Who should attend
- Security Professionals
- Incident Handling Professionals
- Anyone in a Security Operations Center
- Forensics Experts
- Cybersecurity Analysts
Certifications
This course is part of the following Certifications:
Prerequisites
Suggested (Any of the following Mile2 Courses):
- Certified Security Principles
- Certified Digital Forensics Examiner
- Certified Incident Handling Engineer
- Certified Professional Ethical Hacker
- Certified Penetration Testing Engineer
- or Equivalent Knowledge
Course Objectives
This course helps you prepare an organization to create a complete end to end solution for monitoring, preventing, detecting, and mitigating threats as they arise in real time.
Do not fool yourself, this course is far more advanced than you may expect. It is fast paced and thorough, so you can enjoy a well-rounded experience. Be ready to dig deep into the details of security analysis for today's needs.
You will be able to set up and deploy state of the art open source and commercial analysis tools, intrusion detection tools, syslog servers, and SIEMs. You will also be able to integrate them for an entire organization.
*This course maps to the mile2 Certified Cyber Security Analyst Exam as well as the Comp TIA CySA+CS0-001 certification exam.
Outline: Certified Incident Handling Engineer (CIHE)
Chapter 1 - Blue Team Principles
- Network Architecture and how it lays the groundwork
- Security Data Locations and how they tie together
- Security Operations Center
- Automation, Improvement, and Tuning
Chapter 1 Labs – Blue Team Principles
- Analyze Initial Compromise Vector
- Network Forensics
- System Forensics
Chapter 2 - Digital Forensics
- Investigative Theory and Processes
- Computer Forensics Laboratory
- Advanced Forensics for Today’s Exploitations
Chapter 2 Labs – Digital Forensics
- Analysis of Captured Network Activity
- Analysis of Captured Zip File
Chapter 3 - Malware Analysis
- Creating the Safe Environment
- Static Analysis
- Dynamic Analysis
- Behavior Based Analysis
- What is different about Ransomware?
- Manual Code Reversing
Chapter 3 Labs – Malware Analysis
- Analysis of an MSFVenom Executable
- Analysis of Locky Ransomware
- Creating YARA Rules based on Analysis Results
- Final Assessment
Chapter 4 - Traffic Analysis
- Manual Analysis Principles
- Automated Analysis Principles
- Application Protocols Analysis Principles
- Networking Forensics
Chapter 4 Labs – Traffic Analysis
- Traffic Analysis of a Website Defacement Attack
- Traffic Analysis Based on IDS Alerts
- Traffic Analysis of a ZLoader Delivery Attempt
- Bonus: Find the Backdoor!!!
Chapter 5 - Assessing the Current State of Defense with the Organization
- Network Architecture and Monitoring
- Endpoint Architecture and Monitoring
- Automation, Improvement, and continuous monitoring
Chapter 5 Labs – Assessing the Current State of Defense within the Organization
- Configuring a Firewall
- Configuring SIEM
- Configuring IPDS
- Upgrading Detection/Protection Capabilities
Chapter 6 - Leveraging SIEM for Advanced Analytics
- Architectural Benefits
- Profiling and Baselining
- Advanced Analytics
Chapter 6 Labs – Leveraging SIEM for Advanced Analytics
- Deploying Agent
- Implementing User Behavior Analytics through Machine Learning
- Simulate an Attack and Analyze Alerts
Chapter 7 - Defeating the Red Team with Purple Team tactics
- Penetration Testing with full knowledge
Chapter 7 Labs – Defeating the Red Team with Purple Team Tactics
- Configuring Defensive Systems
- Purple Team Testing
- Mitigation
- Bypass Anti-Virus and LSASS Patch through edited Mimikatz