Course Outline

Module 1: Understanding the cyber-security landscape

In this module, you will learn about the current cybersecurity landscape and learn how adopting the assume compromise philosophy, you can you restrict an attacker’s ability to move laterally between information systems and to restrict their ability to escalate privileges within those systems. The current cyber-security landscape is vast and likely impossible for any one individual to comprehend in its entirety. There are, however, several aspects of that landscape to which those interested in the fundamentals of enterprise security should pay attention.

Lessons

  • Current Cyber-security Landscape
  • Assume Compromise Philosophy

After completing this module, students will be able to:

  • Describe the current cybersecurity landscape.
  • Describe the Assume Compromise Philosophy.
  • Identify factors that contribute to the cost of a breach.

Module 2: Red Team: Penetration, Lateral Movement, Escalation, and Exfiltration

Red team versus blue team exercises involve the simulation of an attack against an organization’s information system. The red team simulates and, in some cases, performs proof of concept steps taken in the attack against the organization’s IT systems. The blue team simulates the response to that attack. This adversarial approach not only allows for the identification of security vulnerabilities in the way that the organization’s IT systems are configured, but also allows members of the organization’s information systems staff to learn how to detect and respond to attacks. In this module you will learn the Practice Red team versus Blue team approach to detecting and responding to security threats.

Lessons

  • Red Team versus Blue Team Exercises
  • The Attackers Objective
  • Red Team Kill Chain

After completing this module, students will be able to:

  • Distinguish between responsibilities of red teams and blue teams.
  • Identify typical objectives of cyber attackers.
  • Describe a kill chain carried out by red teams.

Module 3: Blue Team Detection, Investigation, Response, and Mitigation

In this module you will learn about the Blue Team roles and goals in the attack exercises. You will learn the structure of an attack against an objective (Kill Chain) and the ways limiting how an attacker can compromise unprivileged accounts. You will also learn the methods used to restrict lateral movement that prevent attackers from using a compromised system to attack other systems and how telemetry monitoring is used to detect attacks.

Lessons

  • The Blue Team
  • Blue Team Kill Chain
  • Restricting Privilege Escalation
  • Restrict Lateral Movement
  • Attack Detection

After completing this module, students will be able to:

  • Describe the Blue Team rRole, and Ggoals, and kill chain activities of the blue team in the red team exercises.
  • Describe the structure of an attack against an objective (Kill Chain).
  • Describe the ways limiting how an attacker can compromise unprivileged accounts.
  • Describe the methods used to restrict lateral movement.
  • Describe how telemetry monitoring is used to detect attacks.

Module 4: Organizational Preparations

There are several ongoing preparations that an organization can take to improve their overall approach to information security. In this module, we will take a closer look at some of them. You will learn about a conceptual model for thinking about the security of information and how to approach information security and to prepare properly including ensuring your organization has a deliberate approach to information security.

Lessons

  • CIA Triad
  • Organizational Preparations
  • Developing and Maintain Policies

Lab : Designing a Blue Team strategy

After completing this module, students will be able to:

  • Explain the concept of Confidentiality, Integrity, and Availability (CIA) triad.
  • Describe the primary activities that should be included in organization preparations.
  • Identify the main principles of developing and maintaining policies.

After completing this lab, students will be able to:

  • Design a high-level approach to mitigating threats
  • Recommend tools and methodology facilitating tracking down origins of cyberattacks
  • Provide high level steps of a recovery effort
  • Recommend methods of preventing cyberattacks
  • Describe regulatory challenges that result from malware exploits

Requirements

In addition to their professional experience, students who take this training should already have the following technical knowledge:

  • The current cyber-security ecosystem
  • Analysis of hacks on computers and networks
  • Basic Risk Management
  7 Hours
 

Need help picking the right course?
Call us +971 4871 6715

Testimonials

Examples, relaxed atmosphere, ...

Marek - Rafał Mikulak, Uniwersytet Szczeciński

Calm (good pace and tone) conducting lectures.

