System Forensics and Incident Handling: Masterclass

 

Fyrir hverja:

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

Tæknin: Microsoft Windows Infrastructure
Kennsluaðferð: Hægt að velja um staðnám og/eða fjarkennslu í beinni
Lengd námskeiðs: 3 dagar
Tungumál: Kennsla er á ensku, kennsluefni er á ensku
Kennari: Greg Tworek, sérfræðingur í teymi Paula Januszkiewicz

 

This is a deep dive course on security operations: vulnerability management, anomalies detection, discovery of industry attacks and threats, understanding how compromised system or solution looks like, defining the indicators of the attack, incident handling also daily servicing on SIEM platform. We will also walk through the advanced access rights, password mechanisms, windows internals, PowerShell usage for security purposes, gaining unauthorized access, advanced DNS configuration and common configuration mistakes, forensics techniques, Active Directory security, IIS Security, debugging, advanced monitoring and troubleshooting and much more! Topics covered during this training will help you to walk in hackers’ shoes and evaluate your infrastructure from their point of view.

The course is delivered by Paula Januszkiewicz, one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions. 

The secure infrastructure configuration should be the most important line of defense in every organization. Unfortunately, people, the most valuable resource, are not always aware of the level of security in their companies, possible points of entry, how operating systems are attacked, and how to protect the infrastructure from successful attacks which are sometimes caused by configuration mistakes. Understanding internal OS protection mechanisms and services/roles completely provides a huge impact on the whole infrastructure security level. Unfortunately, the problem is… rarely anyone has this impact!

This training focuses on detecting, responding, and resolving computer security incidents and covers the following security techniques:

The steps of the incident handling process:

  • Detecting malicious applications and network activity
  • Common attack techniques that compromise hosts
  • Detecting and analyzing system and network vulnerabilities
  • Continuous process improvement by discovering the root causes of incidents

It is a must-go for enterprise administrators, security officers and architects. Delivered by one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.

Fyrir hverja?

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

Viðfangsefni

Module 1: Introduction to Incident Response and Handling
1. Types of Computer Security Incidents
2. Examples of Computer Security Incidents
3. Signs of an Incident
4. Incident Prioritization
5. Incident Response
6. Incident Handling
Module 2: System and Network Security Mechanisms
1. Integrity Levels
2. Anti-malware & Firewalls
3. Application Whitelisting, Application Virtualization
4. Privileged Accounts, Authentication, Monitoring, and UAC
5. Whole Disk Encryption
6. Browser Security
7. EMET
8. Dangerous Endpoint Applications Session Zero
9. Privileges, permissions and rights
10. Passwords security (techniques for getting and cracking passwords
11. Registry Internals
12. Monitoring Registry Activity
13. Boot configuration
14. Services architecture
15. Access tokens
16. Web Application Firewall
17. HTTP Proxies, Web Content Filtering, and SSL Decryption
18. SIMs, NIDS, Packet Captures, and DLP
19. Honeypots/Honeynets
20. Network Infrastructure – Routers, Switches, DHCP, DNS
21. Wireless Access Points
Module 3: Incident Response and Handling Steps
1. How to Identify an Incident
2. Handling Incidents Techniques
3. Incident Response Team Services
4. Defining the Relationship between Incident Response, Incident Handling, and Incident Management
5. Incident Response Best Practices
6. Incident Response Policy
7. Incident Response Plan Checklist
Module 4: Handling Network Security Incidents
1. Denial-of-Service Incidents
2. Distributed Denial-of-Service Attack
3. Detecting DoS Attack
4. Incident Handling Preparation for DoS
5. DoS Response and Preventing Strategies
6. Following the Containment Strategy to Stop DoS
7. Detecting Unauthorized Access Incident
8. Incident Handling Preparation

9. Incident Prevention
10. Following the Containment Strategy to Stop Unauthorized Access
11. Eradication and Recovery
12. Detecting the Inappropriate Usage Incidents
13. Multiple Component Incidents
14. Containment Strategy to Stop Multiple Component Incidents
15. Network Traffic Monitoring Tools
Module 5: Handling Malicious Code Incidents
1. Count of Malware Samples
2. Virus, Worms, Trojans and Spywares
3. Incident Handling Preparation
4. Incident Prevention
5. Detection of Malicious Code
6. Containment Strategy
7. Evidence Gathering and Handling
8. Eradication and Recovery
Module 6: Securing Monitoring Operations
1. Industry Best Practices
2. Critical Security Controls
3. Host, Port and Service Discovery
4. Vulnerability Scanning
5. Monitoring Patching, Applications, Service Logs
6. Detecting Malware via DNS logs
7. Monitoring Change to Devices and Appliances
8. Leveraging Proxy and Firewall Data
9. Configuring Centralized Windows Event Log Collection
10. Monitoring Critical Windows Events
11. Detecting Malware via Windows Event Logs
12. Scripting and Automation
13. Importance of Automation
14. PowerShell
Module 7: Forensics Basics
1. Computer Forensics
2. Objectives of Forensics Analysis
3. Role of Forensics Analysis in Incident Response
4. Forensic Readiness And Business Continuity
5. Types of Computer Forensics
6. Computer Forensic Investigator
7. Computer Forensics Process
8. Collecting Electronic Evidence
9. Challenging Aspects of Digital Evidence
10. Forensics in the Information System Life Cycle
11. Forensic Analysis Guidelines
12. Forensics Analysis Tools
13. Memory acquisition techniques
14. Finding data and activities in memory
15. Tools and techniques to perform memory forensic

Námsefni

Students will be provided with author’s unique tools, over 300 pages of exercises, presentations slides with notes.

Annað

Styrkir: Flest stéttarfélög og fagfélög styrkja félagsmenn sína myndarlega til náms hjá okkur. Kannaðu rétt þinn hjá þínu félagi. Þú getur líka haft samband okkur í síma 519-7550 eða sendu okkur línu á promennt@promennt.is og við aðstoðum þig við að finna út úr hvaða styrkjum þú átt rétt á.
Fjarkennsla í beinni: Við minnum á að þetta námskeið er einnig hægt að taka í fjarkennslu í beinni útsendingu sem þýðir einfaldlega að þú getur tekið þátt í kennslustundinni algjörlega óháð staðsetningu. Hvort sem þú býrð á höfuðborgarsvæðinu og hefur ekki tök á að mæta í kennslustofuna, úti á landi eða erlendis, það skiptir ekki máli.

Vinsamlegast athugið að dagsetningar eru birtar með fyrirvara um að lágmarksþátttaka náist á námskeiðið.