This is a deep dive course on security operations: vulnerability management, anomalies detection, discovery of industry attacks and threats, understanding how compromised system or solution looks like, defining the indicators of the attack, incident handling. The course is dependent on a Microsoft Product.
ForudsætningerTo attend this training, you should have a good hands-on experience in administering Windows infrastructure. At least 8 years in the field is recommended.
DeltagerprofilEnterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.
- This part introduces the new cybersecurity challenges and trends, emphasizing on data security and integration through andinto the cloud and the challenges of the coordination of the cloud and on-premise security solutions. Security is a businessenabler, and it is only when it is viewed from a business perspective that we can truly make the right decisions. You will learnhow to define values of your company which needs to be protected or restricted. You will know how to find obvious and notso obvious sensitive information which can be monetized by adversaries. Having that scope defined and knowing yourresources you will know where the biggest gaps in your security posture are.
- Defining the assets which your company needs to protect
- Defining the other sensitive information that needs to be protected
- In this world where most of the things happen online, hacking provides wider opportunities for the hackers to gain unauthorized access to the unclassified information like credit card details, email account details, and other personal information. So, it is also important to know some of the hacking techniques that are commonly used to get your personal information in an unauthorized way. In this module you will become familiar with the modern hacking techniques.
- OS platform threats and attacks
- Web based threats and attacks
- E-mail threats and attacks
- Physical access threats and attacks
- Social threats and attacks
- Wireless threats and attacks
- There are many methods widely in use today to steal personal information. These attacks on confidential data can be extremely high-tech, involving the latest technologies and most recent security exploits. Many of the attack methods, however, are very low-tech, involving little or no technology at all. By taking a detailed look at the various types of attacks, you will become familiar with the techniques used by cybercriminals.
- Performing the identity attacks
- Cached logons (credentials)
- Data Protection API (DPAPI) for user’s secrets protection
- Credential Guard in details
- Performing the LSA Secrets dump and implementing prevention
- Active Directory and Azure AD security
- Authentication Mechanism Assurance
- Using virtual smart cards
- Multi-factor Authentication
- The hacker can run a malicious program which the user believes to be authentic. This way, after installing the malicious program, the hacker gets unprivileged access. Techniques are becoming more sophisticated than ever. In this module you will learn how modern malware works and what are the ways to discover its operations.
- Types of the attacks
- Points of entry
- Persistence methods
- Hiding traces
- Case study: ransomware examples
- Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack. Due to this, detecting hacker attacks is not an easy task. This module gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised.
- Defining Critical Security Controls
- Incident response checklist
- Suspicious Activities Time Line
- Filtering Suspicious Activities Network traffic inspection
- Malware analysis tools
- Host, Port and Service Discovery
- Vulnerability Scanning
- Monitoring Patching, Applications, Service Logs
- Detecting the most common attacks:
- a. DNS Reconnaissance
- b. Directory Service Enumeration
- c. Enumerating high privileges accounts
- d. SMB Session Enumeration
- e. Enumerate Credentials stored in memory
- f. Overpass – the – hash
- g. Harvesting Credentials
- h. Pass – The – Ticket
- i. Remote Code Execution
- j. Compromise KRBTGT Account
- k. Golden Ticket
- Using Sysmon in the advanced monitoring configuration
- Log Collection
- Scripting and Automation
- PowerShell for extraction and information gathering
- Industry Best Practices
- In Enterprise level organizations IT landscape is divided into smaller parts based on their primary function or localization in IT environment. Sometimes you cannot implement security controls globally and you will need a deep understanding of current security posture of each element to wisely put additional layers of security. Having full environment divided into functional parts is also a better approach from financial point of view. Getting internal sponsor acceptance is easier if the benefit is delivered quicker.
- Strategy for protecting Internet facing systems
- Strategy for protecting internal systems
- Strategy for protecting users’ workstation
- Strategy for protecting (against) BYOD devices
- Implementing automation and access control (Just Enough Administration, Desired State Configuration)
- Application whitelisting (AppLocker, Device Guard etc.)
- Configuring firewalls
- Privileged accounts
- Securing authentication
- Storage and full disk encryption
- Control Folder Access
- Application Guard
- In some organizations there is no strict architecture design defined. Especially in modern approach where most of the services are Cloud-based. This module will focus on systems communication channel rather than systems placement or role in the organization. This method is best for smaller companies as well as organizations which are in the transition phase or are changing significantly its structure.
- Implementing tunneling
- Designing secure access
- Sniffing the network techniques
- The meaning of partitioning the network
- Ensuring confidentiality with encryption
- Searching for rogue servers
- Securing networking services
- Limiting the impact of common attacks
Author’s unique tools, over 200 pages of exercises, presentation slides with notes.
CPE Point (Continuing professional education)
It will be possible to earn CPE points after completion this course.
Har du faglige spørgsmål, så kontakt:
- Jette Ravn Merkel
- +45 72202695