English | Size: 3.57 GB
Genre: eLearning
Course Syllabus:
SEC599.1: Knowing the Adversary, Knowing Yourself
SEC599.2: Hindering Reconnaissance and Stopping Delivery
SEC599.3: Preventing Exploitation
SEC599.4: Preventing Exploitation (continued): Avoiding Installation and Foiling Command and Control
SEC599.5: Thwarting Exfiltration, Cyber Deception, and Incident Response
SEC599.6: Advanced Persistent Threat Defender Capstone
Cyber threats are on the rise: ransomware is affecting small, medium and large enterprises alike, while state-sponsored adversaries are attempting to obtain access to your most precious crown jewels. SEC599: Defeating Advanced Adversaries – Implementing Kill Chain Defenses will arm you with the knowledge and expertise you need to detect and respond to today’s threats. Recognizing that a prevent-only strategy is not sufficient, we will introduce security controls designed to stop advanced adversaries
Course authors Erik Van Buggenhout & Stephen Sims (both certified as GIAC Security Experts) are hands-on practitioners who have achieved a deep understanding of how cyber attacks work through penetration testing and incident response. While teaching penetration testing courses, they were often asked “But how do I prevent this type of attack?” With more than 20 labs plus a full-day “Defend-The-Flag” exercise during which students attempt to defend our virtual organization from different waves of attacks against its environment, SEC599 gives students real world examples of how to prevent attacks.
Our six-day journey will start with an analysis of recent attacks through in-depth case studies. We will explain what types of attacks are occurring and introduce the Advanced Persistent Threat (APT) Attack Cycle as a structured approach to describing attacks. In order to understand how attacks work, you will also compromise our virtual organization “SyncTechLabs” in our Day 1 exercises.
Throughout days two through five we will discuss how effective security controls can be implemented to prevent, detect, and respond to cyber attacks. Some of the topics we will address include:
Building your own mail sandbox solution to detect spear phishing
Developing effective group policies to stop malicious code execution
Stopping 0-day exploits using exploit mitigation techniques and application whitelisting
Detecting and avoiding malware persistence
Detecting and preventing lateral movement through sysmon, Windows event monitoring, and group policies
Blocking and detecting command and control through network traffic analysis
Leveraging threat intelligence to improve your security posture
In designing the course and its exercises, the authors went the extra mile to ensure that attendees “build” something that can be used later on. For this reason, the different technologies illustrated throughout the course (e.g., IDS systems, web proxies, sandboxes, visualization dashboards, etc.) will be provided as usable virtual machines on the course USB.
SEC599 will finish with a bang. During the “Defend-the-Flag” challenge on the final course day you will be pitted against advanced adversaries in an attempt to keep your network secure. Can you protect the environment against the different waves of attacks? The adversaries aren’t slowing down, so what are you waiting for?
This Course Will Prepare You To:
Understand how recent high-profile attacks were delivered and how they could have been stopped
Implement security controls throughout the different phases in the APT Attack Cycle to prevent, detect, and respond to attacks. We will define the following stages in the APT Attack Cycle:
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and control
Action on objectives
Carry out a series of practical exercises:
Compromise a virtual organization to understand how attackers operate
Build your own mail sandbox solution to detect spear phishing
Develop effective group policies to stop malicious code execution
Stop 0-day exploits using exploit mitigation techniques and application whitelisting
Detect and avoid malware persistence using host-based IDS techniques
Detect and prevent lateral movement through sysmon, Windows event monitoring, and group policies
Block and detect command and control through network analysis
Leverage threat intelligence in the APT Attack cycle
https://nitroflare.com/view/A9CFB925B224449/S-A-N-S-S-E-C-5-9-9.10.2.part1.rar
https://nitroflare.com/view/DD1B960C3B8A61C/S-A-N-S-S-E-C-5-9-9.10.2.part2.rar
https://nitroflare.com/view/7909A0EA0DB827D/S-A-N-S-S-E-C-5-9-9.10.2.part3.rar
https://rapidgator.net/file/07434928c05b78e2e078a3056b060058/S-A-N-S-S-E-C-5-9-9.10.2.part1.rar.html
https://rapidgator.net/file/61cbae85d16e5f9c5262b054a1d593a4/S-A-N-S-S-E-C-5-9-9.10.2.part2.rar.html
https://rapidgator.net/file/be0b6e27219ebeb7b7830236bf93a523/S-A-N-S-S-E-C-5-9-9.10.2.part3.rar.html
If any links die or problem unrar, send request to
https://forms.gle/fiF7GGUsfsJsXbhD7
#SANS-SEC599-Defeat-Advanced-Adversaries.20.1
Leave a Reply