نویسنده: Admin

In today’s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. To achieve this, malware authors employ a wide variety of obfuscation and anti-analysis techniques at each phase of an attack. Developing the skills necessary as a malware analyst to properly detect, triage and reverse engineer advanced attacker intrusion tactics and techniques requires experience and a diverse set of tools and skills. In this path you will develop the skills and knowledge necessary to analyze malicious office documents, dig deep into native and interpreted code through disassembly and decompilation, identify and defeat prevalent obfuscation techniques. The courses in this path with take you from malware analysis basics to advanced topics so that you can generate valuable threat intelligence to aid in your efforts to defend your organization, respond more effectively to an incident or gain deeper understanding of the latest malware threats. This skills path may assist in attaining the knowledge and skills outlined in the NICE Cybersecurity Workforce Framework in the following areas: K0259 & K0479 Knowledge of malware analysis concepts and methodologies. S0131 Skill in analyzing malware.

Syllabus

Malware Analysis Fundamentals

Malware Analysis: Initial Access Techniques

Malware Analysis: Malicious Activity Detection

Malware Analysis: Initial File Triage

Getting Started Analyzing Malware Infections

Getting Started with Reverse Engineering

Pluralsight: Malware Analysis

ادامه مطلب

Virtualization is used by IT professionals in the datacenter, on the desktop, and in the cloud to gain tremendous efficiency. In this path, you’ll learn everything you need to know about server, desktop, storage, and network virtualization to get you started in today’s virtualization-dependent world.

Syllabus

Virtualization: The Big Picture

Fundamentals of Server Virtualization

Fundamentals of Storage Virtualization

Fundamentals of Network Virtualization

Virtualization in the Real World

Pluralsight: Fundamentals of Virtualization

ادامه مطلب

Testing network security controls and discovering vulnerabilities are important parts of any organizations security plan. Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

Syllabus

Getting Started with Nmap 7

Testing Security Controls and Detecting Vulnerabilities with Nmap 7

Maximizing Nmap 7 for Security Auditing

Scanning for Vulnerabilities with Nmap 7 Scripting Engine (NSE)

Pluralsight: Information Security Testing and Auditing with Nmap

ادامه مطلب

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Further details on the MITRE ATT&CK® framework can be found at https://attack.mitre.org/ Our red team operations tooling courses map to the MITRE ATT&CK® matrix tactics, techniques, and procedures. Each course focuses on the use of a specific industry-standard, generally open source, tool to carry out adversary emulation. Knowing what a tool is and how it can perform a specific task, will ultimately lend to your ability as an organization or an individual to detect and defend against specific attack vectors.

Syllabus

Introduction

ATT&CK – Reconnaissance (TA0043)

ATT&CK – Resource Development (TA0042)

ATT&CK – Initial Access (TA0001)

ATT&CK – Execution (TA0002)

ATT&CK – Persistence (TA0003)

ATT&CK – Privilege Escalation (TA0004)

ATT&CK – Defense Evasion (TA0005)

ATT&CK – Credential Access (TA0006)

ATT&CK – Discovery (TA0007)

ATT&CK – Lateral Movement (TA0008)

ATT&CK – Collection (TA0009)

ATT&CK – Command and Control (TA0011)

ATT&CK – Exfiltration (TA0010)

ATT&CK – Impact (TA0040)

Pluralsight: Red Team Tools

ادامه مطلب

What is the use of Burp Suite? Burp Suite is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite is installed by default in Kali Linux. The tool is written in Java and developed by PortSwigger Web Security. The tool has three editions: a Community Edition that can be downloaded free of charge, a Professional Edition and an Enterprise Edition that can be purchased after a trial period. The Community edition has significantly reduced functionality. It intends to provide a comprehensive solution for web application security checks. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.

Syllabus

Web Application Penetration Testing with Burp Suite

Advanced Web Application Penetration Testing with Burp Suite

Writing Burp Suite Macros and Plugins

Pluralsight: Web Security Testing with Burp Suite

ادامه مطلب

This skill focuses on creating shell scripts using Bash and/or Z Shell to automate just about any task on a UNIX system. With the skills here, you’ll maximize your productivity by using shell scripts to automate tasks and make your life easier.

Syllabus

Getting Started with Shell Scripting for Bash and Z Shell

Mastering Bash and Z Shell Scripting Syntax

Operationalizing Bash and Z Shell Scripts

Pluralsight: Shell Scripting with Bash and Z Shell

ادامه مطلب