This is a deep dive course on infrastructure attacks and its security. In this workshop you will identify the areas of vulnerability and gain knowledge about the most sophisticated attacks on the systems and identity solutions in order to steal personal information. We will also learn how modern malware works and what are the ways to discover its operations. After we are familiar with the sensitivities of the infrastructure, we will learn how to identify if the machine is under attack or if the whole system has been compromised. At the end we will look at different strategies and techniques on implementing endpoint security, including various approaches of securing the communication channel.
TARGET AUDIENCE:
This course is aimed at Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.
COURSE PREREQUISITES:
Attendees should meet the following prerequisites:
To attend this training, you should have a good hands-on experience in administering Windows infrastructure. At least 5-8 years in the field is recommended.
COURSE CONTENT:
Module 1: Identifying Areas of Vulnerability
This part introduces the new cybersecurity challenges and trends, emphasizing on data security and integration through and into the cloud and the challenges of the coordination of the cloud and on-premise security solutions. Security is a business enabler, and it is only when it is viewed from a business perspective that we can truly make the right decisions. You will learn how to define values of your company which needs to be protected or restricted. You will know how to find obvious and not so obvious sensitive information which can be monetized by adversaries. Having that scope defined and knowing your resources you will know where the biggest gaps in your security posture are.
• Defining the assets which your company needs to protect
• Defining the other sensitive information that needs to be protected
Module 2: Modern Attack Techniques
In this world where most of the things happen online, hacking provides wider opportunities for the hackers to gain unauthorized access to the unclassified information like credit card details, email account details, and other personal information. So, it is also important to know some of the hacking techniques that are commonly used to get your personal information in an unauthorized way. In this module you will become familiar with the modern hacking techniques.
• OS platform threats and attacks
• Web based threats and attacks
• E-mail threats and attacks
• Physical access threats and attacks
• Social threats and attacks
• Wireless threats and attacks
Module 3: Identity Attacks
There are many methods widely in use today to steal personal information. These attacks on confidential data can be extremely high-tech, involving the latest technologies and most recent security exploits. Many of the attack methods, however, are very low-tech, involving little or no technology at all. By taking a detailed look at the various types of attacks, you will become familiar with the techniques used by cybercriminals.
• Performing the identity attacks
• Cached logons (credentials)
• Data Protection API (DPAPI) for user’s secrets protection
• Credential Guard in details
• Performing the LSA Secrets dump and implementing prevention
• Active Directory and Azure AD security
• Authentication Mechanism Assurance
• Using virtual smart cards
• Multi-factor Authentication
Module 4: Malicious Software Techniques
The hacker can run a malicious program which the user believes to be authentic. This way, after installing the malicious program, the hacker gets unprivileged access. Techniques are becoming more sophisticated than ever. In this module you will learn how modern malware works and what are the ways to discover its operations.
• Types of the attacks
• Points of entry 3
• Persistence methods
• Hiding traces
• Case study: ransomware examples
Module 5: Discovery and Analysis of the Modern Attacks
Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack. Due to this, detecting hacker attacks is not an easy task. This module gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised.
• Defining Critical Security Controls
• Incident response checklist
• Suspicious Activities Time Line
• Filtering Suspicious Activities Network traffic inspection
• Malware analysis tools
• Host, Port and Service Discovery
• Vulnerability Scanning
• Monitoring Patching, Applications, Service Logs
• Detecting the most common attacks: a. DNS Reconnaissance b. Directory Service Enumeration c. Enumerating high privileges accounts d. SMB Session Enumeration e. Enumerate Credentials stored in memory f. Overpass – the – hash g. Harvesting Credentials h. Pass – The – Ticket i. Remote Code Execution j. Compromise KRBTGT Account k. Golden Ticket
• Using Sysmon in the advanced monitoring configuration
• Log Collection
• Scripting and Automation
• PowerShell for extraction and information gathering
• Industry Best Practices
Module 6: Designing and Implementing Endpoint Security
In Enterprise level organizations IT landscape is divided into smaller parts based on their primary function or localization in IT environment. Sometimes you cannot implement security controls globally and you will need a deep understanding of current security posture of each element to wisely put additional layers of security. Having full environment divided into functional parts is also a better approach from financial point of view. Getting internal sponsor acceptance is easier if the benefit is delivered quicker.
• Strategy for protecting Internet facing systems
• Strategy for protecting internal systems
• Strategy for protecting users’ workstation
• Strategy for protecting (against) BYOD devices
• Implementing automation and access control (Just Enough Administration, Desired State Configuration)
• Application whitelisting (AppLocker, Device Guard etc.)
• Configuring firewalls
• Privileged accounts
• Securing authentication
• Storage and full disk encryption
• Control Folder Access
• Application Guard
Module 7: Securing the Communication Channel Approach
In some organizations there is no strict architecture design defined. Especially in modern approach where most of the services are Cloud-based. This module will focus on systems communication channel rather than systems placement or role in the organization. This method is best for smaller companies as well as organizations which are in the transition phase or are changing significantly its structure.
• Implementing tunneling
• Designing secure access
• Sniffing the network techniques
• The meaning of partitioning the network
• Ensuring confidentiality with encryption
• Searching for rogue servers
• Securing networking services
• Limiting the impact of common attacks
COURSE OBJECTIVE:
After you complete this course you will be able to:
• Analyze emerging trends in attacks
• Identify areas of vulnerability within your organization
• Prepare a risk assessment for your organization
• Report and recommend countermeasures
• Develop a threat management plan for your organization
FOLLOW ON COURSES:
Not available. Please contact.