SEC501: SANS Live Online Europe January 2022 Volume 2

Provided by

Enquire about this course

What You Will Learn

Have you ever wanted to...

...execute malware (Ransomware) for the sheer thrill of watching it pop up a scary-looking interface demanding you send Bitcoin to decrypt your data before it is deleted? Or even better, delve into the secrets of how Ransomware does what it does and what it needs to function, then find the data needed to defeat it by deceiving it into believing you have met its demands?

...administer actual network devices and learn about the mysterious world of network engineers and the device configuration settings available to them to maintain a secure network? Or even better, launch real-time attacks against network devices by compromising authentication, redundancy, routing protocols, and encrypted credentials, then hardening devices against these same attacks and validating that they fail?

...explore penetration testing by learning about the tools and techniques to scope tests, conduct reconnaissance of target environments, exploit systems, gather credentials, move laterally, and report your findings? Or even better, discover and compromise systems, enumerate accounts, steal credentials, and discover, identify, attack, compromise, and pivot to other systems on the target network using exploitation tools and frameworks exactly as your adversary would do?

...understand how your adversary discovers the vulnerabilities in enterprise and web applications to breach yet another enterprise? Or better yet, detect these vulnerabilities with sniffers, scanners, and proxies, giving you the opportunity to remediate the weaknesses in your systems before the attack begins?

...monitor your network proactively, analyzing log data in real-time, looking for indicators of compromise to identify a new attack? Or better yet, directly consume threat intelligence, identifying signatures of nascent attacks in packets captured from your network and creating and testing new rules for your Network Intrusion Detection System?

If you want to learn the dynamic skills listed above to defend your enterprise, SEC501: Advanced Security Essentials -Enterprise Defender is the course for you. Effective cybersecurity is more important than ever as attacks become stealthier, have a greater financial impact, and cause broad reputational damage. This course provides a solid foundation of core policies and practices to enable individuals and security teams to defend their enterprise.

It has been said of security that "prevention is ideal, but detection is a must." However, detection without response has little value. Network security needs to be constantly improved to prevent as many attacks as possible and to swiftly detect and appropriately respond to any breach that does occur. This PREVENT - DETECT - RESPONSE strategy must be in place both externally and internally. As data become more portable and networks continue to be porous, there needs to be an increased focus on data protection. Critical information must be secured regardless of where it resides or what paths it travels.

The primary way to PREVENT attacks begins with assuring that your network devices are optimally configured to thwart your adversary. This is done by auditing against established security benchmarks, hardening devices to reduce their attack surface, and validating their increased resilience against attack. Prevention continues with securing hostname resolution (an obvious adversary target for establishing a Machine-in-the-Middle position) and goes even further with securing and defending cloud infrastructure (both public and private) against compromise.

Enterprises need to be able to DETECT attacks in a timely fashion. This is accomplished by understanding the traffic that is flowing on your networks, monitoring for indications of compromise, and employing active defense techniques to provide early warning of an attack. Of course, despite an enterprise's best efforts to prevent network attacks and protect its critical data, some attacks will still be successful. Performing penetration testing and vulnerability analysis against your enterprise to identify problems and issues before a compromise occurs is an excellent way to reduce overall organizational risk.

Once an attack is identified, you must quickly and effectively RESPOND, activating your incident response team to collect the forensic artifacts needed to identify the tactics, techniques, and procedures being used by your adversaries. With this information you can contain their activities, ensure that you have scoped out all systems where they have had an impact, and eventually eradicate them from the network. This can be followed by recovery and remediation to PREVENT their return. Lessons learned through understanding how the network was compromised can then be fed back into more preventive and detective measures, completing the security lifecycle.

It costs enterprises worldwide billions of dollars annually to respond to malware, and particularly Ransomware, attacks. So it is increasingly necessary to understand how such software behaves. Ransomware spreads very quickly and is not stealthy; as soon as your data become inaccessible and your systems unstable, it is clear something is amiss. Beyond detection and response, when prevention has failed, understanding the nature of malware, its functional requirements, and how it achieves its goals is critical to being able to rapidly reduce the damage it can cause and the costs of eradicating it.

You Will Learn
  • Core components of building a defensible network infrastructure and properly securing your routers, switches, and other network infrastructure
  • Formal methods to perform vulnerability assessment and penetration testing to find weaknesses on your enterprise network
  • Methods to detect advanced attacks against your network and indicators of compromise on deployed systems, including the forensically sound collection of artifacts and what you can learn from them
  • How to respond to an incident using the six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
  • Approaches to analyzing malware, ranging from fully automated techniques to the manual analysis of static properties, interactive behavior, and code reversing
You Will Be Able To
  • Identify network security threats against infrastructure and build defensible networks that minimize the impact of attacks
  • Utilize tools to analyze a network to prevent attacks and detect the adversary
  • Decode and analyze packets using various tools to identify anomalies and improve network defenses
  • Understand how the adversary compromises systems and how to respond to attacks using the six-step incident handling process
  • Perform penetration testing against an enterprise to determine vulnerabilities and points of compromise
  • Use various tools to identify and remediate malware across your enterprise
SEC501 Features 25 Lab Exercises That Will Show You How To
  • Build a defensible network architecture by auditing router configurations, launching successful attacks against them, hardening devices to withstand those same attacks, and using active defense tools to detect an attack and generate an alert
  • Perform detailed analysis of traffic using various sniffers and protocol analyzers, and automate attack detection by creating and testing new rules for detection systems
  • Identify and track attacks and anomalies in network packets
  • Use various tools to assess systems and web applications for known vulnerabilities, and exploit those vulnerabilities using penetration testing frameworks and toolsets
  • Analyze Windows systems during an incident to identify signs of a compromise
  • Find, identify, analyze, and clean up malware such as Ransomware using a variety of techniques, including monitoring the malware as it executes and manually reversing its code to discover its secrets

Enquire

Start date Location / delivery
24 Jan 2022 Virtual Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...