ＨｉｄｅＺｅｒｏＯｎｅ

This course provides in-depth coverage of Linux and Unix security issues that includes specific configuration guidance and practical, real-world examples, tips, and tricks. We examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems, including vulnerabilities in the password authentication system, file system, virtual memory system, and applications that commonly run on Linux and Unix. The course will teach you the skills to use freely available tools to handle security issues, including SSH, AIDE, sudo, lsof, and many others. SANS’s practical approach uses hands-on exercises every day to ensure that you will be able to use these tools as soon as you return to work. We will also put these tools to work in a special section that covers simple forensic techniques for investigating compromised systems.

Syllabus

Hardening Linux/Unix Systems – Part 1

Hardening Linux/Unix Systems – Part 2

Hardening Linux/Unix Systems – Part 3

Application Security – Part 1

Application Security – Part 2

Digital Forensics for Linux/Unix

SEC506: Securing Linux/Unix

The RTFM Video Library is an invaluable resource for serious Red Team members who find themselves on critical missions. Led by a seasoned Red Team operator, this high-quality video series delves into various aspects of offensive security, providing practical guidance and insights.

Syllabus

1: Infrastructure Setup
2: Initial Access
3: Situational Awareness
4: User Level Persistence
5: Escalation
6: Lateral Movement
7: Active Directory Enumeration
8: Domain Fortification
9: Hunting for User Workstations
10: Active Directory Forest Compromise
11: Secret Enclave Compromise
12: Pivoting through Tunnels

RTFM – Red Team Field Manual

Enterprises have been working tirelessly to improve their security postures through defense-in-depth approaches. Offensive teams have also been putting in long hours of research into bypassing the latest EDR’s and defensive products that keep them on their toes. Long gone “hopefully” are the days of hurdling an HTA file laced with a download cradle at a mature organization with a “Free iPad” ruse and watching your screen fill with incoming agents. An offense-in-depth approach may be applied to offensive practitioner’s looking for success against organizations well-versed in defending a large enterprise. Today’s organizations have assets in multiple geo regions, networks, cloud services, border hosts, and many of them are tied to the internal network in some way. This course aims to help offensive practitioners successfully exercise their client environments from a multi-faceted approach using the latest TTPs blended with esoteric practices to gain the upper hand on your assessments.

Antisyphon: Enterprise Attack Initial Access w/ Steve Borosh

SEC455 serves as an important primer to those who are unfamiliar with the architecture of an Elastic-based SIEM. Students that have taken or plan to take additional cyber defense courses may find SEC455 to be a helpful supplement to the advanced concepts they will encounter in courses such as SEC555.

Syllabus

If you are worried about leading or supporting a major cyber incident, then this is the course for you. We look at all the common and major cyber incident types and explain what the key issues are and how plan a recovery. This cyber incident management training course focuses on the challenges facing leaders and incident commanders as they work to bring enterprise networks back online and get business moving again. Whilst you may have a full team of technical staff standing-by to find, understand and remove the attackers, they need information, tasking, managing, supporting, and listening to so you can maximize their utilization and effectiveness. We focus on building a team to remediate the incident, on managing that team, on distilling the critical data for briefing, and how to run that briefing. We look at communication at all levels from the hands-on team to the executives and Board, investigative journalists, and even the attackers.

MGT535.1: Understanding and Communicating About the Incident
MGT535.2: Scoping the Damage, Planning the Remediation, and Executing the Plan
MGT535.3: Training, Leveraging Cyber Threat Intelligence, Bug Bounties
MGT535.4: Cloud Incidents, Business Email Compromise, Credential Theft Attacks and Incident Metrics
MGT535.5: AI for Incidents, Attacker Extortion, Ransomware, and Capstone Exercise