SANS SEC503: Network Monitoring and Threat Detection In-Depth

طبق رودمپ آکادمی SANS بعد از دوره 401 و 504 نوبت به دوره SANS SEC 503 می‌رسد. این دوره پیش نیاز بسیاری از دورهای امنیت دفاعی و تخصصی از قبیل SEC450، SEC 487، SEC 555، SEC 501، SEC 505، SEC 506، SEC 530، SEC 566، SEC 599 و غیره است لذا سپری کردن این دوره از نظر آکادمی SANS حائز اهمیت است و یکی از دوره های اصلی کارشناسان SOC است. در این دوره شما ابتدا درک عمیقی از ترافیک شبکه و تحلیل آن، پروتکل های لایه های مختلف شبکه و ترافیک نرمال به ازای هر پروتکل به دست می‌آورید. به واسطه این درک می توانید ترافیک‌های مشکوک و غیرنرمال را شناسایی کنید که این امر یکی از وظایف کارشناسان تیم SOC است.

در این دوره به واسطه تسلط بر روی پروتکل ها شما با آناتومی عمیق حملات آشنا می‌شوید. تفاوت حملاتی که در این دوره با آن آشنا می‌شوید با دوره های قبلی نظیر SANS SEC 504 در این هست که شما در این دوره حملات را در سطح Key Valueهایی که در هدرهای پروتکل های مختلف توسط مهاجم پر می‌شود بررسی خواهید کرد و توانایی آن را خواهید داشت حتی بدون وابستگی به ابزار حمله با ابزارهای تولید ترافیک مانند Scapy اقدام به حمله دلخواه خود نمایید. لذا آناتومی حملاتی که در این دوره تشریح می‌شود بسیار کاربردی تر از دوره های قبلی است. در این دوره شما دید کلی و خیلی خوبی نسبت به شبکه، آناتومی حملات و نحوه شناسایی حملات به دست خواهید آورد.

لینک دانلود SANS SEC503: Network Monitoring and Threat Detection In-Depth

حجم: 7.08 گیگابایت

دانلود  – eBooks
دانلود بخش اول
دانلود بخش دوم
دانلود بخش سوم
دانلود بخش چهارم
دانلود بخش پنجم
دانلود بخش ششم
دانلود بخش هفتم
دانلود بخش هشتم

رمز فایل: technet24.ir

Date: 2021
Price:
 $8,275 USD
Publisher: SANS
Format: Video + eBooks

SEC503 is the most important course that you will take in your information security career. Past students describe it as the most difficult but most rewarding course they’ve ever taken. If you want to be able to perform effective threat hunting to find zero-day activities on your network before public disclosure, this is definitely the course for you. SEC503 is not for people looking to understand alerts generated by an out-of-the-box network monitoring tool; rather, it is for those who want to deeply understand what is happening on their network today, and who suspect that there are very serious things happening right now that none of their tools are telling them about. Check out the extensive course description below for a detailed run down of course content and don’t miss the free demo available by clicking the “Course Demo” button above!

What sets SEC503 apart from any other course in this space is that we take a bottom-up approach to teaching network monitoring and network forensics, which leads naturally to effective threat hunting. Rather than starting with a tool and teaching you how to use it in different situations, this course teaches you how and why TCP/IP protocols work the way they do. The first two sections present what we call “Packets as a Second Language”, then we move to presenting common application protocols and a general approach to researching and understanding new protocols. Throughout the discussion, direct application of this knowledge is made to identify both zero-day and known threats.

With this deep understanding of how network protocols work, we turn our attention to the most important and widely used automated threat detection and mitigation tools in the industry. You will you learn how to develop efficient detection capabilities with these tools, and you’ll come to understand what existing rules are doing and identify whether they are useful. The result is that you will leave this course with a clear understanding of how to instrument your network and perform detailed threat hunting, incident analysis, network forensics, and reconstruction.

