New
Level: Advanced
Cyber Threats Detection & Mitigation
5 Day | Instructor Led
Ideal Candidates for Cyber Threats Detection & Mitigation Class
- Incident Responders who need to understand and react to IDS alerts
- Network Defenders seeking to automate threat detection
- IDS administrators who wish to improve their signature writing skills
- Security Operations Center Staff seeking to automate traffic analysis
- Penetration Testers looking to reduce their network visibility
Cyber Threats Detection & Mitigation Prerequisites
- A strong understanding of TCP/IP networking
- Successful completion of the Network Traffic Analysis and Malicious Network Traffic Analysis courses
What You'll Get in Cyber Threats Detection & Mitigation
What You'll Learn in Cyber Threats Detection & Mitigation
- Recognize the benefits and limitations of different intrusion detection system types (network- and host- based, and distributed systems)
- Identify optimal sensor placement and gaps in coverage
- Write basic IDS signatures to identify traffic of interest and tune them to reduce false positives
- Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
- Apply decoding and other techniques to overcome IDS evasion efforts
- Develop complex signatures employing rule chaining, event filtering and post-detection analysis to identify distributed attacks, multi-stage events, and other more complex threats
- Use regular expressions to effectively detect variable or morphing attacks
- Manage rule sets to reduce redundancy and maintain system efficiency
No Certification Test Available For This Course
No Certification Test Available For This Course
Cyber Threats Detection & Mitigation Outline
DAY 1 AGENDA
INTRUSIONS- Types and Methodology
- Incident Response
- Incident Response Team Exercise COMMON THREATS
- Cyber Crime
- Social Engineering Malware Installation
- Exploit Servers & Drive-by Downloads
- Ransomware Types
- DNS Hijacking
- Data Exfiltration Walk-Through
- HIDS vs NIDS
- True and False Positives
- Active and Passive Response Types
- Sensor Placement
- Distributed IDS
- Detection Types and Methodology
- Rule Writing Best Practices
- IDS Shortcomings and Vulnerabilities
- Snort Components
- Key Files and Paths
- Protocol Support
- Output Formats
- Output Plugins
- Overview
- Bro Architecture
- BroControl
- Bro Logs
DAY 2 AGENDA
SNORT CONFIGURATION AND VARIABLES- Rule Types
- Signature ID Allocation and Reservations
- Rule Header Fields
- Rule Actions
- Defining and Using Variables
- Formats
- Adding Output types
- Barnyard and Barnyard2
- Squil
- Snorby
- Squert
- MySQL
- Basic Syntax and Guidelines
- Msg
- Reference and the reference.config File
- Rev Usage and Change Control
- Classtype and the classification.config File
- Priority usage and Incidence Response
- Content
- Content Modification nocase
DAY 3 AGENDA
THE DETECT OFFSET POINTER (DOE)- Payload Decoding and Processing
- Start Position and Movement of the doe DOE CONTENT MODIFIERS
- Depth
- Offset
- Distance
- Within
- Byte_jump
- Isdataat
- Byte_test
- IP Header Options
- TCP Header Options
- ICMP Header Options
- Dsize
- Snort Pre-Processors
- Stream5 Rule Options – flow, stream_size
- HTTP_Inspect Rule Options
DAY 4 AGENDA
POST DETECTION- Post Detection Rule Options
- Using Tag to follow a Malicious Actor
- Using detection_filter and event_filter to tune signatures
- Content and Fast Pattern Matching
- Vulnerability versus Exploitation Rules
- Reversing Imported Rules
- PCRE Meta-characters
- Snort Specific PCRE
- PCRE Rule Option Parameters and Usage
- Flowbits Rule Option Parameters andUsage
DAY 5 AGENDA
STUDENT PRACTICAL DEMONSTRATION: Students are given several packet captures contain- ing a variety of scanning and exploitation techniques. They are tasked with identifying the significant ele- ments of the attack and translating them into IDS signatures. Finally, they are tasked with tuning those signatures to reduce false-positives and limit exces- sive events.Testimonials
This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.
The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.
Top Related Courses
The Ransomware exercise is a customized, six-hour, live fire Cyber Range training exercise hosted on ACRE. This exercise is led by expert cyber security engineers and can be executed in a classroom as well as remotely. In this exercise, a ransomware-based attack (i.e., “WannaKry”) is launched via a malicious spear phishing originated compromise. This exercise includes a hands-on keyboard interface, which creates realistic technical training and management interaction opportunities. This exercise is not simulated – it is real malware, detonated in representative network enviroment. Participants are encouraged to view the attack as if it were happening to their institutions in real time, and asked to share what they have done or would do based on the facts provided. Such “range-based” exercises help institutions better understand the impact of an attack and prompt them to improve the ways in which their network defenders respond, communicate, request assistance, and recover from real-world cyber attacks. Institutions that have participated in this exercise have benefited directly by building greater interaction with their security community, as well as increasing capability maturity levels and resiliency across their specific customer sector.
The Cloud Leak exercise is a customized, six-hour, Cyber Range exercise hosted on ManTech’s ACRE® cyber range. This exercise is led by technical instructors and expert cybersecurity engineers and can accommodate 10 to 50 participants in a classroom or remotely. In this exercise, an attack on a cloud-hosted storage service is simulated. Participants are given the following scenario: A major media outlet has contacted bank.com media relations asking for a statement about the discovery that thousands of bank.com customer credit card numbers were obtained through a breach of a cloud storage service. Bank.com is unaware of any such breach. The CEO has requested an immediate investigation into the breach. Participants must determine how the cloud storage site was compromised and the extent of the intrusion, including the types of data exposed and any further infiltration of bank.com’s network. This exercise uses a hands-on keyboard approach to create realistic technical training and management interaction opportunities where participants respond to and report events as identified. Participants are encouraged to view the attack as if it were happening to their institutions in real time. Participants are asked to share what they have done or would do based on the facts provided.
CompTIA's Cybersecurity Analyst (CSA+) training from UKI teaches students to apply behavioral analytics to improve the overall state of IT security, providing critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.
Vendor Details
Ultimate Knowledge Institute
Social Media continues to be a focus of attention within the private and public sectors. Each sector has its own unique requirements for the secure integration and usage of Social Media within their organizations. To handle these unique requirements, management, technology and information security staffs must have a set of Social Media knowledge and skills. In addition to the unique integration and implementation requirements that exist within the private and public sectors, both have a common denominator these organizations have personnel working for them that are using Social Media platforms for personnel use and many organizations, both private and public have significant concerns that a data leakage or significant security event could occur through this personal usage. The curriculum and common body of knowledge within the UKI Social Media Training and Certification program will provide management, technology and information security staffs with the knowledge and skill necessary to design, engineer, integrate and operate Internet based Social Media Platforms through proprietary Enterprise 2.0 governance frameworks, policies, processes and technologies.
A. Erlich
RITSC, N6CI just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.