Whether you handle an intrusion incident, data theft case, employee misuse scenario, or are engaged in proactive adversary discovery, the network often provides an unparalleled view of the incident. SANS FOR572 covers the tools, technology, and processes required to integrate network evidence sources into your investigations to provide better findings, and to get the job done faster.

Syllabus

FOR572.1: Off the Disk and Onto the Wire
FOR572.2: Core Protocols & Log Aggregation/Analysis
FOR572.3: NetFlow and File Access Protocols
FOR572.4: Commercial Tools, Wireless, and Full-Packet Hunting
FOR572.5: Encryption, Protocol Reversing, OPSEC, and Intel
FOR572.6: Network Forensics Capstone Challenge

FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

ادامه مطلب

The world is changing and so is the data we need to conduct our investigations. Cloud platforms change how data is stored and accessed. They remove the examiner’s ability to put their hands directly on the systems. Many examiners are trying to force old methods for on-premise examination onto cloud hosted platforms. Rather than resisting change, examiners must learn to embrace the new opportunities presented to them in the form of new evidence sources. FOR509: Enterprise Cloud Forensics and Incident Response addresses today’s need to bring examiners up to speed with the rapidly changing world of enterprise cloud environments by uncovering the new evidence sources that only exist in the Cloud.

Syllabus

FOR509.1: Microsoft 365 and Graph API
FOR509.2: Microsoft Azure
FOR509.3: Amazon (AWS)
FOR509.4: Google Workspace
FOR509.5: Google Cloud
FOR509.6: Multi-Cloud Intrusion Challenge

FOR509: Enterprise Cloud Forensics and Incident Response

ادامه مطلب

The rapid adoption of cloud services has created exciting new business capabilities and new cyber-attack opportunities. To detect these threats, companies require skilled security analysts who understand attack techniques, perform cloud security monitoring and investigations, and detection capabilities across the organization. The SEC541 course focuses on Cloud Threat Detection, covering various attack techniques used against cloud infrastructure and teaching the observation, detection, and analysis of cloud telemetry. With 20 hands-on labs and CTF, this course equips security analysts, detection engineers, and threat hunters with practical skills and knowledge to safeguard their organization’s cloud infrastructure against potential threats. Upon completion, you can apply these newfound skills to help keep your organization’s cloud infrastructure secure.

Syllabus

SEC541.1: Management Plane and Networking Logging
SEC541.2: Computer and Cloud Services Logging
SEC541.3: Cloud Services and Data Discovery
SEC541.4: Microsoft Ecosystem
SEC541.5: Automate Response Actions and CloudWars

SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection

ادامه مطلب

SEC504 helps you develop the skills to conduct incident response investigations. You will learn how to apply a dynamic incident response process to evolving cyber threats, and how to develop threat intelligence to mount effective defense strategies for cloud and on-premises platforms. You’ll examine the latest threats to organizations, from watering hole attacks to business email compromise, getting you into the mindset of attackers and anticipating their moves. SEC504 gives you the skills you need to understand how attackers scan, exploit, pivot, and establish persistence in cloud and conventional systems. To reinforce these skills, and to help you retain the course material, 50% of class time is spent on hands-on exercises, using visual association tools to break down complex topics. This course prepares you to conduct cyber investigations and will boost your career by helping you develop these in-demand skills. 33 full labs, 18 Lightning Labs, and an immersive capture the flag event.

Syllabus

SEC504.1: Incident Response and Cyber Investigations
SEC504.2: Recon, Scanning, and Enumeration Attacks
SEC504.3: Password and Access Attacks
SEC504.4: Public-Facing and Drive-By Attacks
SEC504.5: Evasion and Post-Exploitation Attacks
SEC504.6: Capture-the-Flag Event

SEC504: Hacker Tools, Techniques, and Incident Handling

ادامه مطلب

Whether you are new to information security or a seasoned practitioner with a specialized focus, SEC401 will provide the essential information security skills and techniques you need to protect and secure your critical information and technology assets, whether on-premise or in the cloud. SEC401 will also show you how to directly apply the concept learned into a winning defensive strategy, all in the terms of the modern adversary. This is how we fight; this is how we win! 18 Hands-On Labs

Syllabus

SEC401.1: Network Security and Cloud Essentials
SEC401.2: Defense in Depth
SEC401.3: Vulnerability Management and Response
SEC401.4: Data Security Technologies
SEC401.5: Windows and Azure Security
SEC401.6: Linux, AWS, and Mac Security

SEC401: Security Essentials – Network, Endpoint, and Cloud

ادامه مطلب