برچسب: Analysis

SEC575 will prepare you to effectively evaluate the security of iOS and Android mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test, which are all critical skills required to protect and defend mobile device deployments. You will learn how to pen test the biggest attack surface in your organization; dive deep into evaluating mobile apps and operating systems and their associated infrastructure; and better defend your organization against the onslaught of mobile device attacks.

Syllabus

SEC575.1: iOS
SEC575.2: Android
SEC575.3: Static Application Analysis
SEC575.4: Dynamic Mobile Application Analysis and Manipulation
SEC575.5: Penetration Testing
SEC575.6: Hands-on Capture-the-Flag Event

SEC575: iOS and Android Application Security Analysis and Penetration Testing

ادامه مطلب


CyberChef for Security Analysts will teach you how to use CyberChef to perform common data manipulation, transformation, deobfuscation, and extraction techniques using real security data*. This isn’t just a simple tutorial, you’ll work through diverse exercises using real-world security data to build a toolkit of techniques.Simply put, CyberChef for Security Analysts is an example-driven master class on dealing with the most common types of data you’ll encounter in common blue team roles like SOC analysts, malware reverse engineering, forensic investigations, threat hunting, and threat intelligence.

Syllabus

  • CyberChef Basics
  • Character Encoding and Encryption
  • Data Formatting, Parsing, and other Manipulation
  • Defeating Malware Obfuscation
  • Log File and Forensic Analysis Techniques
  • Image Manipulation
  • HTTP Requests and JSON Data

CyberChef for Security Analysts

ادامه مطلب
It’s time to master your data. This course will teach you how to use the Elasticsearch, Logstash, and Kibana (ELK) to build your own IDS console, investigation platform, or security analysis lab. You must master your data If you want to catch bad guys and find evil. But, how can you do that? That’s where the ELK stack comes in. ELK is Elasticsearch, Logstash, and Kibana and together they provide a framework for collecting, storing, and investigating network security data. In this course, you’ll learn how to use this powerful trio to perform security analysis. This isn’t just an ELK course, it’s a course on how to use ELK specifically for incident responders, network security monitoring analysts, and other security blue teamers.

Syllabus

  • Elasticsearch: How data is stored and indexed. Working with JSON documents.
  • Logstash: How to collect and manipulate structured and unstructured data.
  • Kibana: Techniques for searching data and building useful visualizations and dashboards.
  • Beats: Use the agent to ship data from endpoints and servers to your ELK systems.
  • HTTP Proxy Logs
  • File-Based Logs (Unix, auth, and application logs)
  • Windows Events & Sysmon Data
  • NetFlow Data
  • IDS Alerts
  • Dealing with any CSV file you’re handed
  • Parsing unstructured logs, no matter how weird they are

Applied Network Defense | ELK for Security Analysis

ادامه مطلب

Osquery for Security Analysis will teach you how to use Osquery to perform thorough investigations of hosts on your network. This isn’t just an Osquery tutorial, it’s a course designed to help you improve your host-based investigation skills using one of the best tools for the job.

syllabus

  • How to craft SQL queries to interrogate Windows, Linux, and MacOS hosts
  • Common queries for performing software inventory and asset control
  • Strategies for interrogating processes to determine if they are malicious
  • Techniques for uncovering persistence and lateral movement
  • Triaging suspicious systems using high-value data tables
  • Hunting leveraging MITRE ATT&CK techniques
  • Complete deployment of distributed Osquery across your network using FleetDM and ElasticStack
  • How to leverage differential queries to monitor state changes and generate alerts
  • Extending Osquery with extensions

Applied Network Defense | Osquery for Security Analysis

ادامه مطلب

Capturing packets is easy, but making sense of them isn’t. This course will teach you the fundamentals of packet analysis. You’ll learn all about common protocols, how to troubleshoot network issues, and how to investigate security incidents at the packet level. It’s easy to fire up Wireshark and capture some packets…but making sense of them is another story. There’s nothing more frustrating than knowing the answers you need lie in a mountain of data that you don’t know how to sift through. That’s why I wrote the first Practical Packet Analysis book a decade ago. That book is now in its third edition, has been translated to several languages, and has sold over 25,000 copies. Now, I’m excited to create an online course based on the book. The Practical Packet Analysis online course is the best way to get hands on visual experience capturing, dissecting, and making sense of packets.

Syllabus

  • How networking works at the packet level.
  • How to interpret packet data at a fundamental level in hexadecimal or binary.
  • Basic and advanced analysis features of Wireshark.
  • How to analyze packets on the command line with tshark and tcpdump.
  • Reducing capture files with Berkeley packet filters and Wireshark display filters.
  • Techniques for capturing packets to make sure you’re collecting the right data.
  • How to interpret common network and transport layer protocols like IPv4, IPv6, ICMP, TCP, and UDP.
  • How to interpret common application layer protocols like HTTP, DNS, SMTP, and more.
  • Normal and abnormal stimulus and response patterns for common protocols.
  • Troubleshooting connectivity issues at the packet level.
  • Techniques for carving files from packet streams.
  • Understanding network latency and how to locate the source.
  • How common network attacks are seen by an intrusion detection systems.
  • Techniques for investigating security alerts using packet data.
  • How malware communicates on the network.

Applied Network Defense | Practical Packet Analysis

ادامه مطلب
Splunk is a data analysis platform that allows security practitioners to centralize data, search through it, correlate events, and create security analytics and dashboards. It’s also the most popular commercial SIEM used by security teams to perform investigations and threat hunting. Splunk for Security Analysts will teach you how to use Splunk to onboard data, extract meaningful fields, and search through it using real security data to conduct security research and investigations. This course goes beyond the documentation to provide a diverse set of real-world security data that you’ll use to gain confidence with Splunk’s extensive capabilities.

syllabus

The Splunk Data Pipeline
Data Onboarding
Finding and Exploring Data
Enrichment and Advanced Filtering
Sharing, Scheduling, and Alerting
Visualization and Dashboards
ادامه مطلب