CBT Nuggets – SEC503 Network Monitoring and Threat Detection In-Depth

دوره SEC503 Network Monitoring and Threat Detection In-Depth متخصصان امنیت سایبری را برای تجزیه و تحلیل و رفتار ترافیک شبکه، شناسایی ترافیک غیرعادی یا ناخواسته و مدیریت تهدیدات و نفوذها آماده می‌کند. دوره SEC503  پرسنل امنیتی را با تجهیزات و تکنیک های لازم برای نظارت بر شبکه و شناسایی تهدیدها، نفوذها و حوادث احتمالی آشنا می کند. این دوره همه چیزهایی را که برای شناسایی تهدیدات احتمالی قبل از وقوع آنها نیاز دارید و همچنین اقداماتی که باید با نفوذ پس از وقوع آنها انجام دهید را پوشش می دهد. این یک دوره آموزشی پیشرفته در زمینه امنیت سایبری است، اما اطلاعات موجود در آن برای تقریباً هر متخصص امنیت سایبری، صرف نظر از اینکه در کجای حرفه خود هستند، ارزشمند است. پس از اتمام این آموزش مهارت های امنیت سایبری، می دانید که چگونه محتوا و رفتار ترافیک شبکه را تجزیه و تحلیل کنید، ترافیک غیرعادی یا ناخواسته را شناسایی کنید و با تهدیدات و نفوذها مقابله کنید. برای هر کسی که متخصصان امنیت سایبری را مدیریت می‌کند، این آموزش امنیت سایبری می‌تواند برای حضور متخصصان جدید امنیت سایبری، که در برنامه‌های آموزشی فردی یا تیمی تنظیم شده‌اند، به‌ عنوان منبع مرجع امنیت سایبری استفاده شود.

Date: 2023
Videos: 152
By: Erik Choron
Duration: 22 HOURS
Publisher: CBT Nuggets
Format: Video MP4 + Subtitle

This intermediate SEC503 prepares cybersecurity specialists to analyze the content and behavior of a network’s traffic, identify anomalous or unwanted traffic, and handle threats and intrusions. This course familiarizes security personnel with the equipment and techniques necessary to monitor a network and spot threats, intrusions, and potential incidents. This course covers everything you need to know to identify possible threats before they happen as well as what to do with intrusions once they’ve occurred. This is an advanced cybersecurity course, but the information in it would be valuable for nearly any cybersecurity professional, no matter where they are in their career. Once you’re done with this cybersecurity skills training, you’ll know how to analyze the content and behavior of a network’s traffic, identify anomalous or unwanted traffic, and handle threats and intrusions. For anyone who manages cybersecurity specialists, this cybersecurity training can be used to onboard new cybersecurity specialists, curated into individual or team training plans, or as a cybersecurity reference resource.

SEC503: What You Need to Know

This SEC503 training has videos that cover topics such as:

• Basics of intrusion detection and network security monitoring
• Capturing and analyzing traffic based on deep network protocol familiarity
• Identifying and investigating network-based attacks with packet analysis
• Responding to and handling incidents

Who Should Take SEC503 Training?

This SEC503 training is considered associate-level cybersecurity training, which means it was designed for cybersecurity specialists. This network monitoring and threat detection skills course is designed for cybersecurity specialists with three to five years of experience with cybersecurity.

New or aspiring cybersecurity specialists. If you want to work in cybersecurity, this course is a way to specialize and focus your technical expertise before you even begin your first job. Although you won’t want to take this course if you have no previous cybersecurity training, you should take it if you want to fast-track your way to positions related to threat detection and response.

Experienced cybersecurity specialists. If you’ve already got a few years of experience in cybersecurity, this course is a great way to build on that general foundation and focus it into one point: threat detection. Learn the intricacies of network traffic analysis, packet capture and analysis, and operating IDS and IPS – with that knowledge and experience, you’ll be prepared for promotions to advanced security positions.

Concepts of TCP/IP

1. Concepts of TCP/IP
7 mins
2. Part of the Bigger Picture
12 mins
3. Different parts of TCP/IP
6 mins
4. Were do we Get These Packets From?
10 mins
5. Replay the Traffic
3 mins
6. Learning Binary and Hex
6 mins

Introduction to Wireshark

1. Introduction to Wireshark
1 min
2. Uses of Wireshark
6 mins
3. Being Promiscuous
10 mins
4. Saving our Work for Later
9 mins
5. Exporting Things From Wireshark
12 mins
6. Filtering Results
8 mins

UNIX Command Line Processing

1. UNIX Command Line Processing
2 mins
2. Why UNIX?
10 mins
3. Network Analysis on POSIX-based Systems
9 mins
4. Burpsuite
10 mins
5. sslstrip
8 mins

Network Access Link Layer 2

1. Identifying Layer 2
7 mins
2. Layer 2 Communication
12 mins
3. Using Layer 2 as a Forwarding Address
10 mins
4. Where is Layer 2 in our Packet?
7 mins
5. Packet Examples
7 mins

IP Layer 3

1. IP Link Layer 3
1 min
2. Identifying Layer 3
9 mins
3. Layer 3 Communication
13 mins
4. Using Layer 3 as a Forwarding Address
9 mins
5. Where is Layer 3 in our Packet?
9 mins
6. Packet Examples
11 mins

