SOC Tier 1 Operations Zero to Hero

  • سازمانی متوسط
  • مسیر آبی
  • ۴۳ درس
ثبت نام سازمانی این دوره
تاریخ شروع
۸ آذر ۱۴۰۲
طول دوره
۱۶۰ساعت
گواهی‌نامه و آزمون
دارد
ظرفیت
۱۶ نفر باقی مانده
نوع برگزاری
آفلاین

درباره‌ی این دوره

تماشای ویدیوی جلسه‌ی صفر دوره

در عصر حاضر با پیشرفت سریع فناوری و تهدیدات روزمره‌ی آن، مشاغل بزرگ و کوچک باید از اطلاعات حساس خود مانند داده‌های مشتریان، کارمندان، شرکا، اسناد سازمانی و سایر موارد در برابر افراد خراب‌کار و مهاجمین سایبری محافظت کنند. اما از طرف دیگر با افزایش تعداد مهاجمان سایبری و پیچیده‌تر شدن حملات در دنیا، این محافظت به یک موضوع روز به روز چالش برانگیزتر تبدیل شده است. امنیت سایبری در سال‌های اخیر در کنار جلوگیری و پیش‌گیری از حملات، بر روی شناسایی تهدیدات و حملات سایبری در زیرساخت متمرکز شده است. در گذشته اگر نفوذگر موفق به دور زدن راهکارهای امنیتی بازدارنده‌ی قربانی می‌شد، دیگر مانع بزرگی در مسیر خود نمی‌دید و می‌توانست هفته‌ها یا ماه‌ها در شبکه قربانی به گردش و جستجو پرداخته و داده‌های محرمانه‌ی قربانی را از شبکه استخراج یا حتی این داده‌های سرقتی را در طول زمان به‌روزرسانی کند. همین امر موجب شد تا سازمان‌ها به راهکارهای جدید و پیچیده‌تری برای مقابله با نفوذگران در مرحله‌ی پس از نفوذ، روی بیاورند. در همین راستا یکی از راهکارهای اساسی که مورد استقبال سازمان‌های دنیا قرار گرفت، راه‌اندازی مراکز عملیات امنیت (SOC) بود. در واقع یکی از مهم‌ترین وظایف مرکز عملیات امنیت، شناسایی و پاسخ به انواع تهدیدات سایبری با بهره‌گیری از  متخصصین در سطوح مختلف است. اما علیرغم موارد ذکر شده، یکی از مهم‌ترین چالش‌های مراکز  عملیات امنیت در دنیا، کمبود نیروی متخصص در لایه‌های مختلف این مراکز است. این چالش در ایران نیز به مراتب پررنگ‌تر از بسیاری کشورها، وجود دارد. این دوره‌ی جامع با هدف آموزش دانش مورد نیاز برای تبدیل شدن به کارشناس لایه‌ی یک در مراکز عملیات امنیت، با چهار ماژول اصلی به شرح زیر ارایه شده است:

  • عملیات امنیت و مانیتورینگ
  • تحلیل ترافیک
  • مبانی کار با Splunk مبتنی بر دوره‌ی Splunk Fund 1
  • تحلیل SIEM‌ و تیم آبی

جلسات آموزشی این دوره به‌صورت آفلاین (ویدیویی) در اختیار شرکت‌کنندگان قرار خواهد گرفت. این دوره شامل حداقل ۱۰۰ ساعت محتوای آموزشی است که در قالب ویدیویی در اختیار شرکت‌کنندگان قرار خواهد گرفت. همچنین به‌صورت متناوب، جلسه‌های آنلاین توسط مدرس دوره و یا TAها جهت هرگونه رفع اشکال و پرسش‌وپاسخ برگزار خواهد شد. این دوره که دومین دوره‌ی SOC Tier 1 Operations Zero to Hero آکادمی راوین است، از ۱ آذر شروع خواهد شد و حداقل ۷ ماه پشتیبانی خواهد داشت.

