SEC401: OnDemand

Provided by

What You Will Learn

Organizations are continually targeted and as such they must be prepared for eventual compromise. Today, more than ever before, TIMELY detection and TIMELY response is critical. The longer an adversary is present in your environment, the more devastating and damaging the impact becomes. It could well be that the most important question in information security is: "How quickly can we detect, respond, and REMEDIATE an adversary?"

Information security is all about making sure you focus on the right areas of defense, especially as applied to the uniqueness of YOUR organization. In SEC401, you will learn the language and underlying workings of computer and information security, and how best to apply them to your unique needs. You will gain the essential and effective security knowledge you will need if you are given the responsibility to secure systems or organizations.

SEC401 will teach you the most effective steps to prevent attacks and detect adversaries with actionable techniques that can be used as soon as you get back to work. You will learn tips and tricks designed to help you win the battle against the wide range of cyber adversaries that want to harm your environment.
New and Enhanced Labs Overview

Unlock the essential skills for defending systems and networks with our revamped SEC401 course, now featuring a comprehensive suite of 20 cutting-edge labs. These labs have been meticulously designed to provide hands-on experience and practical skills crucial for modern cybersecurity challenges.

New Lab Highlights:
  • Network Analysis: Dive deep into network traffic with labs on Tcpdump and Wireshark, and explore AWS VPC Flow Logs to understand cloud-based network operations.
  • Advanced Threat Detection: Develop skills in SIEM Log Analysis, and employ tools like Snort3 and Zeek for robust Intrusion Detection and Network Security Monitoring.
  • System Security: Sharpen your skills in Linux Logging and Auditing, Windows Process Exploration, and Windows Filesystem Permissions, ensuring comprehensive system oversight.
  • Audit and Compliance: Master Password Auditing, Binary File Analysis, and Data Loss Prevention to safeguard sensitive data against emerging threats.
  • Cryptography and Recovery: Get hands-on with Hashing and Cryptographic Validation, Encryption and Decryption, and Mobile Device Backup Recovery to secure and recover data.
  • Windows and Linux Security: Apply Windows System Security Policies, manage Linux Permissions, and explore Linux Containers for enhanced security posture.
  • Automation and Discovery: Utilize PowerShell for Speed and Scale and conduct Network Discovery to efficiently manage security tasks.
  • Exploitation and Protection: Learn to identify and exploit vulnerabilities in Web App Exploitation, and apply security best practices.
Each lab is crafted to build proficiency in using real-world tools and techniques, preparing you to effectively respond to a variety of security incidents. Whether you are new to cybersecurity or seeking to update your skills, these labs offer a practical, immersive learning experience in the critical aspects of security fundamentals.

"SEC401 covered a very wide range of security technologies, processes, and tools that will really open your eyes. I liked how the course shows that not everything is magic, and packets of data can be interpreted even without fancy tools. The labs were great for demonstrating the concepts, with flawless instruction and seamless packet capture." - Fei Ma, DESEI
Business Takeaways
  • How to address high-priority security concerns
  • Leverage security strengths and differences among the top cloud providers
  • Build a network visibility map to help validate attack surface
  • Reduce an organization's attack surface through hardening and configuration management
Skills Learned
  • How to create a security program that is built on a foundation of Detection, Response, and Prevention
  • Practical tips and tricks that focus on addressing high-priority security concerns within one's organization and doing the right things that lead to effective security solutions
  • How adversaries adapt their tactics, techniques, and procedures and how to adapt your defense accordingly
  • What ransomware is and how to better defend against it
  • How to leverage a defensible network architecture (VLANs, NAC, 802.1x, Zero Trust) based on indicators of compromise
  • Identity and Access Management (IAM) methodology and related aspects of strong authentication (MFA)
  • How to leverage the security strengths and differences among various cloud providers (including multi-cloud)
  • Realistic and practical applications of a capable vulnerability management program
  • How to sniff network communication protocols to determine the content of network communication (including access credentials) using tools such as tcpdump and Wireshark
  • How to use Windows, Linux, and macOS command line tools to analyze a system looking for high-risk indicators of compromise, as well as the concepts of basic scripting for the automation of continuous monitoring
  • How to build a network visibility map that can be used to validate attack surfaces and determine the best methodology to effectively reduce risk through hardening and configuration management
  • Why some organizations win and why some lose when it comes to cybersecurity
With the rise in advanced persistent threats, it is inevitable that organizations will be targeted. Defending against attacks is an ongoing challenge with next generation threats emerging all the time. In order to be successful in defending an environment, organizations need to understand what really works in cybersecurity. What has worked - and will always work - is taking a risk-based approach to cyber defense.
Hands-On Cybersecurity Training

The lab-based hands-on portion of the course allows students to apply and master course concepts. The labs follow the adventures of the security team at Alpha Incorporated, a fictitious organization that has suffered from a series of compromises. With the labs based upon four real-world scenarios that many organizations face in today's modern world, students walk away with a keen understanding of the real-world challenges they will face throughout their career. Mastering the course concepts by way of hands-on exercise facilitates the spirit of fulfilling the SANS promise: what is learned in the course is immediately applicable at work.
  • Section 1: Tcpdump; Wireshark; AWS VPC Flow Logs
  • Section 2: Password Auditing; Data Loss Prevention; Mobile Device Backup Recovery
  • Section 3: Network Discovery; Binary File Analysis and Characterization; Web App Exploitation; SIEM Log Analysis
  • Section 4: Hashing and Cryptographic Validation; Encryption and Decryption; Intrusion Detection and Network Security Monitoring with Snort3 and Zeek
  • Section 5: Windows Process Exploration; Windows Filesystem Permissions; Applying Windows System Security Policies; Using PowerShell for Speed and Scale
  • Section 6: Linux Permissions; Linux Containers; Linux Logging and Auditing
What You Will Receive
  • Course books, lab workbook (more than 500 pages of hands-on exercises), virtual machines with tools pre-installed
  • TCP/IP reference guides
  • MP3 audio files of the complete course lecture
What Comes Next?

Depending on your current role or future plans, one of these courses is a great next step in your cybersecurity journey:
  • Security Operations Center (SOC) Analyst
    • SEC450: Blue Team Fundamentals: Security Operations and Analysis
    • SEC511: Continuous Monitoring and Security Operations
  • Incident Handler:
    • SEC504: Hacker Tools, Techniques, and Incident Handling
  • Cloud Security Architect:
    • SEC510: Public Cloud Security: AWS, Azure and GCP
    • SEC540: Cloud Security and DevSecOps Automation

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...