SEC586: SANS Paris January 2022

Provided by

Enquire about this course

What You Will Learn

Effective Blue Teams work to harden infrastructure, minimize time to detection, and enable real-time response to keep pace with modern adversaries. Automation is a key component to facilitate these capabilities, and PowerShell can be the glue that holds together and enables the orchestration of this process across disparate systems and platforms to effectively act as a force multiplier for Blue Teams. This course will enable Information Security professionals to leverage PowerShell to build tooling that hardens systems, hunts for threats, and responds to attacks immediately upon discovery.

PowerShell is uniquely positioned for this task of enabling Blue Teams. It acts as an automation toolset that functions across platforms and it is built on top of the .NET framework for nearly limitless extensibility. SEC586 maximizes the use of PowerShell in an approach based specifically on Blue Team use cases.

Students who take SEC586 will learn:
  • PowerShell scripting fundamentals from the ground up with respect to the capabilities of PowerShell as a defensive toolset
  • Ways to maximize performance of code across dozens, hundreds, or thousands of systems
  • Modern hardening techniques using Infrastructure-as-Code principles
  • How to integrate disparate systems for multi-platform orchestration
  • PowerShell-based detection techniques ranging from Event Tracing for Windows to baseline deviation to deception
  • Response techniques leveraging PowerShell-based automation
This course is meant to be accessible to beginners who are new to the PowerShell scripting language as well as to seasoned veterans looking to round out their skillset. Language fundamentals are covered in-depth, with hands-on labs to enable beginning students to become comfortable with the platform. For skilled PowerShell users who already know the basics, the material is meant to solidify knowledge of the underlying mechanics while providing additional challenges to further this understanding.

The PowerPlay platform built into the lab environment enables practical, hands-on drilling of concepts to ensure understanding, promote creativity, and provide a challenging environment for anyone to build on their existing skillset. PowerPlay consists of challenges and questions mapping back to and extending the course material.

Between the course material and the PowerPlay bonus environment, SEC586 students will leave the course well equipped with the skills to automate everyday cyber defense tasks. You will return to work ready to implement a new set of skills to harden your systems and accelerate your capabilities to more immediately detect and respond to threats.

Enquire

Start date Location / delivery
31 Jan 2022 Paris Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...