این دوره به چه افرادی توصیه می‌شود؟

  • تحلیل‌گران و مهندسان لایه‌ی اول SOC
  • علاقه‌مندان به امنیت سایبری
  • دانشجویان و فارغ‌التحصیلان رشته‌های فناوری اطلاعات
  • افرادی که در پوزیشن‌های Help Desk و ادمین شبکه فعالیت می‌کنند

برای حضور در این دوره چه دانش‌هایی باید داشته باشم؟

  • آشنایی با مفاهیم حملات سایبری
  • آشنایی با مفاهیم سیستم‌عامل‌های ویندوز و لینوکس
  • آشنایی با مفاهیم شبکه و پروتکل‌ها

سرفصل‌های دوره

  • Incident Response and Cyber Investigations
  • Incident Response
    • Case study: Argous Corporation compromise
    • Dynamic Approach to Incident Response
    • Investigative analysis: Examining incident evidence
  • Digital Investigations
    • Techniques for digital investigation
    • Establishing an incident timeline
    • Investigation efficiency: Data reduction
  • Live Examination
    • Identifying suspicious Windows processes
    • Correlating network and persistence activity
    • Enumerating Windows auto-start extensibility points
    • Leveraging Sysinternals for live Windows examinations
  • Network Investigations
    • Identifying compromised host beaconing with proxy server logs
    • Filtering network activity to identify indicators of compromise
    • Assessing encrypted network traffic with multiple data sources
    • Building the incident timeline
  • Network Investigations
    • Memory Investigations
    • Conducting offline analysis of attacker persistence Cyberscope and SCAP
    • Using Volatility to inspect attacker malware
  • Malware Investigations
    • Assessing attacker malware in a custom test environment
    • Using snapshot and continuous recording tools
    • Inspecting malware actions with RegShot and Procmon
    • Identifying malicious code on Windows
  • Continuous Monitoring and Security Operations
  • Current State Assessment, Security Operations Centers, and Security Architecture
    • Traditional Security Architecture
      • Perimeter-focused
      • Addressed Layer 3/4
      • Centralized Information Systems
      • Prevention-Oriented
      • Device-driven
      • Traditional Attack Techniques
    • Introducing Security Onion 2.X
      • Alerts Menu
      • Pivoting to the Hunt Menu
      • The PCAP Menu
    • Modern Security Architecture Principles
      • Detection-oriented
      • Post-Exploitation-focused
      • Decentralized Information Systems/Data
      • Risk-informed
      • Layer 7 Aware
      • Security Operations Centers
      • Network Security Monitoring
      • Continuous Security Monitoring
      • Modern Attack Techniques
      • Adversarial Dominance
      • MITRE ATT&CK®
    • Security Architecture – Key Techniques/Practices and Defensible Network Security Architecture Principles Applied
      • Threat Vector Analysis
      • Data Exfiltration Analysis
      • Detection Dominant Design
      • Intrusion Kill Chain
      • Visibility Analysis
      • Lateral Movement Analysis
      • Data Ingress/Egress Mapping
      • Internal Segmentation
      • Zero Trust Architecture (Kindervag)
      • Data Visualization
      • Network Security Monitoring
      • Continuous Security Monitoring
  • Network Security Architecture
    • SOCs/Security Architecture – Key Infrastructure Devices
      • Traditional and Next- Generation Firewalls, and NIPS
      • Web Application Firewall
      • Malware Detonation Devices
      • HTTP Proxies, Web Content Filtering, and SSL/TLS Decryption
      • SIEMs, NIDS, Packet Captures, and DLP
      • Honeypots/Honeynets
      • Network Infrastructure – Routers, Switches, DHCP, DNS
      • Threat Intelligence
    • Segmented Internal Networks
      • Routers
      • Internal SI Firewalls
      • VLANs
      • Detecting the Pivot
      • DNS architecture
      • Encrypted DNS including DNS over HTTPS (DoH) and DNS over TLS (DoT)
  • Network Security Monitoring
    • Evolution of NSM
    • The NSM Toolbox
    • NIDS Design
    • Analysis Methodology
    • Understanding Data Sources
      • Full Packet Capture
      • Extracted Data
      • String Data
      • Flow Data
      • Transaction Data
      • Statistical Data
      • Alert Data
      • Tagged Data
      • Correlated Data
    • Practical NSM Issues
    • Cornerstone NSM
      • Service-Side and Client-Side Exploits
      • Identifying High-Entropy Strings
      • Tracking EXE Transfers
      • Identifying Command and Control (C2) Traffic
      • Tracking User Agents
      • C2 via HTTPS
      • Tracking Encryption Certificates
      • Detecting Malware via JA3
    • Detecting Cobalt Strike
      • Criminal Usage of Cobalt Strike
      • Malleable C2
      • Cobalt Strikes x.509 Certificates
  • Endpoint Security Architecture
    • Endpoint Security Architecture
      • Endpoint Protection Platforms
      • Endpoint Detection Response
      • Authentication Protection/Detection
      • Configuration Management/Monitoring