Marek - Rafał Mikulak, Uniwersytet Szczeciński

Easy and to the point

Nesreen Awada, TDRA

Related Courses

Planning and Administering SharePoint 2016 (authorized training course MS 20339)

  35 hours
About This Course This five-day course will provide you with the knowledge and skills to plan and administer a Microsoft SharePoint 2016 environment. The course teaches you how to deploy, administer, and troubleshoot your SharePoint environment.
Read More...

Advanced Technologies of SharePoint 2016 (20339-2AC)

  35 hours
About This Course This five-day course will teach you how to plan, configure, and manage the advanced features in a SharePoint 2016 environment. The special areas of focus for this course include implementing high availability, disaster recovery,
Read More...

MS-100T01-A: Office 365 Management

  14 hours
Learn about Office 365 Management, including key components of Office 365, how to move an organization to Office 365, how to configure Office 365, and how to manage Office 365 ProPlus deployments. Audience profile This course is designed for
Read More...

Updating Your Skills to SQL Server 2016 10986-B

  21 hours
This three-day instructor-led course provides students moving from earlier releases of SQL Server with an introduction to the new features in SQL Server 2016. Skills gained Describekey capabilities and components of SQL Server
Read More...

Windows 10 (MD-100T00)

  35 hours
About This Course In this course, students will learn how to support and configure Windows 10 desktops in an organizational environment. Students will develop skills that include learning how to install, customize, and update Windows 10 operating
Read More...

Cloud & Datacenter Monitoring with System Center Operations Manager (10964-C)

  35 hours
About This Course This course equips students with the skills they require to deploy and configure System Center 2012 R2 Operations Manager. Using hands-on labs, students learn the following:   • How to architect and implement a
Read More...

Supporting and Troubleshooting Windows 10 (10982EC)

  35 hours
About This Course This is a 5-day ILT course that is designed to provide students with the knowledge and skills required to support and troubleshoot Windows 10 PCs and devices in a Windows Server domain environment. These skills include
Read More...

Virtualizing Enterprise Desktops and Apps (20694BC)

  35 hours
About This Course This five-day, hands-on training course is designed to teach you the breadth of Microsoft virtual desktop technology, and the course will compare and contrast the various technologies with use cases and best practices. This
Read More...

Partner Applied Workshop: What's New in Windows 10 (40332AC)

  7 hours
About This Course This Microsoft Partner Applied Workshop introduces IT Professionals to the new features and capabilities of Windows 10. The workshop combines video, and uses the Enterprise Edition of Windows 10
Read More...

Installation, Storage, and Compute with Windows Server 2016 (authorized training course MS 20740)

  35 hours
This five-day course is designed primarily for IT professionals who have some experience with Windows Server. It is designed for professionals who will be responsible for managing storage and compute by using Windows Server 2016, and who need to
Read More...

Networking with Windows Server 2016 (authorized training course MS 20741)

  35 hours
This 5-day classroom-based course provides the fundamental networking skills required to deploy and support Windows Server 2016 in most organizations. It covers IP fundamentals, remote access technologies, and more advanced content including
Read More...

Identity with Windows Server 2016 (authorized training course MS 20742)

  35 hours
This five-day instructor-led course teaches IT professionals how to deploy and configure Active Directory Domain Services (AD DS) in a distributed environment, how to implement Group Policy, how to perform backup and restore, and how to monitor and
Read More...

Windows Server 2019 Administration (authorized training course WS 011T00)

  35 hours
This five-day instructor-led course is designed primarily for IT professionals who have some experience with Windows Server. It is designed for professionals who will be responsible for managing identity, networking, storage and compute by using
Read More...

AZ-104T00-A: Microsoft Azure Administrator

  28 hours
This course teaches IT Professionals how to manage their Azure subscriptions, secure identities, administer the infrastructure, configure virtual networking, connect Azure and on-premises sites, manage network traffic, implement storage solutions,
Read More...

DP 900: Microsoft Azure Data Fundamentals (authorized training course)

  7 hours
About This Course In this course, students will learn the fundamentals of database concepts in a cloud environment, get basic skilling in cloud data services, and build their foundational knowledge of cloud data services within Microsoft Azure.
Read More...