Real-World Application: Researching a Network

1. Real-world Application
2 mins
2. Knowing the Packet
10 mins
3. Quirks in IP Addressing
7 mins
4. Layer 3 Protocols
10 mins
5. Encryption Issues
10 mins
6. Capturing Those Packets
7 mins

ICMP

1. ICMP
1 min
2. Identifying ICMP
7 mins
3. ICMP Communication
9 mins
4. ICMP Addressing
9 mins
5. Where is ICMP in our Packet?
14 mins
6. Packet Examples
10 mins

UDP

1. Identifying UDP
6 mins
2. UDP Communication
9 mins
3. UDP Addressing
8 mins
4. Where is UDP in our Packet?
9 mins

TCP

1. Identifying TCP
11 mins
2. TCP Communication
12 mins
3. TCP Addressing
10 mins
4. Where is TCP in our Packet?
9 mins
5. Packet Examples
8 mins

IP6

1. IPv6
1 min
2. Identifying IPv6
8 mins
3. IPv6 Communication
10 mins
4. IPv6 Addressing
8 mins
5. Where is IPv6 in our Packet?
5 mins
6. Packet Examples
15 mins

IP4

1. IPv4
1 min
2. Identifying IPv4
8 mins
3. IPv4 Communication
13 mins
4. IPv4 Addressing
11 mins
5. Where is IPv4 in our Packet?
13 mins
6. Packet Examples
5 mins

Wireshark Display Filters

1. Wireshark Display Filters
1 min
2. To the Boolean-Mobile!
9 mins
3. Knowing the Basic Filters
6 mins
4. Expanding on Basic Filters
10 mins
5. Syntax is Everything
11 mins
6. Apply Filtering to Live Capture
6 mins

Layer 4 and Beyond

1. Layer 4 and Beyond
5 mins
2. Pen to Paper
10 mins
3. DNS
10 mins
4. Microsoft Protocols
8 mins
5. HTTP
10 mins

Advanced Wireshark

1. Advanced Wireshark
1 min
2. Magic Numbers
11 mins
3. Regular Expressions
9 mins
4. BPF Filtering
10 mins
5. Supplemental Material
13 mins

Introduction to Suricata

1. Introduction to Suricata
3 mins
2. Installing Suricata
9 mins
3. Continuing our Install
7 mins
4. Setting up Suricata
13 mins
5. Rule Configuration
12 mins

DNS

1. DNS Communication
9 mins
2. DNS Addressing
12 mins
3. Where is DNS in our packet?
11 mins
4. Packet Examples
6 mins

Microsoft Protocols

1. Microsoft Protocols
3 mins
2. NETBIOS
13 mins
3. LDAP
6 mins
4. RDP
7 mins
5. Kerberos
8 mins
6. SMB
11 mins
7. RPC
8 mins

Modern HTTP

1. Understanding HTTP on the Network
12 mins
2. Files From Within
13 mins
3. Looking for Web Traffic
7 mins

Real-World Application: Identifying Traffic of Interest

1. Real-world Applications
2 mins
2. Solarwinds
9 mins
3. Starting up our Solarwinds
12 mins
4. Basic Configurations
12 mins

How to Research a Protocol

1. How to Research a Protocol
2 mins
2. There’s something strange, and it don’t look good…
9 mins
3. Requesting a comment
7 mins
4. Tying in the Results to our Packets
12 mins
5. What is this Protocol Used for?
12 mins

Scapy

1. Scapy
1 min
2. What is Scapy?
6 mins
3. Installing Scapy
11 mins
4. Crafting with Scapy
11 mins
5. Making Our Packets Look Legit
8 mins

Introduction to Snort

1. Snort
4 mins
2. What is Snort?
9 mins
3. Installing Snort
9 mins
4. Setting up Snort
12 mins

Burpsuite

1. Burp Suite
3 mins
2. Getting the Software
8 mins
3. Configuration of Burp Suite
9 mins
4. Crawling Around
12 mins
5. Burp Suite Detection
11 mins

Introduction to Network Forensic Analysis

1. Introduction to Network Forensic Analysis
2 mins
2. Who Owns What?
10 mins
3. Finding Our Practice
9 mins
4. Starting Our Practice
18 mins

Zeek

1. Zeek (Bro)
2 mins
2. Zeek Installation
9 mins
3. Some of the Basics
9 mins
4. Running Zeek
9 mins
5. Examining the Results
16 mins
6. Practice at Home
5 mins

Network Architecture

1. Network Architecture
2 mins
2. The Internal Network
6 mins
3. The External Network
9 mins
4. Mapping out the Cloud
9 mins
5. Putting Pen to Paper
11 mins

Introduction to Network Monitoring at Scale

1. Introduction to Network Monitoring at Scale
4 mins
2. Understanding the Network
7 mins
3. Solarwinds (Again)
14 mins
4. Monitoring with Solarwinds
15 mins
5. Other Network Monitoring Options
13 mins

IDS and IPS Evasion Theory

1. IDS and IPS Evasion Theory
2 mins
2. Understanding What Evasion Actually Is
9 mins
3. Fragmentation
10 mins
4. Spoofing
10 mins
5. Sledding Past the IDS/IPS
11 mins
6. Forging a Signature
9 mins

Threat Hunting and Visualization
1. Threat Hunting and Visualization
2 mins
2. What is a Netflow?
5 mins
3. Examining a Netflow
7 mins
4. Replaying the Traffic
12 mins
5. Is It Something Bad?
9 mins
6. Stress Testing Our Packet Captures
7 mins
7. Let’s Review
3 mins