    • Endpoint Protection
      • TPM: Device Health Attestation
      • Host-based Firewall, Host-based IDS/IPS
      • Application Control, Application Virtualization
      • Virtualization Based Security
      • Microsoft Defender: Application Guard
      • Windows Defender: Credential Guard
      • Defender for Endpoint: Attack Surface Reduction
      • EMET and Defender Exploit Guard
    • Endpoint Detection Windows – Sysmon
      • FileDelete, ProcessTampering, and other recent additions
      • IMPHASH
      • DeepBlueHash
    • Authentication Protection and Detection
      • Privileged Account Monitoring
      • Dynamic Lock
      • PIN-Only Authentication
      • Hash/Ticket/Token Attacks
  • Automation and Continuous Security Monitoring
    • Industry Best Practices
      • Continuous Monitoring and the 20 CIS Critical Security Controls
      • Australian Signals Directorate (ASD) Strategies to Mitigate Targeted Cyber Intrusions
    • Winning CSM Techniques
      • Long Tail Analysis
      • Australian Signals Directorate (ASD) Strategies to Mitigate Cyber Security Incidents
      • The ASD Essential Eight
    • Maintaining Situational Awareness
    • Host, Port, and Service Discovery
    • Vulnerability Scanning
    • Monitoring Patching
    • Monitoring Applications
    • Monitoring Service Logs
      • Detecting Malware via DNS logs
      • Detecting DNS Tunneling via Iodine and dnscat2
      • Domain_stats and Registration Data Access Protocol (RDAP)
    • Monitoring Change to Devices and Appliances
    • Leveraging Proxy and Firewall Data
    • Configuring Centralized Windows Event Log Collection
    • Monitoring Critical Windows Events
      • Hands-on: Detecting Malware via Windows Event Logs
    • Scripting and Automation
      • Importance of Automation
      • PowerShell
      • DeepBlueCLI
  • Network Traffic Analysis Cyber Security Threat Detection
  • Introduction to Traffic Analysis
    • Traffic Analysis Overview
    • OSI Model
    • TCP/IP Model
    • Communication Models
    • Traffic Analysis for Offense
    • Traffic Analysis for Defense
      • Terminology
      • Port SPAN (Mirroring)
      • Man In The Middle (MITM)
      • Full packet Capture
      • NetFlow
      • Title
  • Wireshark Basics
    • Wireshark Overview
    • Wireshark Filters
    • Wireshark Tips
    • Decoding
    • Field Extraction
    • Exporting of results
    • Wireshark investigation of an incident
    • Practical Wireshark uses for analyzing
  • Hunting Information form Packets
    • DNS
    • Internal Routing Protocols
    • HTTP/HTTPS
    • NetBIOS
    • SNMP
    • DHCP
    • SMB
    • SMTP
    • ICMP
    • FTP
  • Intrusion Detection by Traffic Analysis
    • Analyzing & Detecting Link Layer Attacks
    • Analyzing & Detecting IP Layer Attacks
    • Analyzing & Detecting Transport Layer Attacks
    • Analyzing Common Application Protocol Traffic & Attacks
    • Introduction to Open Source IDS Solutions
    • Introduction Zeek and RITA
      • Using Zeek and RITA to find Evil
  • Tshark basics And TCPdump
    • Tshark Overview
    • Tshark Filters
    • Exporting of Results
  • Blue Team Tools and Operations
    • Introduction to the Blue Team Mission
      • What is a SOC? What is the mission?
      • Why are we being attacked?
      • Modern defense mindset
      • The challenges of SOC work
    • SOC Overview
      • The people, process, and technology of a SOC
      • Aligning the SOC with your organization
      • SOC functional component overview
      • Tiered vs. tierless SOCs
      • Important operational documents
    • Defensible Network Concepts
      • Understanding what it takes to be defensible
      • Network security monitoring (NSM) concepts
      • NSM event collection
      • NSM by network layer
      • Continuous security monitoring (CSM) concepts
      • CSM event collection
      • Monitoring sources overview
      • Data centralization
    • Events, Alerts, Anomalies, and Incidents
      • Event collection
      • Event log flow
      • Alert collection
      • Alert triage and log flow
      • Signatures vs. anomalies
      • Alert triage workflow and incident creation
    • Incident Management Systems
      • SOC data organization tools
      • Incident management systems options and features
      • Data flow in incident management systems
      • Case creation, alerts, observables, playbooks, and workflow
      • Case and alert naming convention
      • Incident categorization framework
    • Threat Intelligence Platforms
      • What is cyber threat intelligence?
      • Threat data vs. information vs. intelligence
      • Threat intel platform options, features, and workflow
      • Event creation, attributes, correlation, and sharing
    • SIEM
      • Benefits of data centralization
      • SIEM options and features
      • SIEM searching, visualizations, and dashboards