What makes SEC503 as important as we believe it is (and students tell us it is) is that we force you to develop your critical thinking skills and apply them to these deep fundamentals. This results in a much deeper understanding of practically every security technology used today. Preserving the security of your network in today’s threat environment is more challenging than ever, especially as you migrate more and more services into the cloud. The security landscape is continually changing from what was once only perimeter protection to protecting exposed and mobile systems that are almost always connected and sometimes vulnerable.

Some of the specific technical knowledge and hands-on training in SEC503 covers the underlying theory of TCP/IP and the most used application protocols, such as DNS and HTTP, enabling you to intelligently examine network traffic for signs of compromise or zero-day threat. You will get plenty of practice learning to master a variety of tools, including tcpdump, Wireshark, Snort, Suricata, Zeek, tshark, SiLK, and NetFlow/IPFIX. Daily hands-on exercises suitable for all experience levels reinforce the course book material so that you can transfer knowledge to execution, and evening Bootcamp sessions force you to apply the theory learned during the day to real-world problems immediately. Basic exercises include assistive hints while advanced options provide a more challenging experience for students who may already know the material or who have quickly mastered new material.

SEC503 is most appropriate for students who monitor, defend, and conduct threat hunting on their network, including security analysts and those who work in Security Operations Centers, although red team members often tell us that the course also ups their game, especially when it comes to avoiding detection.

BUSINESS TAKEAWAYS:

This course will help your organization:

  • Avoid your organization becoming another front page headline
  • Augment detection in traditional, hybrid, and cloud network environments
  • Increase efficiency in threat modeling for network activities
  • Decrease attacker dwell time

You Will Learn:

  • How to analyze traffic traversing your site to avoid becoming another headline
  • How to identify zero-day threats for which no network monitoring tool has published signatures
  • How to place, customize, and tune your network monitoring for maximum detection
  • How to triage network alerts, especially during an incident
  • How to reconstruct events to determine what happened, when, and who did it
  • Hands-on detection, analysis, and network forensic investigation with a variety of tools
  • TCP/IP and common application protocols to gain insight about your network traffic, enabling you to distinguish normal from abnormal traffic
  • The benefits and problems inherent in using signature-based network monitoring tools
  • The power of behavioral network monitoring tools for enterprise-wide automated correlation, and how to use them effectively
  • How to perform effective threat modeling for network activities
  • How to translate threat modeling into detection capabilities for zero-day threats
  • How to use flow and hybrid traffic analysis frameworks to augment detection in traditional, hybrid, and cloud network environments

You Will Be Able To:

  • Configure and run Snort and Suricata
  • Create and write effective and efficient Snort, Suricata and FirePOWER rules
  • Configure and run open-source Zeek to provide a hybrid traffic analysis framework
  • Create automated threat hunting correlation scripts in Zeek
  • Understand TCP/IP component layers to identify normal and abnormal traffic for threat identification
  • Use traffic analysis tools to identify signs of a compromise or active threat
  • Perform network forensics to investigate traffic to identify TTPs and find active threats
  • Carve out files and other types of content from network traffic to reconstruct events
  • Create BPF filters to selectively examine a particular traffic trait at scale
  • Craft packets with Scapy
  • Use NetFlow/IPFIX tools to find network behavior anomalies and potential threats
  • Use your knowledge of network architecture and hardware to customize placement of network monitoring sensors and sniff traffic off the wire

The hands-on training in SEC503 is intended to be both approachable and challenging for beginners and seasoned veterans. There are two different approaches for each exercise. The first contains guidance and hints for those with less experience, and the second contains no guidance and is directed toward those with more experience. In addition, an optional extra credit question is available for each exercise for advanced students who want a particularly challenging brain teaser. A sampling of hands-on exercises includes the following:

  • Section 1: Hands-On: Introduction to Wireshark
  • Section 2: Hands-On: Writing tcpdump Filters
  • Section 3: Hands-On: Snort Rules
  • Section 4: Hands-On: IDS/IPS Evasion Theory
  • Section 5: Hands-On: Analysis of Three Separate Incident Scenarios

You Will Receive:

