Email Us   Phone : 503-259-0312   
  Home    |    Instructor-led Training    |    Online Training     


Contact Us   -   Why Choose Wintrac   -   Clients    

Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Microsoft technologies
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Advanced Ethical Hacking Network Intrusion Investigations and Forensic Analysis
Overview

This class will provide the students with a unique perspective on network intrusion investigations and analysis. Students will begin the course by compromising a system ("ethical hacking") leveraging techniques that have been seen in the wild by attackers. Once in, they will walk through the stages of an intrusion, from compromise to entrenchment, and exfiltration of data. The course then takes a unique spin in that students will review the captured network traffic looking for artifacts of their compromise, combing through packet captures to see the footprint that they, as the attacker, have left. Not stopping there, students will then learn the principles of an incident response, leveraging the tools of the trade to collect volatile data as well as forensic imaging of a compromised host. Finally, class attendees with complete the course by performing forensic analysis of the acquired artifacts, rounding out the lifecycle of an intrusion investigation.

Audience

This course will significantly benefit security professionals, network administrators, systems administrators, auditors, cyber investigators and anyone who is concerned about the integrity and security of their systems and network infrastructure. This course will also be extremely beneficial to anyone with a firm technical background who might be asked to investigate a data breach incident, intrusion case.

Prerequisites

  • Required - Familiarity with the core TCP/IP protocols (e.g., FTP, TCP, HTTP)
  • Required - Windows and Linux command-line interfaces
  • Recommended ¡V Ethical Hacking
Course duration

5 days

Course Objectives

Upon successfully completing the course, students will be able to:
  • Scan and exploit a remote target
  • Identify network traffic and log entries related to scanning and exploitation
  • Use automated tools to perform exploitation
  • Perform a Vulnerability Analysis
  • Analyze a Network Intrusion
  • Utilize hacker Methodologies and Anti-Forensic techniques
Course outline

  • Day 1 Windows network intrusions overview Outline
    • Windows Networks
      • Overview of Windows networking
        • Variety of operating systems
          • Versions of Windows
          • Servers, (Windows, Linux, email, web, file, print)
        • Security Architecture
          • SIEM
        • Mobile inclusion
      • Network devices and their logs
        • What devices are in the path from infection to Internet
        • So called witness devices
      • Syslog
        • What is syslog?
        • How can it be useful?
      • Scope of visibility
        • What can you see on your network?
        • Shadow IT?
        • Where are the holes in your visibility?
    • Security Posture
      • Current security posture of most organizations
        • OTS solutions
        • Security as a product
        • Security Personnel
      • OTS products vs services
      • SIEMs
        • Choices on the market
        • What they do
        • What they don't do
      • IDS/IPS
        • Pros and Cons
        • Open source vs commercial
      • HIDS/SIDS
        • Pros and Cons
        • Open source vs commercial
    • Attackers, their objectives and their tools
      • Objectives of attackers
        • What are they after and why
        • Types of attackers
      • Methodologies
        • Profiling
        • Signature
        • Groups
        • Where to look for signatures
      • Tools
        • Metasploit
        • Backtrack
        • Custom tools
    • IT security staff
      • Training good and bad
    • Incident Response
      • What compromises an IR?
      • Trusted Tools
      • Tipping off the attackers
      • Communication channels (out of band)
    • Analysis
      • Tools
      • Methods
      • Frequent locations and data sets.
  • Day 2 Attacker tools, methods and tactics
    • Types of attacks
      • Overview of malware
        • Frequency of malware with intrusions
      • Vectors of attack
        • Social media
        • Spear Phishing
          • Whale Phishing
        • Credential theft
    • Types of attackers
      • Hobbyists
      • Criminals
      • State Sponsored
    • Tools
      • Backtrack & Metasploit
      • Custom crafted
        • Unique malware
    • Exploitation
      • What do they look for and why?
    • Entrenchment techniques
      • How and why do they entrench
    • Labs
  • Day 3 Incident Response
    • Notification of an incident
      • How do incidents get reported?
      • Help Desk
      • SIEM
      • Educated users
    • Trend analysis
      • Baselining
    • Trusted Tool set
      • How to create one
      • What tools to include
      • OS types within your network
      • Live response capability
    • Volatile Data Collection
      • Order of volatility
      • RAM
      • Pagefile
      • Hiberfile
    • Non-Volatile data collection
      • What to collection
      • How to collect it
      • Why do you collect it
    • Virtualization concerns
      • Virtualized environments
    • Encryption
      • Bitlocker
    • Rights and permissions
      • What can the CIRT team do?
      • How to elevate permissions
    • Network traffic analysis
      • Using Wireshark
      • Using Network Miner
    • Labs
  • Day 4 Media Analysis (forensics)
    • Windows Systems overview
      • File systems
      • Operating Systems
      • Logs
    • Forensic Framework
      • EnCase
      • FTK
      • SIFT
      • CERT
      • RAPTOR
    • Windows Registry Analysis
      • Reg Ripper
      • Mitec
      • AD Reg Viewer
      • Python/MRU
    • Event Logs
      • Event log parser
    • Unallocated Space/Data Carving
      • PhotoRec
    • Tracking User activity
      • Compromised account tracking
    • Labs
  • Day 5 Putting it all
    • Series of hands on exercises


     
    About us
    Contact us
    Careers at Wintrac
    Our Clients
    Why Wintrac


    Register for a free training CD-ROM drawing
    Refer a client or instructor and earn $$$


    Wintrac Inc.
    16523 SW McGwire Ct.
    Beaverton OR 97007     		 
    ? Wintrac, Inc. All rights reserved.                                                                               Site Map   |   Terms of Use   |   Privacy Policy