ＨｉｄｅＺｅｒｏＯｎｅ

NIST defines an Intrusion Detection System (IDS) as software that looks for suspicious activity and alerts administrators. In the NIST Special Publication 800-62 it goes on to say that it is a security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner. NIST Special Publication 800-161 states that an Intrusion Prevention System (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. Such systems are key in enterprise network security monitoring. This skills path is designed for anyone looking to learn and utilize the most popular open source IDS/IPS tools; Snort, Suricata and Zeek (formally Bro). The learner can study the tool that best fits their needs and environment or review all three. For each tool you will gain an understanding of the fundamentals of each tool in the getting started courses. You’ll then discover scripting and rule sets, before looking at extensions, frameworks and integrations. The final course will be utilizing the tools in an enterprise environment or for distributed operations. 

Syllabus

1. Enterprise Security Monitoring with Snort
2. Enterprise Security Monitoring with Suricata
3. Enterprise Security Monitoring with Zeek (formerly Bro)

Pluralsight: Enterprise Security Monitoring with Open Source Network IDS & IPS

Regular expressions are universally embedded in the world of information technology. They are a part of many programming languages, databases, search engines, and command-line tools. As an information security professional, you are continuously analyzing textual data for indicators of compromise, juicy data morsels to exfiltrate, forensic artifacts, supporting evidence in threat hunting, and so much more. Familiarity with regular expressions is a skill, a very life-enhancing essence if you like, to take your information security analysis capabilities from “just ok” to “wizard level.” They are applicable in so many places that you really cannot afford to not have this knowledge.Join me for a four-hour session that takes you on a journey through regular expression POSIX, BRE, ERE, and PCRE syntax and explores various tools that you probably use daily through the lens of regular expressions. Your life will be forever changed when you can apply the power of regular expressions to your professional duties.

Antisyphon: Regular Expressions, Your New Lifestyle w/ Joff Thyer

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the addition of MITRE Shield, you now have a 360 degree view of attack scenarios and the data and capabilities needed to stop them.

Syllabus

Introduction
Network Analysis
OS Analysis
Infrastructure Analysis
File Analysis
Application Analysis
Incident Management
Threat Intelligence

Pluralsight: Blue Team Tools

The Windows system-level APIs provides a rich infrastructure for building Windows applications, whether client, server, and anything in between. This course guides the learner through the intricacies of the Windows API, while getting a deeper understanding of Windows mechanisms. The course deals with the most important parts of the Windows OS, such as processes, threads, memory management, I/O, services, security and more. Lab exercises help put the theoretical material into practical use.

Syllabus

Foundations

Objects and Handles

Processes

Jobs

Threads

Thread Synchronization

File and Device I/O

Memory Management

Dynamic Link Libraries

Security

Windowing

ScorpioSoftware: Windows System Programming

The Windows OS exposes many advanced services to system programmers through the Windows API, and to device driver writers through the Kernel API. The .NET framework wraps these services and runs on top of the Windows API and the Kernel. Good knowledge of what’s going on under the hood of the OS, which services are available and how to best utilize them helps in building better and more efficient software for Windows. Those working in the Cyber security space can greatly benefit from the course as it looks at all major Windows mechanisms. Lab exercises are used to reinforce the theoretical material.

Syllabus

System Architecture

Processes & Jobs

Threads

Memory Management

I/O System

Security

ScorpioSoftware: Windows Internals

If you are an application security enthusiast, we are sure that you must have wondered what it takes to find security issues in android apps. These android apps handles a huge amount of sensitive user data, perform critical functions and are a big part of day to day life. The security of these apps should be of utmost importance.

This course is designed to teach the skills required for testing android apps for security issues like insecure data storage, insecure communication, deep link exploitation and a lot more. The training apps are provided in the course to practice the learned skills. All the attendees will also be given access to a private slack channel to discuss about any issues, topics etc.

Syllabus

Introduction

Enciphers – Android Application Security