Class Details

This course will introduce attacks that completely compromises systems and networks, once you have done this you will design defensive mechanisms to either prevent the attack or isolate it when prevention is not possible.

Read more about the course content in the outline below. 

Course Outline

Module 1: Challenges of Vulnerability Management

  • Selecting a stance on risk
  • The impossible task of tracking vulnerabilities
  • The patch system is broken 
  • Conducting self assessment
  • Essential vulnerability steps
    • Sites of interest
    • Analysis of attack surface
    • System hardening
  • XCCDF and OVAL 

LAB: Hardening Systems

  • In this lab the method of using the security compliance manager to reduce the attack surface will be reviewed. The process for mitigating the attacks with the basic fundamentals of defense and how to configure simple application whitelisting techniques.

Module 2: Emerging Threats and Advanced Attacks

  • Mobile
  • Critical Infrastructure
  • Social
  • Malware 
  • Data Loss 

LAB: Emerging Threats

  • In this lab, the student will research the latest threats and attacks to include Advanced Persistent Threat (APT), Mobile and Hacking the Human.

Module 3: Essentials of Defense

  • Perimeter Configuration and Security
  • Router Hardening
  • Turning off Services not Required
  • Routing Protocol Weaknesses 

LAB: Basic Filtering

  • In this lab, the students will learn best practices for ingress filtering and the RFC guidance for configuring DDOS protection, the ingress filtering will include the configuration and setup of the bogon filtering. The best practices guide with respect to an enterprise malware strategy and egress filtering will introduced 
  • Segmentation and isolation
  • Establishing security zones
  • Establishing Secure Segments within the Enterprise Architecture 

LAB: Advanced Filtering

  • In this lab, the student will configure and design network segments and establish security zones that are based on risk, the coordination and correlation of the segments to support the required services will be explored.

Module 4: Malware and Memory Analysis

  • Basic process analysis
  • Advanced process analysis

LAB: Process analysis

  • In this lab, the students will learn how to follow the hooks and handles of a process that is running on a machine, at the completion of this they will perform basic infections of memory and analyze them applying the process they have learned 
  • Rootkits
  • Analysis of live memory
  • RAM analysis

LAB: Memory analysis

  • In this lab, the student will perform live memory analysis of compromised machines and determine methods to identify the infection, they will review the strings from the process to classify what the process is being used for. The memory will be infected by rootkits and then memory images captured and analyzed to determine what happened by following a proven process and methodology.

Module 5: Proven Defense Measures

  • Success Stories - Modern filtering
  • Network segmentation and isolation
  • Internal honeypots, sinkholes and blackholes 

LAB: Modern Filtering and segmentation

  • In this lab, the student will learn the implementation to support the concepts of segmentation, isolation and security zones. The networks will be setup for sinkhole and blackhole routing. Simple honeypots will be configured to help identify any anomalous traffic that could represent an attack o Ingress o Egress o Deploying time-based access control.

LAB: Tactical Filtering

  • In this lab, the student will build a multi-segmented architecture and configure filtering and time-based access control to restrict the amount of the network segment attack surface thereby reducing the amount of risk to the network.

Module Six: Creating an External Attack Architecture

  • Establishing the layers
  • Configuring the perimeter devices
    • Router
    • Firewalls 

LAB: Configuring perimeter devices to support public services

  • In this lab, the student will configure the perimeter devices and firewalls to support an enterprise architecture and typical public services. The process of adding and implementing firewalls into a network architecture will be reviewed and practiced
  • Deploying Monitors o Intrusion Detection System (IDS) 
    • Intrusion Prevention System (IPS) 

LAB: IDS Signature Analysis and Customization

  • In this lab, the student will be introduced to the components of IDS signatures in Snort and Suricata, the concept of tuning the rules to match security zones will be explored. Students will write their own custom detection signatures for Suricata.
    • Load balancers 
    • Integrating web application firewalls 
    • Security Information and Event Management (SIEM)

LAB: SIEM

  • In this lab, the student will deploy the Security Onion tool, learn the components and event correlation capabilities of the tool to include configuration of:
    • SQUIL
    • SQERT
    • Kibana
    • Suricata

Module 7: Securing the Corporate Network and Reducing Attack Surface

  • Physical Security
  • Establishing Policy
  • Performing self-assessment
  • Selecting and applying controls
  • Monitoring 

LAB: Self Assessment

  • In this lab, the student will learn how to perform a vulnerability and risk assessment of the different network segments that they have to include the methods of mapping the attack surface and mitigating the risk of these services.

Module 8: Advanced Defensive Measures

  • Success Stories
  • Modern filtering
  • Network segmentation and isolation
  • Internal honeypots and blackholes
  • Server 2012, 2016 and 2019 enhancements
  • Linux apparmor
  • Internal honeypots 

LAB – Advanced Defense

  • In this lab, the student will create Windows Server machines and deploy advanced methods like IPsec isolation and other Windows Server security protections, the methods of mitigating the Pass the Hash attack vectors will be explored and then tested.

Module 9: Building a Complete Cyber Range and a Capture the Flag (CTF) Architecture

  • Creating the layered architecture
    • Segmenting the architecture
  • The multi-tiered CTF labyrinth
  • Integrating the decoys
    • Honeypots
    • Honeynets
    • Darknets
  • Attacking the completed range
  • Defending the completed range

LAB: Attackers and Defenders Challenge Wars

  • In this lab, the students will participate in a planning workshop where they will discuss the design of a network architecture, they will each build it then pair off and participate in different roles of Attacker and Defender and perform a series of Red and Blue team simulations at the end of the challenge, the teams will share their experiences from being the attacker and the defender.