Masterclass: System Forensics and Incident Handling

It is a must-go for enterprise administrators, security officers and architects. Delivered by one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions. Join Paula Januszkiewiczc in this exclusive Masterclass!
Special summerdeal: Get 400€ off with a code SECURITYSUMMER

GUARANTEED TO START!

Vaativuus
Arvostelut
5pvä
Kesto
3900,00 
+ alv./VAT
Ajankohta:
Sijainti:
Valitsemasi koulutus sisältää seuraavat päivät:
Sovelto Access -krediiteillä maksettaessa veloitamme krediittejä kurssin euromääräisen hinnan verran. Tarkan krediittimäärän voit kysyä myyntipalvelusta: 020 7776 670 tai myyntipalvelu@sovelto.fi

Ilmoittaudu viimeistään 10.08.2020
Puhuttu kieli: Englanti

Valitettavasti kyseinen kurssi on jo täynnä, kokeilethan toisella ajankohdalla tai sijainnilla.

Tai ota yhteyttä myyntipalveluun: 020 7776 670 tai myyntipalvelu@sovelto.fi

This is a deep dive course on security operations

Forensics and Incident Handling are constantly evolving and crucial topics in the area of cybersecurity. In order to stay on top of the attackers, the knowledge of Individuals and Teams responsible for collecting digital evidences and handling the incidents has to be constantly enhanced and updated.

This advanced training provides skills necessary to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible. This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, important aspects of Windows internals, memory and storage analysis, detecting indicators of compromise and a proper way of reporting.

This course is a must-go for enterprise administrators, security officers and architects.

The secure infrastructure configuration should be the most important line of defense in every organization. Unfortunately, people, the most valuable resource, are not always aware of the level of security in their companies, possible points of entry, how operating systems are attacked, and how to protect the infrastructure from successful attacks which are sometimes caused by configuration mistakes. Understanding internal OS protection mechanisms and services/roles completely provides a huge impact on the whole infrastructure security level. Unfortunately, the problem is… rarely anyone has this impact!

What to expect:

The training focuses on detecting, responding, and resolving computer security incidents and covers the following security techniques:

▪ The steps of the incident handling process
▪ Detecting malicious applications and network activity
▪ Common attack techniques that compromise hosts
▪ Detecting and analyzing system and network vulnerabilities
▪ Continuous process improvement by discovering the root causes of incidents

It is a must-go for enterprise administrators, security officers and architects. Delivered by one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.

Target audience:

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

Material:

Author’s unique tools, virtual lab environment, hands-on exercises, presentation slides with notes.


Examples of tools, software and examples used during the course

• Belkasoft RAM Capturer • Wireshark • Volatility • The Sleuth Kit® (TSK)
• Autopsy • DumpIt • DC3DD • Arsenal Image Mounter
• Reclaim Me • ReFS Images • SysInternals Toolkit • ShadowCopyView • RegRipper • Rifiuti2 • Registry Explorer/RECmd • FullEventLogView • EVTXtract
• Loki IOC Scanner • Yara • LECmd • LinkParser • PECmd • SkypeLogViewer
• SQLiteBrowser • NetWork Miner • StuxNet Memory Dump


Agenda for System Forensics and Incident Handling

Module 1: Introduction to Incident Handling
1. Types and Examples of Cybersecurity Incidents
2. Signs of an Incident
3. Incident Prioritization
4. Incident Response and Handling Steps
5. Procedures and Preparation

Module 2: Securing Monitoring Operations
1. Industry Best Practices
2. Detecting Malware via DNS logs
3. Configuration Change Management
4. Leveraging Proxy and Firewall Data
5. Monitoring Critical Windows Events
6. Detecting Malware via Windows Event Logs

Module 3: Network Forensics and Monitoring
1. Types and approaches to network monitoring
2. Network evidence acquisition
3. Network protocols and Logs
4. LAB: Detecting Data Thievery
5. LAB: Detecting WebShells
6. Gathering data from network security appliances
7. Detecting intrusion patterns and attack indicators
8. Data correlation
9. Hunting malware in network traffic
10. Encoding and Encryption

Module 4: Windows Internals
1. Introduction to Windows Internals
2. Fooling Windows Task Manager
3. Processes and threads
4. PID and TID
5. Information gathering from the running operating system
6. Obtaining Volatile Data
7. A deep dive to Autoruns
8. Effective permissions auditing
9. PowerShell get NTFS permissions
10. Obtaining permissions information with AccessChck
11. Unnecessary and malicious services
12. Detecting unnecessary services with PowerShell

Module 5: Memory Dumping and Analysis
1. Introduction to memory dumping and analysis
2. Creating memory dump – Belkasoft RAM Capturer and DumpIt
3. Utilizing Volatility to analyze Windows memory image
4. Analyzing Stuxnet memory dump with Volatility
5. Automatic memory analysis with Volatile

Module 6: Indicators of compromise
1. Yara rules language
2. Malware detonation
3. Introduction to reverse engineering

Module 7: Storage Acquisition and Analysis
1. Introduction to storage acquisition and analysis
2. Drive Acquisition
3. Mounting Forensic Disk Images
4. Introduction to NTFS File System
5. Windows File System Analysis
6. Autopsy with other filesystems
7. Building timelines

Module 8: Reporting – Digital Evidence
This module covers the restrictions and important details about digital evidence gathering. Moreover, a proper structure of digital evidence report will be introduced.

 


System Forensics and Incident Handling is delivered by our partner CQURE:

CQURE Team consists of highly talented Experts, who collectively have over 300 years of experience in the IT security field.

Our passion makes us hard workers and our curiosity push us to solve difficult problems or to keep trying till we do. Basically, we are always tracking current threats. We proudly use our knowledge to make sure your infrastructure stays tight and secure.

 

Paula Januszkiewicz Mastercalass with Sovelto

 

CQURE logo

This masterclass is proudly presented together with CQURE.

 

Avainsanat: ,

 

Paikkoja jäljellä:
Ei paikkarajoitusta
useita
3900,00  + alv./VAT

Vastuuhenkilö


Mika Seitsonen

Mika Seitsonen

Mika on kouluttanut ja konsultoinut Microsoft-teknologioita Soveltolla ja maailmalla jo yli kaksikymmentä vuotta. Viime vuodet Mika on keskittynyt Microsoftin identiteetti- ja tietoturvateknologioiden (Azure AD, AD FS, PKI) ja pilvipalveluiden (Microsoft Azure ja Microsoft 365) koulutukseen ja konsultointiin. Mika vastaa Sovelton teknologiat-osaamisalueen kehittämisestä.

DI, M.Sc., MCSE: Productivity, Microsoft Certified: Azure Fundamentals, Azure Administrator Associate, MCT, ITIL Foundation 2011.

Älä lennä suojelusenkeliäsi kovempaa!