Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Module 1: Security Concepts
- Outline the CIA triad.
- Evaluate different security deployment models.
- Define key security terminology.
- Contrast various security concepts.
- Explain the principles behind the defense-in-depth strategy.
- Compare different access control models.
- Define terms as specified in CVSS.
- Highlight challenges related to data visibility (across network, host, and cloud environments) during detection.
- Assess potential data loss based on provided traffic profiles.
- Utilize the 5-tuple approach to isolate a compromised host within a collection of logs.
- Distinguish between rule-based detection versus behavioral and statistical detection methods.
Module 2: Security Monitoring
- Compare attack surface and vulnerability.
- Identify the data types generated by these technologies.
- Explain how these technologies impact data visibility.
- Describe the application of these data types in security monitoring.
- Detail network attacks, including protocol-based, denial of service (DoS), distributed denial of service (DDoS), and man-in-the-middle attacks.
- Describe web application attacks, such as SQL injection, command injection, and cross-site scripting.
- Explain social engineering attacks.
- Detail endpoint-based attacks, including buffer overflows, command and control (C2), malware, and ransomware.
- Explain evasion and obfuscation techniques, such as tunneling, encryption, and proxies.
- Assess the impact of certificates on security, covering PKI, public/private key exchanges across the network, and asymmetric/symmetric cryptography.
- Identify certificate components within a given scenario.
Module 3: Host-Based Analysis
- Explain the functionality of endpoint technologies in the context of security monitoring.
- Identify operating system components (such as Windows and Linux) in a given scenario.
- Describe the role of attribution in investigative processes.
- Determine the type of evidence utilized based on provided logs.
- Compare tampered and untampered disk images.
- Analyze operating system, application, or command-line logs to identify specific events.
- Interpret output reports from malware analysis tools, such as detonation chambers or sandboxes.
Module 4: Network Intrusion Analysis
- Map provided events to their source technologies.
- Compare scenarios with impact versus those without.
- Contrast deep packet inspection with packet filtering and stateful firewall operations.
- Distinguish between inline traffic interrogation and the use of taps or traffic monitoring.
- Compare the characteristics of data obtained from taps or traffic monitoring against transactional data (NetFlow) during network traffic analysis.
- Extract files from a TCP stream using a PCAP file and Wireshark.
- Identify key elements of an intrusion from a given PCAP file.
- Interpret fields in protocol headers as they relate to intrusion analysis.
- Interpret common artifact elements from an event to identify an alert.
- Understand and apply basic regular expressions.
Module 5: Security Policies and Procedures
- Explain management concepts.
- Detail the elements of an incident response plan as outlined in NIST.SP800-61.
- Apply the incident handling process (such as NIST.SP800-61) to an event.
- Map elements to the analysis steps defined by NIST.SP800-61.
- Align organizational stakeholders with NIST IR categories (CMMC, NIST.SP800-61).
- Explain concepts documented in NIST.SP800-86.
- Identify elements used for network profiling.
- Identify elements used for server profiling.
- Locate protected data within a network.
- Classify intrusion events into categories as defined by security models, such as the Cyber Kill Chain Model and the Diamond Model of Intrusion.
- Describe the relationship between SOC metrics and scope analysis, including time to detect, time to contain, time to respond, and time to control.
Requirements
Before enrolling in this course, candidates should possess the following knowledge and skills:
- Understanding of Ethernet and TCP/IP networking.
- Practical experience with Windows and Linux operating systems.
- Familiarity with fundamental networking security concepts.
35 Hours
Testimonials (2)
Clarity and pace of explanations
Federica Galeazzi - Aethra Telecomunications SRL
Course - AI-Powered Cybersecurity: Advanced Threat Detection & Response
It did give me the insight what I needed :) I am starting teaching on a BTEC Level 3 qualification and wanted to widen my knowledge in this area.