      • Use cases and use case databases
    • Automation and Orchestration
      • How SOAR works and benefits the SOC
      • Options and features
      • SOAR value-adds and API interaction
      • Data flow between SOAR and the SIEM, incident management system, and threat intelligence platform
    • Who Are Your Enemies?
      • Who’s attacking us and what do they want?
      • Opportunistic vs. targeted attackers
      • Hacktivists, insiders, organized crime, governments
      • Motivation by attacker group
      • Case studies of different attack groups
      • Attacker group naming conventions
      • Title
      • Title
      • Title
  • Understanding Your Network
    • Corporate Network Architecture
    • Traffic Capture and Analysis
    • Understanding DNS
    • DNS analysis and attacks
    • Understanding HTTP and HTTPS
    • Analyzing HTTP for Suspicious Activity
    • How SMTP and Email Attacks Work
    • Additional Important Protocols
      • SMB – versions and typical attacks
      • DHCP for defenders
      • ICMP and how it is abused
      • FTP and attacks
      • SSH and attacks
      • PowerShell remoting
  • Understanding Endpoints, Logs, and Files
    • Endpoint Attack Tactics
      • Endpoint attack centricity
      • Initial exploitation
      • Service-side vs client-side exploits
      • Post-exploitation tactics, tools, and explanations – execution, persistence, discovery, privilege escalation, credential access, lateral movement, collection, exfiltration
    • Endpoint Defense In-Depth
    • Network scanning and software inventory
      • Vulnerability scanning and patching
      • Anti-exploitation
      • Whitelisting
      • Host intrusion prevention and detection systems
      • Host firewalls
      • File integrity monitoring
      • Privileged access workstations
      • Windows privileges and permissions
      • Endpoint detection and response tools (EDR)
      • File and drive encryption
      • Data loss prevention
      • User and entity behavior analytics (UEBA)
    • How Windows Logging Works
      • Channels, event IDs, and sources
      • XML format and event templates
      • Log collection path
      • Channels of interest for tactical data collection
    • How Linux Logging Works
      • Syslog log format
      • Syslog daemons
      • Syslog network protocol
      • Log collection path
      • Systemd journal
      • Additional command line auditing options
      • Application logging
      • Service vs. system logs
    • Interpreting Important Events
      • Windows and Linux login events
      • Process creation logs for Windows and Linux
      • Additional activity monitoring
      • Firewall events
      • Object and file auditing
      • Service creation and operation logging
      • New scheduled tasks
      • USB events
      • User creation and modification
      • Windows Defender events
      • PowerShell logging
      • Kerberos and Active Directory Events
      • Authentication and the ticket-granting service
      • Kerberos authentication steps
      • Kerberos log events in detail
    • Log Collection, Parsing, and Normalization
      • Logging pipeline and collection methods
      • Windows vs. Linux log agent collection options
      • Parsing unstructured vs. structured logs
      • SIEM-centric formats
      • Efficient searching in your SIEM
      • The role of parsing and log enrichment
      • Log normalization and categorization
      • Log storage and retention lifecycle
    • Files Contents and Identification
      • File contents at the byte level
      • How to identify a file by the bytes
      • Magic bytes
      • Nested files
      • Strings – uses, encoding options, and viewing
    • Identifying and Handling Suspicious Files
      • Safely handling suspicious files
      • Dangerous files types
      • Exploits vs. program “features”
      • Exploits vs. Payloads
      • Executables, scripts, office docs, RTFs, PDFs, and miscellaneous exploits
      • Hashing and signature verification
      • Signature inspection and safety of verified files
      • Inspection methods, detecting malicious scripts and other files
  • Triage and Analysis
    • Alert Triage and Prioritization
      • Priority for triage
      • Spotting late-stage attacks
      • Attack lifecycle models
      • Spotting exfiltration and destruction attempts
      • Attempts to access sensitive users, hosts, and data
      • Targeted attack identification
      • Lower-priority alerts
      • Alert validation
    • Perception, Memory, and Investigation
      • The role of perception and memory in observation and analysis
      • Working within the limitations of short-term memory
      • Efficiently committing info to long-term memory
      • Decomposition and externalization techniques
      • The effects of experience on speed and creativity
