New
Level: Foundation

Cyber Vanguard Series- Cyber Storm Assault Tactics

5 Day | Instructor Led

All actions in war, regardless of the level, are based upon either taking the initiative or reacting in response to the opponent. By taking the initiative, we dictate the terms of the conflict and force the enemy to meet us on our terms. The initiative allows us to pursue some positive aim even if only to preempt an enemy initiative. It is through the initiative that we seek to impose our will on the enemy.

Inquire About
Cyber Vanguard Series- Cyber Storm Assault Tactics

Ideal Candidates for Cyber Vanguard Series- Cyber Storm Assault Tactics Class

CyberSAT is intended for those who are team leads for HUNT, Protection, or Incident Response Teams.General Intrusion Detection Analysts, System Administrators, and Security Architects can benefit from this course in learning how to design, build, and operate the enterprise network, in order to counteract, expose, and respond to attacks.

Cyber Vanguard Series- Cyber Storm Assault Tactics Prerequisites

Systems administration experience, familiarization with TCP/IP, and an understanding of UNIX, Linux, and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Security+ Prep Course.

What You'll Get in Cyber Vanguard Series- Cyber Storm Assault Tactics

What You'll Learn in Cyber Vanguard Series- Cyber Storm Assault Tactics

• How best to prepare for an eventual breach
• The step-by-step approach used by many computer attackers
• Proactive and reactive defenses for each stage of a computer attack
• How to identify active attacks and compromises
• The latest computer attack vectors and how you can stop them
• How to properly contain attacks
• How to ensure that attackers do not return
• How to recover from computer attacks and restore systems for business
• How to understand and use hacking tools and techniques
• Strategies and tools for detecting each type of attack
• Attacks and defenses for Windows, Unix, switches, routers, and other systems
• Application-level vulnerabilities, attacks, and defenses
• How to develop an incident handling process and prepare a team for battle
• Legal issues in incident handling

Cyber Vanguard Series- Cyber Storm Assault Tactics Certification

None

Cyber Vanguard Series- Cyber Storm Assault Tactics Outline

CYBER TACTICS PHASE 1 – FOOTPRINTING AND ATTACK VECTOR DETERMINATION

Reconnaissance
  • What does your network reveal?
  • Are you leaking too much information?
  • Using Whois lookups, ARIN, RIPE and APNIC
  • Domain Name System harvesting
  • Data gathering from job postings, websites, and government databases
  • Recon-ng
  • Pushpin
  • Identifying publicly compromised accounts
  • Maltego
  • FOCA for metadata analysis
Scanning
  • Locating and attacking unsecure wireless LANs
  • War dialing with War-VOX for renegade modems and unsecure phones
  • Port scanning: Traditional, stealth, and blind scanning
  • Active and passive Operating System fingerprinting
  • Determining firewall filtering rules
  • Vulnerability scanning using Nessus and other tools
  • CGI scanning with Nikto
Intrusion Detection System (IDS) Evasion
  • Foiling IDS at the network level: Fragmentation and other tricks
  • Foiling IDS at the application level: Exploiting the rich syntax of computer languages
  • Using Fragroute and Web Attack IDS evasion tactics
  • Bypassing IDS/IPS with TCP obfuscation techniques

CYBER TACTICS PHASE 2 – PENETRATING THE NETWORK

Network-Level Attacks
  • Session hijacking: From Telnet to SSL and SSH
  • Monkey-in-the-middle attacks
  • Passive sniffing
Gathering and Parsing Packets
  • Active sniffing: ARP cache poisoning and DNS injection
  • DNS cache poisoning: Redirecting traffic on the Internet
  • Using and abusing Netcat, including backdoors and nasty relays
  • IP address spoofing variations
Operating System and Application-level Attacks
  • Buffer overflows in-depth
  • The Metasploit exploitation framework
  • Format string attacks
Netcat: The Attacker's Best Friend
  • Transferring files, creating backdoors, and shoveling shell
  • Netcat relays to obscure the source of an attack
  • Replay attacks

CYBER TACTICS PHASE 3 – PENETRATING THE USER

Password Cracking
  • Analysis of worm trends
  • Password cracking with John the Ripper
  • Rainbow Tables
  • Password spraying
Web Application Attacks
  • Account harvesting
  • SQL Injection: Manipulating back-end databases
  • Session Cloning: Grabbing other users' web sessions
  • Cross-Site Scripting
Denial-of-Service Attacks
  • Distributed Denial of Service: Pulsing zombies and reflected attacks
  • Local Denial of Service

