SANS SEC599: Defeating Advanced Adversaries

SEC599: Defeating Advanced Adversaries – موسسه SANS یکی از معتبرترین و بزرگترین مراکز آموزشی دوره های امنیت سایبری در دنیا می باشد. موسسه SANS دوره های خود را در گرایش های مختلف اعم از تست نفوذ، جرائم رایانه ای، امنیت شبکه و بازرسی سیستم ها ارائه می دهد. مدارک شرکت SANS را GIAC صادر می کنند.

لینک دانلود SANS SEC599: Defeating Advanced Adversaries 2021


دانلود – PDF Format 2021 – حجم: 303 مگابايت
دانلود – PDF Format 2019 – حجم: 303 مگابايت
دانلود – 2017 PDF Format – حجم: 123 مگابايت

رمز فايل:

Date: 2021
$8,275 USD
PDF + WorkBook

You just got hired to help our virtual organization “SYNCTECHLABS” build out a cyber security capability. On your first day, your manager tells you: “We looked at some recent cyber security trend reports and we feel like we’ve lost the plot. Advanced persistent threats, ransomware, denial of service… We’re not even sure where to start!”

Cyber threats are on the rise: ransomware tactics are affecting small, medium, and large enterprises alike, while state-sponsored adversaries are attempting to obtain access to your most precious crown jewels. SEC599: Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses will arm you with the knowledge and expertise you need to overcome today’s threats. Recognizing that a prevent-only strategy is not sufficient, we will introduce security controls aimed at stopping, detecting, and responding to your adversaries.

Course authors Stephen Sims and Erik Van Buggenhout (both certified as GIAC Security Experts) are hands-on practitioners who have built a deep understanding of how cyber attacks work through penetration testing and incident response. While teaching penetration testing courses, they were often asked the question: “How do I prevent or detect this type of attack?” Well, this is it! SEC599 gives students real-world examples of how to prevent attacks. The course features more than 20 labs plus a full-day Defend-the-Flag exercise during which students attempt to defend our virtual organization from different waves of attacks against its environment.

Our six-part journey will start off with an analysis of recent attacks through in-depth case studies. We will explain what types of attacks are occurring and introduce formal descriptions of adversary behavior such as the Cyber Kill Chain and the MITRE ATT&CK framework. In order to understand how attacks work, you will also compromise our virtual organization “SYNCTECHLABS” in section one exercises.

In sections two, three, four and five we will discuss how effective security controls can be implemented to prevent, detect, and respond to cyber attacks. The topics to be addressed include:

  • Leveraging MITRE ATT&CK as a “common language” in the organization
  • Building your own Cuckoo sandbox solution to analyze payloads
  • Developing effective group policies to improve script execution (including PowerShell, Windows Script Host, VBA, HTA, etc.)
  • Highlighting key bypass strategies for script controls (Unmanaged Powershell, AMSI bypasses, etc.)
  • Stopping 0-day exploits using ExploitGuard and application whitelisting
  • Highlighting key bypass strategies in application whitelisting (focus on AppLocker)
  • Detecting and preventing malware persistence
  • Leveraging the Elastic stack as a central log analysis solution
  • Detecting and preventing lateral movement through Sysmon, Windows event monitoring, and group policies
  • Blocking and detecting command and control through network traffic analysis
  • Leveraging threat intelligence to improve your security posture

Course Syllabus

SEC599.1: Introduction and Reconnaissance
SEC599.2: Payload Delivery and Execution
SEC599.3: Exploitation, Persistence, and Command and Control
SEC599.4: Lateral Movement
SEC599.5: Action on Objectives, Threat Hunting, and Incident Response
SEC599.6: APT Defender Capstone

  • Design

آدرس ایمیل شما منتشر نخواهد شد.