Threat Hunting & Incident Response


Threat Hunting & Incident Response
پس از پرداخت اطلاعات به ایمیل شما ارسال خواهد شد
- پیشرفته
- مسیر آبی
- ۴ درس

دربارهی این دوره
این دوره به چه افرادی توصیه میشود؟
- تحلیلگران و مهندسین SOC
- کارشناسان ارزیابی امنیت/تست نفوذ/تیم قرمز
- کارشناسان پاسخگویی به تهدیدات سایبری
- شکارچیان تهدیدات سایبری
- مشاورین امنیت سایبری
- علاقهمندان به تیم بنفش (Purple Team)
برای حضور در این دوره چه دانشهایی باید داشته باشم؟
- آشنایی با مفاهیم انواع حملات سایبری
- آشنایی با سیستمعاملهای ویندوز
- آشنایی با پروتکلهای TCP/IP
- آشنایی با مفاهیم تحلیل وقایع و لاگ
- حداقل ۲ سال سابقهی فعالیت در زمینهی امنیت سایبری
سرفصلهای دوره
-
APT
-
What is an APT attack?
-
APT Core Tactics
-
APT Attack Lifecycle
-
Real world APT Attacks
-
Red Team Tools
-
Why Threat Hunting
-
EDR, SOC, SIEM, Antivirus Can be Bypassed
-
-
Incident Response & Threat Hunting in common
-
Incident Response
-
How to Catch Bad Guys (SOC, Threat Hunting, Tools)
-
Security Controls and Types of Logs in an Organization
-
Incident Response Preparation
-
-
Tools
-
Useful Audit Policies
-
-
Build Our Tools with PowerShell
-
Ravin Hunting Tools
-
Sysmon and Configurations
-
Harden Your Sysmon:)
-
EDR
-
Event Viewer and ETW
-
-
Hunting APTs Core Tactics
-
Initial Access
-
malicious Attachment
-
Advanced Execution Techniques
-
Password Spray
-
Analyze Attacks Using sysmon & Splunk OR Elastic
-
Phishing
-
-
Persistence
-
DLL Proxy DLL Hijacking
-
Logon Scripts
-
Screensavers
-
Scheduled Tasks Elevated Multi-Action
-
SSP and Authentication Packages
-
Application Shims
-
Registry (Not Just Run Keys)
-
WMI Event Subscriptions
-
Active Directory Persistence
-
Golden Ticket Hunting
-
-
Lateral Movement
-
Hunting Impacket for Lateral Movement
-
Remote Service and SCM
-
Remote Schedule Task
-
Remote Registry
-
Name Pipes
-
PowerShell for Lateral Movement
-
Customized Psexec (Service, Pipe rename)
-
Com Objects for Lateral Movement
-
-
Credential Attacks
-
LSASS Memory Read Advance Detection
-
Dumping NTDS Detection
-
Hunting Native DLLs and Tools for Credential Dumping
-
DCSync and Stealthy DCSync
-
Abusing ACLs, SACL and Active Directory Rights
-
Unconstrained Delegation
-
Hunt What Your SIEM dos not Detect for Credential Dump
-
MiniDump WriteDump
-
Token Impersonation Hunt
-
Hunt Stealthy usage of Impacket for Credential Dump
-
Implementing Credential Guard & Powered Use
-
Pass the Hash
-
-
-
Execution and Defense Evasion
-
Malware Defense Evasion Techniques
-
Process Injection
-
Use of Legitimate Applications
-
Disguise Malware Using COM Objects
-
Detecting & Preventing the Abuse of the Legitimate Applications
-
Sysmon & EDR Bypass Techniques
-
-
Recon and Discovery
-
LDAP Hunting (Powerview, Bloodhound, …)
-
User and Group Enumeration Hunting
-
Decoy
-
Hunt Registry for Recon Purpose
-
-
In-Depth Investigation & Forensics
-
Incident Response in an Enterprise
-
Intro to PowerShell
-
PowerShell Remoting
-
Collect & Analyze Malicious
-
Collect Minidumps Using PowerShell
-
Detect Suspicious Processes Using PowerShell
-
Automating Artifacts Collection & Analysis for Threat Intelligence
-
Convert Your Threat Hunting Hypothesis into an Alert
-
Write Your Own SIGMA Rules
-
-
Malware Privilege Escalation Techniques
-
UAC Bypasses Using Legitimate Apps
-
UAC Bypasses Using COM Objects
-
UAC Bypasses Using Shimming
-
Abusing Services for Privilege Escalation
-
DLL Order Hijacking
-
Privilege Escalation to SYSTEM
-
-
گواهینامهی دوره
