نویسنده: Admin

SEC487 will teach students legitimate and effective ways to find, gather, and analyze this data from the Internet. You’ll learn about reliable places to harvest data using manual and automated methods and tools. Once you have the data, we’ll show you how to ensure that it is analyzed, sound, and useful to your investigations.

This is a foundational course in open-source intelligence (OSINT) gathering and, as such, will move quickly through many areas of the field. The course will teach you current, real-world skills, techniques, and tools that law enforcement, private investigators, cyber attackers, and defenders use to scour the massive amount of information across the Internet, analyze the results, and pivot on interesting pieces of data to find other areas for investigation. Our goal is to provide the OSINT knowledge base for students to be successful in their fields whether they are cyber defenders, threat intelligence analysts, private investigators, insurance claims investigators, intelligence analysts, law enforcement personnel, or just someone curious about OSINT.

ادامه مطلب

SEC556 facilitates examining the entire IoT ecosystem, helping you build the vital skills needed to identify, assess, and exploit basic and complex security mechanisms in IoT devices. This course gives you tools and hands-on techniques necessary to evaluate the ever-expanding IoT attack surface.

Syllabus

SEC556.1: Introduction to IoT Network Traffic and Web Services
SEC556.2: Exploiting IoT Hardware Interfaces and Analyzing Firmware
SEC556.3: Exploiting Wireless IoT: WiFi, BLE, Zigbee, LoRA, and SDR

SEC556: IoT Penetration Testing

ادامه مطلب

SEC699 is SANS’s advanced purple team offering, with a key focus on adversary emulation for data breach prevention and detection. Throughout this course, students will learn how real-life threat actors can be emulated in a realistic enterprise environment, including multiple AD forests. In true purple fashion, the goal of the course is to educate students on how adversarial techniques can be emulated (manual and automated) and detected (use cases / rules and anomaly-based detection). A natural follow-up to SEC599, this is an advanced SANS course offering, with 60 percent of class time spent in 29 hands-on labs!

Syllabus

SEC699.1: Introduction & Key Tools
SEC699.2: Initial Intrusion Strategies Emulation & Detection
SEC699.3: Privilege Escalation & Lateral Movement Emulation & Detection
SEC699.4: Persistence Emulation & Detection
SEC699.5: Emulation Plans (Extended Access To CTF Range)

SEC699: Advanced Purple Teaming – Adversary Emulation & Detection Engineering

ادامه مطلب

Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses will arm you with the knowledge and expertise you need to overcome today’s threats. Recognizing that a prevent-only strategy is not sufficient, we will introduce security controls aimed at stopping, detecting, and responding to your adversaries through a purple team strategy. 20+ Hands-on Labs & a unique APT Defender Capstone

Syllabus

SEC599.1: Introduction and Reconnaissance
SEC599.2: Payload Delivery and Execution
SEC599.3: Exploitation, Persistence, and Command and Control
SEC599.4: Lateral Movement
SEC599.5: Action on Objectives, Threat Hunting, and Incident Response
SEC599.6: APT Defender Capstone

SEC599: Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses

ادامه مطلب

Develop and improve Red Team operations for security controls in SEC565 through adversary emulation, cyber threat intelligence, Red Team tradecraft, and engagement planning. Learn how to execute consistent and repeatable Red Team engagements that are focused on the effectiveness of the people, processes, and technology used to defend environments.

Syllabus

SEC565.1: Planning Adversary Emulation and Threat Intelligence
SEC565.2: Attack Infrastructure and Operational Security
SEC565.3: Getting In and Staying In
SEC565.4: Active Directory Attacks and Lateral Movement
SEC565.5: Obtaining the Objective and Reporting
SEC565.6: Immersive Red Team Capture-the-Flag

SEC565: Red Team Operations and Adversary Emulation

ادامه مطلب

Many organizations have logging capabilities but lack the people and processes to analyze them. In addition, logging systems collect vast amounts of data from a variety of data sources which require an understanding of the sources for proper analysis. This class is designed to provide training, methods, and processes for enhancing existing logging solutions. This class will also provide the understanding of the when, what, and why behind the logs. This is a lab-heavy course that utilizes SOF-ELK, a SANS-sponsored free SIEM solution, to train hands-on experience and provide the mindset for large-scale data analysis.

Syllabus

SEC555.1: SIEM Architecture
SEC555.2: Service Profiling with SIEM
SEC555.3: Advanced Endpoint Analytics
SEC555.4: Baselining and User Behavior Monitoring
SEC555.5: Tactical SIEM Detection and Post-Mortem Analysis
SEC555.6: Capstone: Design, Detect, Defend

SEC555: SIEM with Tactical Analytics

ادامه مطلب