SEC583 is a one-day, lab-heavy course designed to teach the powerful skill of how to craft and manipulate packets through the use of many hands-on activities. This skill can be used to test policies, behaviors, and configurations and will also provide deeper understanding of TCP/IP and application protocols.
SEC583.1: Crafting packets
One of today’s most rapidly evolving and widely deployed technologies is server virtualization. SEC579: Virtualization and Software-Defined Security is intended to help security, IT operations, and audit and compliance professionals build, defend, and properly assess both virtual and converged infrastructures, as well as understand software-defined networking and infrastructure security risks. Many organizations are already realizing cost savings from implementing virtualized servers, and systems administrators love the ease of deployment and management of virtualized systems. More and more organizations are deploying desktop, application, and network virtualization as well. There are even security benefits of virtualization: easier business continuity and disaster recovery, single points of control over multiple systems, role-based access, and additional auditing and logging capabilities for large infrastructure. With these benefits comes a dark side, however. Virtualization technology is the focus of many new potential threats and exploits, and it presents new vulnerabilities that must be managed. There are also a vast number of configuration options that security and system administrators need to understand, with an added layer of complexity that has to be managed by operations teams. Virtualization technologies also connect to network infrastructure and storage networks, and require careful planning with regard to access controls, user permissions, and traditional security controls. In addition, many organizations are evolving virtualized infrastructure into private clouds using converged infrastructure that employs software-defined tools and programmable stack layers to control large, complex data centers. Security architecture, policies, and processes will need to be adapted to work within a converged infrastructure, and there are many changes that security and operations teams will need to accommodate to ensure that assets are protected.
SEC579.1: Core Concepts of Virtualization Security
SEC579.2: Virtualization and Software-Defined Security Architecture and Design
SEC579.3: Virtualization Threats, Vulnerabilities, and Attacks
SEC579.4: Defending Virtualization and Software-Defined Technologies
SEC579.5: Virtualization Operations, Auditing, and Monitoring
SEC549 offers an in-depth breakdown of security controls, services, and architecture models for public cloud environments. We cover brokering and security-as-a-service to help better secure SaaS access, containers and PaaS architecture and security considerations, and the entire spectrum of IaaS security offerings and capabilities. Between the lecture and a number of detailed hands-on labs, security operations, engineering, and architecture professionals will learn about all key areas of security controls in the cloud, how to properly architect them, the foundations of cloud defense and vulnerability management, as well as a primer on cloud security automation. Students will walk away with the tools and skills they need to help design secure cloud architecture for their own organizations.
SEC549.1: Cloud Security Models and Controls
SEC549.2: Cloud Security Architecture and Operations I
SEC549.3: Cloud Security Architecture and Operations II
SEC549.4: Cloud Security Offense + Defense Operations
SEC549.5: Cloud Security Automation and Orchestration
So you popped a shell, now what? Windows Post Exploitation focuses on four major components of any adversary simulation or red team exercise: enumeration, persistence, privilege escalation, and lateral movement. Each of these steps will be covered in detail with hands-on labs in a custom Active Directory environment. In addition, students will learn several modern techniques to minimize opportunities for detection. This course goes beyond teaching popular tactics, techniques, and procedures. Instead, students will learn how to covertly gather and leverage information about a target environment to achieve their objectives efficiently. A review of each post-ex capability will include discussion on the OPSEC implications and publicly documented detection recommendations. Open-source SIEM rules from Sigma and Elastic will be used as a starting point for avoiding alert generation. No technique is undetectable; the key is understanding an environment’s detection capabilities and choosing the best course of action.
This class is a distillation of what I’ve learned in my pentesting career about how to create a report that is both easy to read and hard to misunderstand. I will help you develop habits and support materials that simplify the work of reporting so you can get better results with less effort. Ask anyone who signs the checks which is worth more: a clear and actionable report from a tester with average technical skills, detailing how vulnerabilities were found and exploited, showing the impact of those exploits, and making concrete recommendations for improvement? Or a hastily-assembled list of compromised systems, thrown together by an elite hacker in the last hour of the contract after running a rampage through your networks? If you want to set yourself apart, work on your reporting skills. The hacks are ephemeral. The report lives forever. The hacks are fun – and they require your constant effort to keep current. The reporting is what makes this all a viable career – and once you know how to produce a good one, you can apply that skill endlessly as the computing world changes around you. This course helps you know what makes a good report good. It discusses the reporting mindset, and the foundational principles that always lead to a report you can be proud of, regardless of the tools you use for the test or for writing the report. We will look at some real reports as examples, and work together on ways to improve in the areas that are most important, as well as those that are most commonly neglected.