    • Perception, Memory, and Investigation
      • The role of perception and memory in observation and analysis
      • Working within the limitations of short-term memory
      • Efficiently committing info to long-term memory
      • Decomposition and externalization techniques
      • The effects of experience on speed and creativity
    • Mental Models for Information Security
      • Network and file encapsulation
      • Cyber kill chain
      • Defense-in-depth
      • NIST cybersecurity framework
      • Incident response cycle
      • Threat intelligence levels, models, and uses
      • F3EAD
      • Diamond model
      • The OODA loop
      • Attack modeling, graph/list thinking, attack trees
      • Pyramid of pain
      • MITRE ATT&CK
    • Structured Analysis Techniques
      • Compensating for memory and perception issues via structured analysis
      • System 1 vs. System 2 thinking and battling tacit knowledge
      • Data-driven vs. concept-driven analysis
      • Structured analytic techniques
      • Idea generation and creativity, hypothesis development
      • Confirmation bias avoidance
      • Analysis of competing hypotheses
      • Diagnostic reasoning
      • Link analysis, event matrices
    • Analysis Questions and Tactics
      • Where to start – breaking down an investigation
      • Alert validation techniques
      • Sources of network and host information
      • Data extraction
      • OSINT sources
      • Data interpretation
      • Assessing strings, files, malware artifacts, email, links
    • Analysis OPSEC
      • OPSEC vs. your threat model
      • Traffic light protocol and intel sharing
      • Permissible action protocol
      • Common OPSEC failures and how to avoid them
    • Intrusion Discovery
      • Dwell time and intrusion type
      • Determining attacker motivation
      • Assessing business risk
      • Choosing an appropriate response
      • Reacting to opportunistic/targeted attacks
      • Common missteps in incident response
    • Incident Closing and Quality Review
      • Steps for closing incidents
      • Quality review and peer feedback
      • Analytical completeness checks
      • Closed case classification
      • Attribution
      • Maintaining quality over time
      • Premortem and challenge analysis
      • Peer review, red team, team A/B analysis, and structured self-critique
      • Title
  • Continuous Improvement, Analytics, and Automation
    • Improving Life in the SOC
      • Expectations vs. common reality
      • Burnout and stress avoidance
      • Improvement through SOC human capital theory
      • The role of automation, operational efficiency, and metrics in burnout
      • Other common SOC issues
    • Goals of analytic creation
      • Log features and parsing
      • High-feature vs. low-feature logs
      • Improvement through SIEM enrichment
      • External tools and other enrichment sources
    • New Analytic Design, Testing, and Sharing
      • Tolerance to false positives/negatives
      • The false positive paradox
      • Types of analytics
      • Feature selection for analytics
      • Matching with threat intel
      • Regular expressions
      • Common matching and rule logic options
      • Analytic generalization and sharing with Sigma
    • Tuning and False Positive Reduction
      • Dealing with alerts and runaway alert queues
      • How many analysts should you have?
      • Types of poor alerts
      • Tuning strategy for poor alert types
      • Tuning via log field analysis
      • Using policy to raise fidelity
      • Sensitivity vs. specificity
      • Automation and fast lanes
    • Automation and Orchestration
      • The definition of automation vs. orchestration
      • What is SOAR?
      • SOAR product considerations
      • Common SOAR use cases
      • Enumeration and enrichment
      • Response actions
      • Alert and case management
      • The paradox of automation
      • DIY scripting
    • Improving Operational Efficiency and Workflow
      • Micro-automation
      • Form filling
      • Text expanders
      • Email templates
      • Smart keywords
      • Browser plugins
      • Text caching
      • JavaScript page modification
      • OS Scripting
    • Containing Identified Intrusions
      • Containment and analyst empowerment
      • Isolation options across network layers – physical, link, network, transport, application
      • DNS firewalls, HTTP blocking and containment, SMTP, Web Application Firewalls
      • Host-based containment tools
  • Splunk fundamental 1
  • Introduction
    • Overview of Buttercup Games Inc.
  • What is Splunk?
    • Splunk components
    • Installing Splunk
    • Getting data into Splunk
  • Introduction to Splunk’s User Interface
    • Understand the uses of Splunk
    • Understand the uses of Splunk
