Kaspersky opens a treasure-box: our legendary training program on Advanced Malware Analysis Techniques. It helps established reverse engineers, incident responders & digital forensics specialists level-up their work on cybersecurity incidents and become unique experts. The main focus of the course is advanced static analysis because for cybersecurity incidents involving previously unseen malicious code, this is the most reliable way to determine functionality of the code and find actionable artefacts. It allows organizations affected by APTs to define adequate damage assessment and incident response. The course also heavily features our exclusive know-hows on the automation of decryption, decoding and other processing of the samples which helps not only optimize routine tasks, but preserves your work in the code. You will be introduced to a custom static analysis framework (available for download), proven to be very efficient during decades of Kaspersky APT research.

Syllabus

Introduction
Shell
Msfvenom
Bangladesh GPCA
Regin driver
Decrypt string
Driver
Miniduke
Rocra
Cobalt
Cloud Atlas
Miniduke PDF
Ragua Py2exe
Cridex
Carbanak
Snake

Advanced Malware Analysis Techniques

ادامه مطلب

Performing IT security audits at the enterprise level can be an overwhelming task. It is difficult to know where to start and which controls should be audited first. Audits often focus on things that are not as important, wasting precious time and resources. Management is left in the dark about the real risk to the organization’s mission. Operations staff can’t use the audit report to reproduce or remediate findings. AUD507 gives the student the tools, techniques and thought processes required to perform meaningful risk assessments and audits. Learn to use risk assessments to recommend which controls should be used and where they should be placed. Know which tools will help you focus your efforts and learn how to automate those tools for maximum effectiveness. 20 Hands-On Exercises

Syllabus

AUD507.1: Audit in the Enterprise and Cloud
AUD507.2: PowerShell, Windows System, and Domain Auditing
AUD507.3: Auditing Linux
AUD507.4: Auditing Cloud Infrastructure
AUD507.5: Auditing Web Applications
AUD507.6: Audit Wars

AUD507: Auditing Systems, Applications, and the Cloud

ادامه مطلب

FOR528: Ransomware and Cyber Extortion provides the hands-on training required for those who may need to respond to ransomware and/or cyber extortion incidents. The term “Ransomware” no longer refers to a simple encryptor that locks down resources. The advent of Human-Operated Ransomware (HumOR) along with the evolution of Ransomware-as-a-Service (RaaS) have created an entire ecosystem that thrives on hands-on the keyboard, well-planned attack campaigns. Furthermore, some cyber extortion actors carry out the full attack lifecycle yet skip the encryption phase. How do you deal with these threats? Our course uses deftly devised, real-world attacks and their subsequent forensic artifacts to provide you, the analyst, with everything you need to respond when either threat becomes a reality. 13 labs + Final day CTF

Syllabus

FOR528.1: Ransomware Incident Response Fundamentals
FOR528.2: Ransomware Modus Operandi
FOR528.3: Advanced Ransomware Concepts
FOR528.4: Ransomware Incident Response Challenge

FOR528: Ransomware and Cyber Extortion

ادامه مطلب

FOR518 is the first non-vendor-based Mac and iOS incident response and forensics course that focuses students on the raw data, in-depth detailed analysis, and how to get the most out of their Mac and iOS cases. The intense hands-on forensic analysis and incident response skills taught in the course will enable analysts to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device.

ادامه مطلب

Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems. The key is to constantly look for attacks that get past security systems, and to catch intrusions in progress, rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is known as ” threat hunting “. FOR508 teaches advanced skills to hunt, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and ransomeware operators.

ادامه مطلب

FOR498, a digital forensic acquisition training course, provides the necessary skills to identify the many and varied data storage mediums in use today, and how to collect and preserve this data in a forensically sound manner despite how and where it may be stored. It covers digital acquisition from computers, portable devices, networks, and the cloud. It then teaches the student rapid triage, or the art and science of identifying and starting to extract actionable intelligence from a hard drive in 90 minutes or less.

Syllabus

FOR498.1: Scene Prep, Management, and Storage Interfaces
FOR498.2: Portable Devices and Acquisition Processes
FOR498.3: Triage and Data Acquisition
FOR498.4: Non-Traditional and Cloud Acquisition
FOR498.5: Apple Acquisition and Internet of Things
FOR498.6: Beyond the Forensic Tools: The Deeper Dive

FOR498: Digital Acquisition and Rapid Triage

ادامه مطلب