SANS SEC505: Securing Windows and PowerShell Automation

امنیت ویندوز در چند سطح قابل بحث است که می توان در سطوح مقدماتی ، پایه ، حرفه ای و پیشرفته رده بندی کرد. می توان گفت پایه و اساس امنیت در حین کار با سیستم به امنیت سیستم عامل وابسته است که بسته به سیستم عامل مورد استفاده راهکارهای متفاوتی برای تامین امنیت آن وجود دارد. ویندوز سیستم عاملی ست که توسط شرکت Microsoft تولید و ارائه شده است که بر اساس کاربری و توزیع های مختلف متفاوت بوده و هر کدام از آنها دارای یک سری ویژگی ها هستند.

لینک دانلود کتاب SANS SEC505: Securing Windows and PowerShell Automation 2017

دانلود – حجم : 389 مگابایت

رمز فایل: technet24.ir

Course Syllabus
SEC505.1: PowerShell Automation and Security
SEC505.2: Continuous Secure Configuration Enforcement
SEC505.3: Windows Public Key Infrastructure and Smart Cards
SEC505.4: Administrative Compromise and Privilege Management
SEC505.5: Endpoint Protection and Pre-Forensics
SEC505.6: Defensible Networking and Blue Team WMI

Hackers know how to use PowerShell for evil. Do you know how to use it for good? In SEC505 you will learn how to use PowerShell to automate Windows security management across an Active Directory enterprise and in the cloud. Don’t just learn PowerShell syntax, learn how to leverage PowerShell as a platform for security.

You’ve run a vulnerability scanner and applied patches – now what? A major theme of this course is defensible architecture: we have to assume that there will be a breach, so we need to build in damage control from the beginning. Whack-a-mole incident response cannot be our only defensive strategy – we’ll never win, and we’ll never get ahead of the game. By the time your monitoring system tells you a Domain Admin account has been compromised, IT’S TOO LATE.

For the assume breach mindset, we must carefully delegate limited administrative powers so that the compromise of one administrator account is not a total catastrophe. Managing administrative privileges and credentials is a tough problem, so this course devotes an entire day to just this one critical task. Perhaps you’ve taken a hacking course at SANS and you now want to learn Windows mitigations: SEC505 is that course. SEC505 is the defense-only mirror image of SEC504 with regard to Windows and Active Directory.

Learning PowerShell is also useful for another kind of security: job security. Employers are looking for people with these skills. You don’t have to know any PowerShell to attend the course, we will learn it together. About half the labs during the week are PowerShell, while the rest use graphical security tools. Many of the PowerShell scripts written by the course author are free in GitHub (just go to http://SEC505.com).

This course is not a vendor show to convince you to buy another security appliance or to install yet another endpoint agent. The idea is to use built-in or free Windows and Active Directory security tools when we can (especially PowerShell and Group Policy) and then purchase commercial products only when absolutely necessary.

If you are an IT manager or CIO, the aim for this course is to have it pay for itself 10 times over within two years, because automation isn’t just good for security, it can save money too.

This course is designed for systems engineers, security architects, and the Security Operations (SecOps) team. The focus of the course is on how to automate the NSA Top 10 Mitigations, the CIS Critical Security Controls related to Windows, and the MITRE ATT&CK mitigations for Windows, especially the ones that are the difficult to implement in large environments.

SEC505 will also prepare you for the GIAC Certified Windows Security Administrator (GCWN) certification exam to prove your Windows security expertise. The GCWN certification counts towards a Master’s Degree in Information Security from the SANS Technology Institute (www.sans.edu) and satisfies the Department of Defense 8140 computing environment requirement. The GCWN is also a foundational certification for soldiers in the U.S. Army’s 255-S Information Protection Program. For DoD students, we will see how to apply the NSA/DISA Secure Host Baseline.

This is a fun course and a real eye-opener, even for Windows administrators with years of experience. We don’t cover patch management, share permissions, or other such basics – the aim is to go far beyond that. Come have fun learning PowerShell and Windows security at the same time!

You Will Learn How to

  • Use PowerShell for security automation
  • Run PowerShell scripts on thousands of hosts
  • Do SecOps/DevOps continuous enforcement
  • Deploy and manage a Windows PKI
  • Manage privileges for an assumed breach
  • Protect admin credentials for an assumed breach
  • Do pre-forensics to help the Hunt Team
  • Secure Kerberos, DNS, TLS, RDP, and SMB
  • Use PowerShell Windows management Instrumentation (WMI) for the Blue Team
90%
Awesome
  • Design
دیدگاه 1
  1. Mehrdad says

    سایت جالبی دارید. تبریک میگم. با آرزوی اطلاعات آموزشی بیشتردر این سایت.
    ممکنه کتاب CWNA-107 : Certified Wireless Network Administrator را در سایت بگذارید?

دیدگاه

آدرس ایمیل شما منتشر نخواهد شد.