  • Electronic courseware with each course section’s material
  • Electronic workbook with hands-on exercises and questions
  • TCP/IP electronic cheat sheet
  • MP3 audio files of the complete course lecture

Course Syllabus
SEC503.1: Network Monitoring and Analysis: Part I
SEC503.2: Network Monitoring and Analysis: Part II
SEC503.3: Signature-Based Threat Detection and Response
SEC503.4: Building Zero-Day Threat Detection Systems
SEC503.5: Large-Scale Threat Detection, Forensics, and Analytics
SEC503.6: Advanced Network Monitoring and Threat Detection Capstone

22 دیدگاه
  1. saeud says

    ممنون از تیم خوب و قوی سایت technet24
    ما تو این سایت واقعا اموزش هایی میبینیم که تو هیچ سایت فارسی وجود نداره
    ممنون

  2. hassan says

    تشکر.فوق العاده بود

  3. Cloud198950 says

    Hi,
    .Thanks for the Great efforts
    ?Can you please upload the SEC401
    https://www.sans.org/course/security-essentials-bootcamp-style
    and
    SEC301

  4. jjjan57 says

    رمز سیستم عامل چیه جواب نمیدین؟

    1. Technet says

      password:training بررسی کنید.

  5. xexevexi23 says

    thank you

  6. ehsan says

    با عرض سلام و خسته نباشید
    من این فایل رو دانلود کرد . چطوری باید از شون استفاده کنم

  7. calamariss says

    سلام . میشه لطفا در خصوص نحوه استفاده اش هم یه توضیحی بدین . من دانلود کردم و لی متاسفانه نمیدونم چطوری استفاده کنم

  8. ray78 says

    با درود. میشه لطفا در خصوص نحوه استفاده اش هم یه توضیحی بدین . من دانلود کردم و لی متاسفانه نمیدونم چطوری استفاده کنم

    1. MSH says

      شما فایل ها رو با یک نرم افزار مجازی سازی مثل vmware work staion باز کنید و به اوبونتو لاگین کنین، حتما فایل ها رو روی هارد کپی کنین که بتونین باز کنین ماشین مجازی رو،
      فقط من پی دی اف ها و ویس یا ویدیو توی این ماشین مجازی پیدا نکردم، ولی تمرین ها هست

  9. afshin says

    داخل پوشه sans فقط یه سری تمرین با فرمت وایرشارک هس و هیچ صوت و ویدیو و … نیست

  10. لشکری says

    صوت یا ویدیو و یا حتی pdf موجود نیست . فقط VM به اشتراک گذاشته شده . میشه بگین از کجا میشه باقی مطالب رو دانلود کرد . ممنون

  11. raha worker says

    سلام.
    فایل های دانلود شده مشکل دارند.پیام unknown format or damage نشان داده می شود.

    1. technet24 says

      آخرین نسخه winrar نصب کنید.

  12. محمد says

    سلام یک سوال غیر مرتبط دارم ایا نمیشه ویندوز سرور 2012 r2 رو با سریال retail به 2016 رایگان اپگرید کرد؟

  13. همایون says

    خیلی ممنون بابت این آموزش ها
    لطفا بخش فارنزیک SAN رو قرار بدید آپدیت جدید تر

  14. فاطمه says

    هر دوش (2017 و 2018) رو بايد دانلود كنيم؟ يا همه موارد تكراريه؟ چطور يكيش اينقد حجمش بيشتره؟

    1. technet24 says

      پیشنهاد ما نسخه 2018 هست

  15. فاطمه says

    من متوجه نشدم چطوري از اين دوره استفاده كنم. توي vmware كه بازش كردم يه سري فايل pcap ديده ميشه. خب؟ آموزش چي؟ من اصلا نميفهمم چي به چيه

  16. reza fathi says

    سلام

    من 2018 را دانلود کردم ولی فقط ویدیو هست. ماشین مجازیش کجا هست؟

دیدگاه

آدرس ایمیل شما منتشر نخواهد شد.