    • Understand the uses of Splunk
    • Learn basic navigation in Splunk
  • Basic Searching
    • Run basic searches
    • Use autocomplete to help build a search
    • Set the time range of a search
    • Identify the contents of search results
    • Refine searches
    • Use the timeline
    • Work with events
    • Control a search job
    • Save search results
  • Using Fields in Searches
    • Understand fields
    • Use fields in searches
    • Use the fields sidebar
  • Search Language Fundamentals
    • Review basic search commands and general search practices
    • Examine the search pipeline
    • Specify indexes in searches
    • Use autocomplete and syntax highlighting
    • Use SPL search commands to perform searches
    • Title
  • Using Basic Transforming Commands
    • The top command
    • The rare command
    • The stats command
  • Creating Reports and Dashboards
    • Save a search as a report
    • Edit reports
    • Create reports that include visualizations such as charts and tables
    • Create a dashboard
    • Add a report to a dashboard
    • Edit a dashboard
  • Datasets and the Common Information Model
    • Naming conventions
    • What are datasets?
    • What is the Common Information Model (CIM)?
  • Creating and Using Lookups
    • Creating and Using Lookups
    • Create a lookup file and create a lookup definition
    • Configure an automatic lookup
  • Creating Scheduled Reports and Alerts
    • Describe scheduled reports
    • Configure scheduled reports
    • Describe alerts
    • Create alerts
    • View fired alerts
  • Using Pivot
    • Describe Pivot
    • Understand the relationship between data models and pivot
    • Select a data model object
    • Create a pivot report
    • Create an instant pivot from a search
    • Add a pivot report to a dashboard
    • Title
  • SIEM with Tactical Analytics
  • SIEM Architecture
    • State of the SOC/SIEM
    • Log Monitoring
    • Logging architecture
    • SIEM platforms
    • Planning a SIEM
    • SIEM Architecture
    • Ingestion techniques and nodes
    • Data queuing and resiliency
    • Storage and speed
    • Analytical reporting
      • Visualizations
      • Detection Dashboards
  • Service Profiling With SIEM
    • Detection methods and relevance to log analysis
      • Attacker patterns
      • Attacker behaviors
      • Abnormalities
    • Analyzing common application logs that generate tremendous amounts of data
    • DNS
      • Finding new domains being accessed
      • Pulling in addition information such as domain age
      • Finding randomly named domains
      • Discover domain shadowing techniques
      • Identifying recon
      • Find DNS C2 channels
      • Title
    • HTTP
      • Use large datasets to find attacks
      • Identify bot traffic hiding in the clear
      • Discover requests that users do not make
      • Find ways to filter out legitimate noise
      • Use attacker randomness against them
      • Identify automated activity vs user activity
      • Filter approved web clients vs unauthorized
      • Find HTTP C2 channels
    • HTTPS
      • Alter information for large scale analysis
      • Analyze certificate fields to identify attack vectors
      • Track certificate validity
      • Apply techniques that overlap with standard HTTP
      • Find HTTPS C2 channels
    • SMTP
      • Identify where unauthorized email is coming from
      • Find compromised mail services
      • Fuzzy matching likely phishing domains
      • Data exfiltration detectionAbnormalities
    • Apply threat intelligence to generic network logs
    • Apply threat intelligence to generic network logs
      • Correlate network datasets
      • Build frequency analysis tables
      • Establish network baseline activity
  • Advanced Endpoint Analytics
    • Endpoint logs
    • Understanding value
      • Methods of collection
      • Agents
      • Agentless
      • Scripting
    • Adding additional logging
      • EMET
      • Sysmon
      • Group Policy
    • Windows filtering and tuning
    • Analyze critical events based on attacker patterns
      • Finding signs of exploitation
      • Find signs of internal reconnaissance
      • Finding persistence
      • Privilege escalation
      • Establishing a foothold
      • Cleaning up track
      • Title
    • Host-based firewall logs
      • Discover internal pivoting
      • Identify unauthorized listening executables
      • See scan activity
    • Credential theft and reuse

گواهینامه‌ی دوره

دوره های مشابه

SOC Tier 1 Operations Zero to Hero
مهدی میرسلطانی

Windows Threat Hunting With Elastic Stack

  • از ۲۲ آذر
  • سازمانی ,متوسط ,
  • مسیر آبی
تکمیل ظرفیت
درخواست برگزاری
SOC Tier 1 Operations Zero to Hero
احسان نیک‌آور

Network & Protocols Fundamentals In Cyber Security

  • از ۲۳ آذر
  • سازمانی ,متوسط ,
  • مسیر آبی
تکمیل ظرفیت
درخواست برگزاری