کاربر گرامی، برای آموزش استفاده از وبسایت لطفا این صفحه را مشاهده نمایید.

دسته: دوره ها

دوره Applied Network Defense | Detection Engineering with Sigma

Detection Engineering with Sigma will teach you how to write and tune Sigma rules to find evil in logs using real-world examples that take you through the detection engineering process. We’ll dissect real Sigma detection rules focused on finding a variety of malicious activity in diverse log sources. Once you have a good handle on these components, you’ll start writing and tuning your own rules in a series of case studies. In some case studies, I’ll describe a detection gap and you’ll write a rule on your own before I show you how I tackled the problem myself. In other scenarios, you’ll write or modify a rule on your own and submit it to me for feedback. In this course, you are never alone! I will be with you 100% of the way to help you understand the structure of Sigma rules, how to get from idea to finished rule, and best practices for writing resilient rules.

Syllabus

  • The detection engineering process from initial detection gap identification to deploying your rule.
  • The structure of Sigma rules, including the difference between lists and maps, how condition expressions work, and all the essential metadata that’ll be useful for investigating alerts it generates.
  • How to use the SOC Prime Sigma UI plugin for Kibana to develop rules with a graphical editor.
  • Sigmac usage to convert rules to popular investigation and detection tool formats like Splunk, ELK, and others.
  • How to write resilient rules that find more evil, stand the test of time, and cause headaches for adversaries.
  • How to write your own detection rules using familiar log sources like Windows Events, Zeek Logs, Sysmon Logs, AWS CloudTrail logs, and more.
  • Guidelines and best practices for developing Sigma rules you can share with third parties, including the public Sigma rule repository.
  • The principles of detection as code with a tutorial on managing your custom ruleset with Git.
  • Tips and tricks for using Sigma and its tools on the command line.
  • How to leverage popular Sigma integrations like Security Onion Playbook.

Applied Network Defense | Detection Engineering with Sigma

ادامه مطلب

دوره Applied Network Defense | Splunk for Security Analysts

Splunk is a data analysis platform that allows security practitioners to centralize data, search through it, correlate events, and create security analytics and dashboards. It’s also the most popular commercial SIEM used by security teams to perform investigations and threat hunting. Splunk for Security Analysts will teach you how to use Splunk to onboard data, extract meaningful fields, and search through it using real security data to conduct security research and investigations. This course goes beyond the documentation to provide a diverse set of real-world security data that you’ll use to gain confidence with Splunk’s extensive capabilities.

syllabus

The Splunk Data Pipeline
Data Onboarding
Finding and Exploring Data
Enrichment and Advanced Filtering
Sharing, Scheduling, and Alerting
Visualization and Dashboards
ادامه مطلب

دوره Applied Network Defense | YARA for Security Analysts

Learn to use YARA to detect malware, triage compromised systems, and perform threat intelligence research. Detecting malicious elements within files is a core security skill for incident responders, SOC analysts, threat intelligence analysts, malware analysts, and detection engineers alike. There are different ways to accomplish that goal, but none are more flexible or widely used as YARA. YARA is a pattern-matching tool used to help identify and classify malware in a variety of scenarios. By writing YARA rules, security practitioners can detect whether malware exists within a group of files, triage a potentially compromised host, or identify common elements between samples to bolster threat intelligence.

Syllabus

YARA Fundamentals
YARA Rule Syntax
Detection Research Methodology
Ruleset Management
Adversary Tradecraft
ادامه مطلب

دوره Kaspersky – Windows incident response

Are you looking to improve the expertise of your in-house digital forensics and incident response team? Or do you want to train yourself in the area of incident response to identify the complex attacks? This Kaspersky Windows Incident Response course brings you concentrated knowledge from the company’s Global Emergency Response Team (GERT) experts. The course’s curriculum is heavily focused on practicing. Our experts will take you through all the stages of responding to an incident based on a real-life ransomware case. You will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics. You will be working in a simulated virtual environment with all the necessary tools to practice IR. Your coaches Ayman Shaaban and Kai Schuricht have handled security incidents for Kaspersky incident response customers around the globe. You will get not only super-clear theoretical knowledge but also tap into their up-to-date experience, skills and tips. A Kaspersky report shows malware can survive in a company’s digital environment for months and even years under the radar. After completing the course you will be able to verify and handle threats quicker in order to minimize the impact and contain the damage.

Syllabus

Introduction
Incident response process
Incident detection: Network & System based
Evidence acquisition
Memory analysis
Log file analysis
Network analysis
Cyber Threat Intelligence (CTI)

Windows incident response

ادامه مطلب

دوره Kaspersky – Targeted malware reverse engineering

Skilled reverse engineers aren’t born – they’re made by experience. If you are a cybersecurity specialist with a good understanding of malware analysis methodologies & tools and are looking for more confidence in applying your skills, you can bridge the gap by working hands-on with real-life cases.

With this challenge in mind, our intermediate-level course is built around analysis of 10 targeted malware cases used in the wild by powerful APT actors recently. Cases including MontysThreeLuckyMouse & Lazarus have been researched personally by our trainers as part of their work in the Kaspersky GReAT team – so you will get first-hand knowledge and best practices from their exclusive research.

By working in the dedicated virtual lab, using an array of tools like IDA Pro, Hex-Rays decompiler, Hiew, 010Editor and many others, you will gain practical experience analyzing real-life targeted malware and will become a more efficient malware analyst and reverse engineer and prove your skills are relevant to today’s threat landscape.

Syllabus

Introduction and Chafer
LuckyMouse
Biodata Exploit
Topinambour
Biodata Trojan
DeathStalker
MontysThree
Lazarus Group
Cloud Snooper
Cycldek’s Tried

Targeted malware reverse engineering

ادامه مطلب

دوره Kaspersky – Suricata for Incident Response and Threat Hunting

Suricata is the foundation for effective intrusion detection and prevention. With cyber attacks on the rise it’s more crucial than ever for businesses, enterprises or cybersecurity consultancies to have a comprehensive security strategy in place. And that’s where Suricata rules come to the rescue. The “Suricata for Incident Response and Threat Hunting” course from Kaspersky xTraining is the ultimate training program taught by Kaspersky’s leading security researcher who has spent years on the front lines of cyber defense, Tatyana Shishkova. She will share unique insights and sophisticated tips and tricks, giving you an unparalleled understanding of the IDS/IPS within the Suricata rules framework. The course is created for companies aiming to power up their security policy and individual learners, looking to advance their career in cyber security. Whether you’re a beginner specialist or a seasoned professional in security or SOC analysis, security administration, malware research or incident response, it will give you the knowledge and skills to stay ahead of the ever-evolving threat landscape. Learn how to write and implement Suricata rules to detect and block even the most advanced threats. Gain a deep understanding of how the framework works, and how to use it for identifying and responding to attacks in real-time. Get practical experience to enhance your network security with hands-on exercises and various real-life scenarios.

Syllabus

Suricata Basics
Rule writing basics
Writing rules for HTTP protocol
Writing rules for DNS,TSP and SSL/TLS protocol
Advance Suricata features
Detecting typical attacks
Problem solving

Suricata for Incident Response and Threat Hunting

ادامه مطلب

جستجو در سایت