرامی، برای آموزش استفاده از وبسایت لطفا این صفحه را مشاهده نمایید.

دسته: دوره ها

دوره Applied Network Defense | Demystifying Regular Expressions

Most security analysis and detection tools support matching with regular expressions because of limitations in their own feature set. This means that if you can write regular expressions, you can search with infinite precision. This applies to IDS engines, SIEMs, and even command line tools like grep.

The phrase “searching for a needle in a haystack” is overused, but it’s a serious component of what security analysts do. A large part of our success is contingent on being able to search through large repositories of data and match things that meet very specific criteria.

Demystifying Regular Expressions will help you do exactly that.

Syllabus

  • The most common uses of regular expressions and how to apply them in places you weren’t even aware of.
  • The process of iteratively building and testing regular expressions for things you want to match.
  • Techniques for overcoming common gotchas like dealing with whitespace
  • How to Evaluate the efficiency of expressions by the number of steps it takes to match.
  • A definitive guide to escaping so you’ll know when and how to do it
  • How quantifiers can be used to match specific numbers of data occurrences
  • How to use capture groups to reference specific matched content and perform additional operations on it
  • Complex behavioral structures like lookarounds and conditionals
  • The use of modifiers to match case-sensitive, enable free-spacing, or match in single line mode

Applied Network Defense | Demystifying Regular Expressions

ادامه مطلب

دوره Applied Network Defense | Practical Threat Hunting

A structured system to ensure you’re never at a loss for places and methods to start hunting for evil. Practical Threat Hunting is a foundational course that will teach you how to approach threat hunting using a proven, structured, repeatable framework. Practical Threat Hunting is the course that will teach you to hunt in a way that will never leave you at a shortage of places to start or techniques to manipulate data to spot anomalies. You’ll build skills through a series of expert-led lectures, scenario-based demonstrations, and hands-on lab exercises. Through a combination of theory and application, you’ll learn the basics of threat hunting and apply them to your network immediately.

Syllabus

  • Two hunting frameworks: Attack-Based Hunting (ABH) and Data-Based Hunting (DBH)
  • Techniques for leveraging threat intelligence and the MITRE ATT&CK framework for hunting input
  • The 9 most common types of anomalies you’ll encounter when reviewing evidence.
  • The 4 ways threat hunters most commonly transform data to spot anomalies
  • Typical staffing models for hunting capabilities in organizations of all sizes along with pros/cons
  • 5 metrics that support and enable threat hunting operations
  • My two-step system for effective note taking while hunting (and how to transition those notes to longer-term storage for easy searching)
  • An ideal design for a hunter’s wiki/knowledgebase
  • A 5-step framework for dissecting and simulating attacks to prepare for hunting expeditions

Applied Network Defense | Practical Threat Hunting

ادامه مطلب

دوره Applied Network Defense | Osquery for Security Analysis

Osquery for Security Analysis will teach you how to use Osquery to perform thorough investigations of hosts on your network. This isn’t just an Osquery tutorial, it’s a course designed to help you improve your host-based investigation skills using one of the best tools for the job.

syllabus

  • How to craft SQL queries to interrogate Windows, Linux, and MacOS hosts
  • Common queries for performing software inventory and asset control
  • Strategies for interrogating processes to determine if they are malicious
  • Techniques for uncovering persistence and lateral movement
  • Triaging suspicious systems using high-value data tables
  • Hunting leveraging MITRE ATT&CK techniques
  • Complete deployment of distributed Osquery across your network using FleetDM and ElasticStack
  • How to leverage differential queries to monitor state changes and generate alerts
  • Extending Osquery with extensions

Applied Network Defense | Osquery for Security Analysis

ادامه مطلب

دوره Applied Network Defense | Practical Packet Analysis

Capturing packets is easy, but making sense of them isn’t. This course will teach you the fundamentals of packet analysis. You’ll learn all about common protocols, how to troubleshoot network issues, and how to investigate security incidents at the packet level. It’s easy to fire up Wireshark and capture some packets…but making sense of them is another story. There’s nothing more frustrating than knowing the answers you need lie in a mountain of data that you don’t know how to sift through. That’s why I wrote the first Practical Packet Analysis book a decade ago. That book is now in its third edition, has been translated to several languages, and has sold over 25,000 copies. Now, I’m excited to create an online course based on the book. The Practical Packet Analysis online course is the best way to get hands on visual experience capturing, dissecting, and making sense of packets.

Syllabus

  • How networking works at the packet level.
  • How to interpret packet data at a fundamental level in hexadecimal or binary.
  • Basic and advanced analysis features of Wireshark.
  • How to analyze packets on the command line with tshark and tcpdump.
  • Reducing capture files with Berkeley packet filters and Wireshark display filters.
  • Techniques for capturing packets to make sure you’re collecting the right data.
  • How to interpret common network and transport layer protocols like IPv4, IPv6, ICMP, TCP, and UDP.
  • How to interpret common application layer protocols like HTTP, DNS, SMTP, and more.
  • Normal and abnormal stimulus and response patterns for common protocols.
  • Troubleshooting connectivity issues at the packet level.
  • Techniques for carving files from packet streams.
  • Understanding network latency and how to locate the source.
  • How common network attacks are seen by an intrusion detection systems.
  • Techniques for investigating security alerts using packet data.
  • How malware communicates on the network.

Applied Network Defense | Practical Packet Analysis

ادامه مطلب

دوره Chris Sanders | Intrusion Detection Honeypots: Detection through Deception

Intrusion Detection Honeypots is the foundational guide to building, deploying, and monitoring honeypots — security resources whose value lies in being probed and attacked. These fake systems, services, and tokens lure attackers in, enticing them to interact. Unbeknownst to the attacker, those interactions generate logs that alert you to their presence and educate you about their tradecraft. Intrusion Detection Honeypots teaches you how to: – Use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.

syllabus

  • Leverage honey services that mimic HTTP, SSH, and RDP.
  • Hide honey tokens amongst legitimate documents, files, and folders.
  • Entice attackers to use fake credentials that give them away.
  • Create honey commands, honey tables, honey broadcasts, and other unique detection tools that leverage deception.
  • Monitor honeypots for interaction and investigate the logs they generate.

Chris Sanders | Intrusion Detection Honeypots: Detection through Deception

ادامه مطلب

دوره Applied Network Defense | Building Intrusion Detection Honeypots

Building Intrusion Detection Honeypots will teach you how to build, deploy, and monitor honeypots designed to catch intruders on your network. You’ll use free and open source tools to work through over a dozen different honeypot techniques, starting from the initial concept and working to your first alert. Building Intrusion Detection Honeypots is the seminal course on strategic honeypot deployment for network defenders who want to leverage deception to find attackers on their network and slow them down.

syllabus

  • What makes an intrusion detection honeypot different from research honeypots.
  • How to leverage the four characteristics of honeypots for the defender’s benefit: deception, interactivity, discoverability, and monitoring.
  • How to think deceptively with an overview of deception from a psychological perspective.
  • How to use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.
  • Tools and techniques for building service honeypots for commonly attacked services like HTTP, SSH, and RDP.
  • How to hide honey tokens amongst legitimate documents, files, and folder.
  • To entice attackers to use fake credentials that give them away.
  • Techniques for embedding honey credentials in services and memory so that attackers will find and attempt to use them.
  • How to build deception-based defenses against common attacks like Kerberoasting and LLMNR spoofing.
  • Monitoring strategies for capturing honeypot interaction and investigating the logs they generate.

Applied Network Defense | Building Intrusion Detection Honeypots

ادامه مطلب

جستجو در سایت