ＨｉｄｅＺｅｒｏＯｎｅ

Whether you are new to information security or a seasoned practitioner with a specialized focus, SEC401 will provide the essential information security skills and techniques you need to protect and secure your critical information and technology assets, whether on-premise or in the cloud. SEC401 will also show you how to directly apply the concept learned into a winning defensive strategy, all in the terms of the modern adversary. This is how we fight; this is how we win! 18 Hands-On Labs

SANS Foundations is the best course available to learn the core knowledge and develop practical skills in computers, technology, and security foundations that are needed to kickstart a career in cybersecurity. The course features a comprehensive variety of innovative, hands-on labs, and practical exercises that go far beyond what is offered in any other foundational course in cybersecurity. These labs are developed by leading subject-matter experts, drawing on the latest technology, techniques, and concepts in cybersecurity.

It’s time to master your data. This course will teach you how to use the Elasticsearch, Logstash, and Kibana (ELK) to build your own IDS console, investigation platform, or security analysis lab. You must master your data If you want to catch bad guys and find evil. But, how can you do that? That’s where the ELK stack comes in. ELK is Elasticsearch, Logstash, and Kibana and together they provide a framework for collecting, storing, and investigating network security data. In this course, you’ll learn how to use this powerful trio to perform security analysis. This isn’t just an ELK course, it’s a course on how to use ELK specifically for incident responders, network security monitoring analysts, and other security blue teamers.

Syllabus

• Elasticsearch: How data is stored and indexed. Working with JSON documents.
• Logstash: How to collect and manipulate structured and unstructured data.
• Kibana: Techniques for searching data and building useful visualizations and dashboards.
• Beats: Use the agent to ship data from endpoints and servers to your ELK systems.
• HTTP Proxy Logs
• File-Based Logs (Unix, auth, and application logs)
• Windows Events & Sysmon Data
• NetFlow Data
• IDS Alerts
• Dealing with any CSV file you’re handed
• Parsing unstructured logs, no matter how weird they are

Applied Network Defense | ELK for Security Analysis

Most security analysis and detection tools support matching with regular expressions because of limitations in their own feature set. This means that if you can write regular expressions, you can search with infinite precision. This applies to IDS engines, SIEMs, and even command line tools like grep.

The phrase “searching for a needle in a haystack” is overused, but it’s a serious component of what security analysts do. A large part of our success is contingent on being able to search through large repositories of data and match things that meet very specific criteria.

Demystifying Regular Expressions will help you do exactly that.

Syllabus

• The most common uses of regular expressions and how to apply them in places you weren’t even aware of.
• The process of iteratively building and testing regular expressions for things you want to match.
• Techniques for overcoming common gotchas like dealing with whitespace
• How to Evaluate the efficiency of expressions by the number of steps it takes to match.
• A definitive guide to escaping so you’ll know when and how to do it
• How quantifiers can be used to match specific numbers of data occurrences
• How to use capture groups to reference specific matched content and perform additional operations on it
• Complex behavioral structures like lookarounds and conditionals
• The use of modifiers to match case-sensitive, enable free-spacing, or match in single line mode

Applied Network Defense | Demystifying Regular Expressions

Applied Network Defense | Practical Threat Hunting

Osquery for Security Analysis will teach you how to use Osquery to perform thorough investigations of hosts on your network. This isn’t just an Osquery tutorial, it’s a course designed to help you improve your host-based investigation skills using one of the best tools for the job.

syllabus

• How to craft SQL queries to interrogate Windows, Linux, and MacOS hosts
• Common queries for performing software inventory and asset control
• Strategies for interrogating processes to determine if they are malicious
• Techniques for uncovering persistence and lateral movement
• Triaging suspicious systems using high-value data tables
• Hunting leveraging MITRE ATT&CK techniques
• Complete deployment of distributed Osquery across your network using FleetDM and ElasticStack
• How to leverage differential queries to monitor state changes and generate alerts
• Extending Osquery with extensions

Applied Network Defense | Osquery for Security Analysis