ＨｉｄｅＺｅｒｏＯｎｅ

In today’s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. To achieve this, malware authors employ a wide variety of obfuscation and anti-analysis techniques at each phase of an attack. Developing the skills necessary as a malware analyst to properly detect, triage and reverse engineer advanced attacker intrusion tactics and techniques requires experience and a diverse set of tools and skills. In this path you will develop the skills and knowledge necessary to analyze malicious office documents, dig deep into native and interpreted code through disassembly and decompilation, identify and defeat prevalent obfuscation techniques. The courses in this path with take you from malware analysis basics to advanced topics so that you can generate valuable threat intelligence to aid in your efforts to defend your organization, respond more effectively to an incident or gain deeper understanding of the latest malware threats. This skills path may assist in attaining the knowledge and skills outlined in the NICE Cybersecurity Workforce Framework in the following areas: K0259 & K0479 Knowledge of malware analysis concepts and methodologies. S0131 Skill in analyzing malware.

Syllabus

Malware Analysis Fundamentals

Malware Analysis: Initial Access Techniques

Malware Analysis: Malicious Activity Detection

Malware Analysis: Initial File Triage

Getting Started Analyzing Malware Infections

Getting Started with Reverse Engineering

Pluralsight: Malware Analysis

Syllabus

Virtualization: The Big Picture

Fundamentals of Server Virtualization

Fundamentals of Storage Virtualization

Fundamentals of Network Virtualization

Virtualization in the Real World

Pluralsight: Fundamentals of Virtualization

Syllabus

Getting Started with Nmap 7

Testing Security Controls and Detecting Vulnerabilities with Nmap 7

Maximizing Nmap 7 for Security Auditing

Scanning for Vulnerabilities with Nmap 7 Scripting Engine (NSE)

Pluralsight: Information Security Testing and Auditing with Nmap

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Further details on the MITRE ATT&CK® framework can be found at https://attack.mitre.org/ Our red team operations tooling courses map to the MITRE ATT&CK® matrix tactics, techniques, and procedures. Each course focuses on the use of a specific industry-standard, generally open source, tool to carry out adversary emulation. Knowing what a tool is and how it can perform a specific task, will ultimately lend to your ability as an organization or an individual to detect and defend against specific attack vectors.

Syllabus

Introduction

ATT&CK – Reconnaissance (TA0043)

ATT&CK – Resource Development (TA0042)

ATT&CK – Initial Access (TA0001)

ATT&CK – Execution (TA0002)

ATT&CK – Persistence (TA0003)

ATT&CK – Privilege Escalation (TA0004)

ATT&CK – Defense Evasion (TA0005)

ATT&CK – Credential Access (TA0006)

ATT&CK – Discovery (TA0007)

ATT&CK – Lateral Movement (TA0008)

ATT&CK – Collection (TA0009)

ATT&CK – Command and Control (TA0011)

ATT&CK – Exfiltration (TA0010)

ATT&CK – Impact (TA0040)

Pluralsight: Red Team Tools

What is the use of Burp Suite? Burp Suite is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite is installed by default in Kali Linux. The tool is written in Java and developed by PortSwigger Web Security. The tool has three editions: a Community Edition that can be downloaded free of charge, a Professional Edition and an Enterprise Edition that can be purchased after a trial period. The Community edition has significantly reduced functionality. It intends to provide a comprehensive solution for web application security checks. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.

Syllabus

Web Application Penetration Testing with Burp Suite

Advanced Web Application Penetration Testing with Burp Suite

Writing Burp Suite Macros and Plugins

Pluralsight: Web Security Testing with Burp Suite