CYBER TACTICS PHASE 4 – MAINTAIN ACCESS AND EXTRACTION

Maintaining Access
  • Backdoors: Using Poison Ivy, VNC, Ghost RAT, and other popular beasts
  • Trojan horse backdoors: A nasty combo
  • Rootkits: Substituting binary executables with nasty variations
  • Kernel-level Rootkits: Attacking the heart of the Operating System (Rooty, Avatar, and Alureon)
Covering the Tracks
  • File and directory camouflage and hiding
  • Log file editing on Windows and Unix
  • Accounting entry editing: UTMP, WTMP, shell histories, etc.
  • Covert channels over HTTP, ICMP, TCP, and other protocols
  • Sniffing backdoors and how they can really mess up your investigations unless you are
  • aware of them
  • Steganography: Hiding data in images, music, binaries, or any other file type
  • Memory analysis of an attack
Putting It All Together
  • Specific scenarios showing how attackers use a variety of tools together
  • Analyzing scenarios based on real-world attacks
  • Learning from the mistakes of other organizations
  • Where to go for the latest attack info and trends
INCIDENT HANDLING AND CRIME SCENE INVESTIGATION Preparation
  • Building an incident response kit
  • Identifying your core incident response team
  • Instrumentation of the site and system
Identification
  • Signs of an incident
  • First steps
  • Chain of custody
  • Detecting and reacting to Insider Threats
Containment
  • Documentation strategies: video and audio
  • Containment and quarantine
  • Pull the network cable, switch and site
  • Identifying and isolating the trust model
Eradication
  • Evaluating whether a backup is compromised
  • Total rebuild of the Operating System
  • Moving to a new architecture
Recovery
  • Who makes the determination to return to production?
  • Monitoring to system
  • Expect an increase in attacks
Special Actions for Responding to Different Types of Incidents
  • Espionage
  • Inappropriate use
Incident Record-keeping
  • Pre-built forms
  • Legal acceptability
Incident Follow-up
  • Lessons learned meeting
  • Changes in process for the future

PRACTICAL APPLICATION - CAPTURE THE FLAG

Hands-on Analysis
  • Target dossier creation
  • Nmap port scanner
  • Nessus vulnerability scanner
  • Network mapping
  • Netcat: File transfer, backdoors, and relays
  • More Metasploit
  • Exploitation using built in OS commands
  • Privilege escalation
  • Advanced pivoting techniques

Testimonials

A. Erlich

RITSC, N6C

I just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.

Wilder Guerra

US Navy Reserve

This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.

Rebekah Coughlin

MicroTech

The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.


Top Related Courses

The Ransomware exercise is a customized, six-hour, live fire Cyber Range training exercise hosted on ACRE. This exercise is led by expert cyber security engineers and can be executed in a classroom as well as remotely. In this exercise, a ransomware-based attack (i.e., “WannaKry”) is launched via a malicious spear phishing originated compromise. This exercise includes a hands-on keyboard interface, which creates realistic technical training and management interaction opportunities. This exercise is not simulated – it is real malware, detonated in representative network enviroment. Participants are encouraged to view the attack as if it were happening to their institutions in real time, and asked to share what they have done or would do based on the facts provided. Such “range-based” exercises help institutions better understand the impact of an attack and prompt them to improve the ways in which their network defenders respond, communicate, request assistance, and recover from real-world cyber attacks. Institutions that have participated in this exercise have benefited directly by building greater interaction with their security community, as well as increasing capability maturity levels and resiliency across their specific customer sector.



One major catalyst of change is the advancement of technology. As the hardware of war improves through technological development, so must the tactical, operational, and strategic usage adapt to its improved capabilities both to maximize our own capabilities and to counteract our enemy's. MCDP-1 Warfighting

For the first time in history, the cyber and warfare climate have intertwined. The blending of these two worlds has shown the importance of functional, practical and aggressive cybersecurity. UKI’s CyberVanguard Series Tier I: Enterprise Guardian focuses on enhancing foundational policies and best practices, with advanced fundamentals, empowering cybersecurity teams to protect their enterprise network.

 



Cyber Vanguard Series - Cyber Strike takes the offensive and defensive assault tactics and applies them in several different real world scenarios. The entire course is hands on and builds upon the skills and knowledge the students have previously received. Applications include Offensive only - Hunt Teaming, Data Harvesting, and Asset Extraction, Defensive Only – Defending Your Assets, Setting Active Intrusion Systems, Vulnerability Assessment and Remediation, and Offensive and Defensive – Capture the Flag, where teams are pitted against each other to protect their own resources while attacking the opposing team.



© 2017 Ultimate Knowledge Insitute | All Rights Reserved | GSA# GS-35F-0469W