ＨｉｄｅＺｅｒｏＯｎｅ

FOR710: Reverse-Engineering Malware – Advanced Code Analysis prepares malware specialists to dissect sophisticated Windows executables, such as those that dominate the headlines and preoccupy incident response teams across the globe. This course not only includes the necessary background and instructor-led walk throughs, but also provides students with numerous opportunities to tackle real-world reverse engineering scenarios during class.

Learn to turn malware inside out! This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.

FOR610.1: Malware Analysis Fundamentals
FOR610.2: Reversing Malicious Code
FOR610.3: Analyzing Malicious Documents and Scripts
FOR610.4: In-Depth Malware Analysis
FOR610.5: Examining Self-Defending Malware
FOR610.6: Malware Analysis Tournament

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Cyber threat intelligence represents a force multiplier for organizations looking to update their response and detection programs to deal with increasingly sophisticated advanced persistent threats. Malware is an adversary’s tool but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders. During a targeted attack, an organization needs a top-notch and cutting-edge threat hunting or incident response team armed with the threat intelligence necessary to understand how adversaries operate and to counter the threat. FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape.

FOR578: Cyber Threat Intelligence

Whether you handle an intrusion incident, data theft case, employee misuse scenario, or are engaged in proactive adversary discovery, the network often provides an unparalleled view of the incident. SANS FOR572 covers the tools, technology, and processes required to integrate network evidence sources into your investigations to provide better findings, and to get the job done faster.

FOR572.1: Off the Disk and Onto the Wire
FOR572.2: Core Protocols & Log Aggregation/Analysis
FOR572.3: NetFlow and File Access Protocols
FOR572.4: Commercial Tools, Wireless, and Full-Packet Hunting
FOR572.5: Encryption, Protocol Reversing, OPSEC, and Intel
FOR572.6: Network Forensics Capstone Challenge

FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

The world is changing and so is the data we need to conduct our investigations. Cloud platforms change how data is stored and accessed. They remove the examiner’s ability to put their hands directly on the systems. Many examiners are trying to force old methods for on-premise examination onto cloud hosted platforms. Rather than resisting change, examiners must learn to embrace the new opportunities presented to them in the form of new evidence sources. FOR509: Enterprise Cloud Forensics and Incident Response addresses today’s need to bring examiners up to speed with the rapidly changing world of enterprise cloud environments by uncovering the new evidence sources that only exist in the Cloud.

The rapid adoption of cloud services has created exciting new business capabilities and new cyber-attack opportunities. To detect these threats, companies require skilled security analysts who understand attack techniques, perform cloud security monitoring and investigations, and detection capabilities across the organization. The SEC541 course focuses on Cloud Threat Detection, covering various attack techniques used against cloud infrastructure and teaching the observation, detection, and analysis of cloud telemetry. With 20 hands-on labs and CTF, this course equips security analysts, detection engineers, and threat hunters with practical skills and knowledge to safeguard their organization’s cloud infrastructure against potential threats. Upon completion, you can apply these newfound skills to help keep your organization’s cloud infrastructure secure.

SEC541.1: Management Plane and Networking Logging
SEC541.2: Computer and Cloud Services Logging
SEC541.3: Cloud Services and Data Discovery
SEC541.4: Microsoft Ecosystem
SEC541.5: Automate Response Actions and CloudWars

SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection