Course Overview:

This hands-on course provides an intensive overview of fundamental UNIX commands that are common to all flavors of UNIX, but the focus is on RedHat. At the end of this course students will have a firm grasp of how the UNIX operating system works, how to accomplish powerful functions using multiple commands & most importantly of all, how to think UNIX. With the skills gained in this course, students can move on to RedHat System Administration I or Linux System Admnistration I.

Attendees of TN-125: Introduction to UNIX and Linux will receive course materials and expert Instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Unix Overview
  • Introduction to the UNIX command Line
  • Managing and controlling access to files
  • Batch Scripting and tools
  • Regular Expressions, Pipelines, and IO Redirection
  • Text File Manipulation
  • Basic Network Commands
  • Managing Unix Processes
  • GNOME Graphical Desktop

Prerequisites:

  • Basic Knowledge of Computers

Comments

Latest comments from students



User: trkdashin

Instructor comments: Very knowledgeable

Facilities comments: Nice Hotel


 

Liked the class?  Then let everyone know!

Over twenty years experience in the area of Solaris, Linux, and Unix ensures that you are benefiting from a very mature and successful Solaris, Linux, and Unix training program.  TechNow offers the full suite of Solaris, Linux, and Unix courses utilizing real hardware.  This is not virtualized Solaris on Intel processors, or remote connection to a distant system.  The student learns to deal with real hardware taking advantage of Sparc T series processors. Solaris 10 and Solaris 11 is taught hands-on with data center skills as the focus.  We also offer Solaris 10 migration courses to Solaris 10 or Solaris 11.

The following is a list of our Unix/Linux training courses:

in   

Course Overview:

This CEH course will immerse you into a “Hacker Mindset” in order to teach you how to think like a hacker and better defend against future attacks. Students are in the driver’s seat with a hands-on training environment employing a systematic ethical hacking process. All while teaching students how to scan, test, hack, and secure target systems. CEH shows how hackers think and act maliciously so you can learn to better position your organization’s security infrastructure and defend against future attacks.

This CEH course covers the Five Phases of Ethical Hacking, diving into Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.

This CEH course delivers in-demand ethical hacking skills while preparing you for the internationally-recognized Certified Ethical Hacker (CEH) certification exam (312-50) from EC-Council.

This course supports a certification that is DoD approved 8570 Baseline Certificate and meets DoD 8140/8570 training requirements.

What’s Included:

  • EC-Council official E-Courseware
  • EC-Council official iLabs code with access for 6 months
  • EC-Council official Certificate of Attendance
  • CEH Exam Voucher

 

Security Course Flow
Document Flow Chart iconsm

Dates/Locations:

No Events

Duration: 5 Days

Course Content:

  • Module 01. Introduction to Ethical Hacking
  • Module 02. Foot-printing and Reconnaissance
  • Module 03. Scanning Networks
  • Module 04. Enumeration
  • Module 05. Vulnerable Analysis
  • Module 06. System Hacking
  • Module 07. Malware Threats
  • Module 08. Sniffing
  • Module 09. Social Engineering
  • Module 10. Denial-of-Service
  • Module 11. Session Hijacking
  • Module 12. Evading IDS,Firewalls, and Honeypots
  • Module 13. Hacking Web Servers
  • Module 14. Hacking Web Applications
  • Module 15. SQL Injection
  • Module 16. Hacking Wireless Networks
  • Module 17. Hacking Mobile Platforms
  • Module 18. IoT and OT Hacking
  • Module 19. Cloud Computing
  • Module 20. Cryptography

 

Prerequisites:

  • Windows operating system and/or Linux operating system or other Unix-based OS
  • TCP/IP protocols and implementation
  • At least 2 years of IT security experience
  • TN-325:Security+

Target Audience:

Information Security Analyst/Administrator, Information Assurance (IA) Security Officer, Information Security Manager/Specialist, Auditors, Security Professional, Site Admins, Penetration Testers, Red Team,Risk/Threat/Vulnerability Analyst, Individuals concerned about the integrity of network infrastructure

 

About us:

TechNow has taught security courses for almost 30 years, before most certifications existed and has successfully moved students through certification programs associated with IAPP, SANS, EC-Council and ISC2. Our instructor maintains over a dozen security certifications and has been the director of a company with internationals sales in security training, consulting, and compliance.

Tech Now, Inc. is an accredited Training Center with Ec-Council.

Comments

Latest comments from students


Liked the class?  Then let everyone know!

TechNow’s GSA Contract

Learn how TechNow can help you achieve your career and education goals with the information below or contact a Training Advisor today at 1-800-324-2294.  To request more information via the web click here.

Information

SPECIAL NOTICE TO AGENCIES: Small Business Participation – SBA strongly supports the participation of small business concerns in the Federal Supply Schedules Program. To enhance Small Business Participation SBA policy allows agencies to include in their procurement base and goals, the dollar value of orders expected to be placed against the Federal Supply Schedules, and to report accomplishments against these goals.

For orders exceeding the micro-purchase threshold, FAR 8.404 requires agencies to consider the catalogs/price lists of at least three schedule contractors or consider reasonably available information by using the GSA Advantage!( on-line shopping service www.fss.gsa.gov. The catalog/price lists, GSA Advantage!( and the Federal Supply Service Home Page www.fss.gsa.gov contain information on a broad array of products and services offered by small business concerns.   This information should be used as a tool to assist ordering activities in meeting or exceeding established small business goals. It should also be used as a tool to assist in including small, small disadvantaged, and women-owned small businesses among those considered when selecting price lists for a best value determination. For orders exceeding the micro-purchase threshold, customers are to give preference to small business concerns when two or more items at the same delivered price will satisfy their requirement.

1. Geographic Scope of Contract:?The 48 contiguous states of the United States of America, the District of Columbia, Puerto Rico, Alaska, and Hawaii, the United Kingdom and Europe.

2. Contractor’s Ordering Address and Payment Information:

Ordering and Payment Assistance
Maria Askey,
Sales Development
14117 Jones Maltsberger Rd.
San Antonio, TX  78247
800-324-2294  Toll Free
210-733-1093  ext. 224
210-733-6032  Fax
askey.maria@technow.com

Contractors are required to accept the Government purchase card for payments equal to or less than the micro-purchase threshold for oral or written delivery orders. Government purchase cards will be acceptable for payment above the micro-purchase threshold. In addition, bank account information for wire transfer payments will be shown on the invoice.

The following telephone numbers can be used by ordering agencies to obtain technical and/or ordering assistance:

a. Ordering Assistance
Maria Askey, Sales Development
14117 Jones Maltsberger Rd.
San Antonio, TX  78247
800-324-2294 Toll Free
210-733-1093 ext. 224
210-733-6032  Fax
askey.maria@technow.com  

b. Technical Assistance
David Askey
14117 Jones Maltsberger
San Antonio, TX  78247
800-324-2294 Toll Free
210-733-1093 Local
210-733-6032  Fax
askey.davidr@technow.com

3. LIABILITY FOR INJURY OR DAMAGE: The Contractor shall not be liable for any injury to Government personnel or damage to Government property arising from the use of equipment maintained by the Contractor, unless such injury or damage is due to the fault or negligence of the Contractor.

4. Statistical Data for Government Ordering Office Completion of Standard   Form 279:

Block 9:G.Order/Modification
Under Federal Schedule
Block 16: Data Universal Numbering System
(DUNS) Number:   624661591
Block 30: Type of Contractor –  A. Small Disadvantaged Business
Block 31: Woman-Owned Small Business – Yes
Block 36: Contractor’s Taxpayer ID -(TIN):  74-2573500
a. CAGE Code: 0R9N0
b. Contractor has registered with the Central
Contractor Registration  Database.

5. FOB Destination

6. DELIVERY SCHEDULE

a. TIME OF DELIVERY: The Contractor shall deliver   to destination within the number of calendar days after receipt of order (ARO), as set forth below:
SPECIAL ITEM NUMBER  – 132-50

DELIVERY TIME (Days ARO)

For courses at client site, as mutually agreed, for courses at contractor site, per training schedule.

b. URGENT REQUIREMENTS: When the Federal Supply Schedule contract delivery period does not meet the bona fide urgent delivery requirements of an ordering agency, agencies are encouraged, if time permits, to contact the Contractor for the purpose of obtaining accelerated delivery. The Contractor shall reply to the inquiry within 3 workdays after receipt. (Telephonic replies shall be confirmed by the Contractor in writing.) If the Contractor offers an accelerated delivery time acceptable to the ordering agency, any order(s) placed pursuant to the agreed upon accelerated delivery time frame shall be delivered within this shorter delivery time and in accordance with all other terms and conditions of the contract.

7. Discounts: Prices shown are NET Prices; Basic Discounts have been deducted.

a. Prompt Payment: _1_% – _29_ days from receipt of invoice or   date of acceptance, whichever is later.
b. Quantity-None.
c. Dollar Volume-None.
d. Government Educational Institutions- Government – Educational Institutions are offered the same discounts as all other Government customers.
e. Other-20% discount from commercial prices.

8. Trade Agreements Act of 1979, as amended:?All items are U.S. made end products, designated country end products, Caribbean Basin country end products, Canadian end products, or Mexican end products as defined in the Trade Agreements Act of 1979, as amended.

9. Statement Concerning Availability of Export Packing: Export packing will be provided when required.

10. Small Requirements: The minimum dollar value of orders to be issued is  $no limit.

11. Maximum Order (All dollar amounts are exclusive of any discount for prompt payment.)

a. The Maximum Order value for the following Special Item Numbers (SINs) is $25,000:?Special Item Number 132-50 – Training Courses

12. USE OF FEDERAL SUPPLY SERVICE INFORMATION TECHNOLOGY SCHEDULE CONTRACTS. In accordance with FAR 8.404:[NOTE: Special ordering procedures have been established for Special Item Numbers (SINs) 132-51 IT Professional Services and 132-52 EC Services; refer to the terms and conditions for those SINs.]

Orders placed pursuant to a Multiple Award Schedule (MAS), using the procedures in FAR 8.404, are considered to be issued pursuant to full and open competition. Therefore, when placing orders under Federal Supply Schedules, ordering offices need not seek further competition, synopsize the requirement, make a separate determination of fair and reasonable pricing, or consider small business set-asides in accordance with subpart 19.5. GSA has already determined the prices of items under schedule contracts to be fair and reasonable. By placing an order against a schedule using the procedures outlined below, the ordering office has concluded that the order represents the best value and results in the lowest overall cost alternative (considering price, special features, administrative costs, etc.) to meet the Government’s needs.

a. Orders placed at or below the micro-purchase threshold. Ordering offices can place orders at or below the micro-purchase threshold with any Federal Supply Schedule Contractor.

b. Orders exceeding the micro-purchase threshold but not exceeding the maximum order threshold. Orders should be placed with the Schedule Contractor that can provide the supply or service that represents the best value. Before placing an order, ordering offices should consider reasonably available information about the supply or service offered under MAS contracts by using the “GSA Advantage!” on-line shopping service, or by reviewing the catalogs/price lists of at least three Schedule Contractors and selecting the delivery and other options available under the schedule that meets the agency’s needs. In selecting the supply or service representing the best value, the ordering office may consider–

(1) Special features of the supply or service that are required in effective program performance and that are not provided by a comparable supply or service;
(2) Trade-in considerations;
(3) Probable life of the item selected as compared with that of a comparable item;
(4) Warranty considerations;
(5) Maintenance availability;
(6) Past performance; and
(7) Environmental and energy efficiency considerations.

c. Orders exceeding the maximum order threshold. Each schedule contract has an established maximum order threshold. This threshold represents the point where it is advantageous for the ordering office to seek a price reduction. In addition to following the procedures in paragraph b, above, and before placing an order that exceeds the maximum order threshold, ordering offices shall– ?       Review additional Schedule Contractors’

(1) catalogs/price lists or use the “GSA Advantage!” on-line shopping service;
(2) Based upon the initial evaluation, generally seek price reductions from the Schedule Contractor(s) appearing to provide the best value (considering price and other factors); and
(3) After price reductions have been sought, place the order with the Schedule Contractor that provides the best value and results in the lowest overall cost alternative. If further price reductions are not offered, an order may still be placed, if the ordering office determines that it is appropriate.

NOTE: For orders exceeding the maximum order threshold, the Contractor may:

(1) Offer a new lower price for this requirement (the Price Reductions clause is not applicable to orders placed over the maximum order in FAR 52.216-19 Order Limitations);
(2) Offer the lowest price available under the contract; or
(3) Decline the order (orders must be returned in accordance with FAR 52.216-19).

d. Blanket purchase agreements (BPAs). The establishment of Federal Supply Schedule BPAs is permitted when following the ordering procedures in FAR 8.404. All schedule contracts contain BPA provisions. Ordering offices may use BPAs to establish accounts with Contractors to fill recurring requirements. BPAs should address the frequency of ordering and invoicing, discounts, and delivery locations and times.

e. Price reductions. In addition to the circumstances outlined in paragraph c, above, there may be instances when ordering offices will find it advantageous to request a price reduction. For example, when the ordering office finds a schedule supply or service elsewhere at a lower price or when a BPA is being established to fill recurring requirements, requesting a price reduction could be advantageous. The potential volume of orders under these agreements, regardless of the size of the individual order, may offer the ordering office the opportunity to secure greater discounts. Schedule Contractors are not required to pass on to all schedule users a price reduction extended only to an individual agency for a specific order.

f. Small business. For orders exceeding the micro-purchase threshold, ordering offices should give preference to the items of small business concerns when two or more items at the same delivered price will satisfy the requirement.

g. Documentation. Orders should be documented, at a minimum, by identifying the Contractor the item was purchased from, the item purchased, and the amount paid. If an agency requirement in excess of the micro-purchase threshold is defined so as to require a particular brand name, product, or feature of a product peculiar to one manufacturer, thereby precluding consideration of a product manufactured by another company, the ordering office shall include an explanation in the file as to why the particular brand name, product, or feature is essential to satisfy the agency’s needs.

13. FEDERAL INFORMATION TECHNOLOGY/TELECOMMUNICATION STANDARDS REQUIREMENTS: Federal departments and agencies acquiring products from this Schedule must comply with the provisions of the Federal Standards Program, as appropriate (reference: NIST Federal Standards Index). Inquiries to determine whether or not specific products listed herein comply with Federal Information Processing Standards (FIPS) or Federal Telecommunication Standards (FED-STDS), which are cited by ordering offices, shall be responded to promptly by the Contractor.

FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATIONS (FIPS PUBS): Information Technology products under this Schedule that do not conform to Federal Information Processing Standards (FIPS) should not be acquired unless a waiver has been granted in accordance with the applicable “FIPS Publication.” Federal Information Processing Standards Publications (FIPS PUBS) are issued by the U.S. Department of Commerce, National Institute of Standards and Technology (NIST), pursuant to National Security Act. Information concerning their availability and applicability should be obtained from the National Technical Information Service (NTIS), 5285 Port Royal Road, Springfield, Virginia 22161. FIPS PUBS include voluntary standards when these are adopted for Federal use. ??Individual orders for FIPS PUBS should be referred to the NTIS Sales Office, and orders for subscription service should be referred to the NTIS Subscription Officer, both at the above address, or telephone number (703) 487-4650.

13.2 FEDERAL TELECOMMUNICATION STANDARDS (FED-STDS): Telecommunication products under this Schedule that do not conform to Federal Telecommunication Standards (FED-STDS) should not be acquired unless a waiver has been granted in accordance with the applicable “FED-STD.” Federal Telecommunication Standards are issued by the U.S. Department of Commerce, National Institute of Standards and Technology (NIST), pursuant to National Security Act. Ordering information and information concerning the availability of FED-STDS should be obtained from the GSA, Federal Supply Service, Specification Section, 470 East L’Enfant Plaza, Suite 8100, SW, Washington, DC 20407, telephone number (202)619-8925. Please include a self-addressed mailing label when requesting information by mail. Information concerning their applicability can be obtained by writing or calling the U.S. Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone number (301) 975-2833.

14. SECURITY REQUIREMENTS. In the event security requirements are necessary, the ordering activities may incorporate, in their delivery orders, a security clause in accordance with current laws, regulations, and individual agency policy; however, the burden of administering the security requirements shall be with the ordering agency. If any costs are incurred as a result of the inclusion of security requirements, such costs will not exceed ten percent (10%) or $100,000, of the total dollar value of the order, whichever is less.

15. CONTRACT ADMINISTRATION FOR ORDERING OFFICES: Any ordering office, with respect to any one or more delivery orders placed by it under this contract, may exercise the same rights of termination as might the GSA Contracting Officer under provisions of FAR 52.212-4, paragraphs (l) Termination for the Government’s convenience, and (m) Termination for Cause (See C.1.)

16. GSA Advantage! GSA Advantage! is an on-line, interactive electronic information and ordering system that provides on-line access to vendors’ schedule prices with ordering information. GSA Advantage! will allow the user to perform various searches across all contracts including, but not limited to:

(1) Manufacturer;
(2) Manufacturer’s Part Number; and
(3) Product categories.

Agencies can browse GSA Advantage! by accessing the Internet World Wide Web utilizing a browser (ex.: NetScape). The Internet address is http://www.fss.gsa.gov/

17. PURCHASE OF INCIDENTAL, NON-SCHEDULE ITEMS:

For administrative convenience, open market (non-contract) items may be added to a Federal Supply Schedule Blanket Purchase Agreement (BPA) or an individual order, provided that the items are clearly labeled as such on the order, all applicable regulations have been followed, and price reasonableness has been determined by the ordering activity for the open market (non-contract) items.

18. CONTRACTOR COMMITMENTS, WARRANTIES AND REPRESENTATIONS

a. For the purpose of this contract, commitments, warranties and representations include, in addition to those agreed to for the entire schedule contract:

(1) Time of delivery/installation quotations for individual orders;
(2) Technical representations and/or warranties of products concerning performance, total system performance and/or configuration, physical, design and/or functional characteristics and capabilities of a product/equipment/ service/software package submitted in response to requirements which result in orders under this schedule contract.
(3) Any representations and/or warranties concerning the products made in any literature, description, drawings and/or specifications furnished by the Contractor.

b. The above is not intended to encompass items not currently covered by the GSA Schedule contract.

19. OVERSEAS ACTIVITIES?The terms and conditions of this contract shall apply to all orders for installation, maintenance and repair of equipment in areas listed in the price list outside the 48 contiguous states and the District of Columbia, except as indicated below: Not applicable-equipment is not offered.???Upon request of the Contractor, the Government may provide the Contractor with logistics support, as available, in accordance with all applicable Government regulations. Such Government support will be provided on a reimbursable basis, and will only be provided to the Contractor’s technical personnel whose services are exclusively required for the fulfillment of the terms and conditions of this contract.

20. YEAR 2000 WARRANTY-COMMERCIAL SUPPLY ITEMS

a. As used in this clause, “Year 2000 compliant” means, with respect to information technology, that the information technology accurately processes date/time data (including, but not limited to, calculating, comparing and sequencing) from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000, and leap year calculations, to the extent that other information technology used in combination with the information technology being acquired, properly exchanges date/time data with it.

b. The Contractor shall warrant that each hardware, software, and firmware product delivered under this contract shall be able to accurately process date time data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the twentieth and twenty-first centuries, including leap year calculations, when used in accordance with the product documentation provided by the Contractor, provided that all products (e.g. hardware, software, firmware) used in combination with products properly exchange date time data with it. If the contract requires that specific listed products must perform as a system in accordance with the foregoing warranty, then that warranty shall apply to those products as a system. The duration of this warranty and the remedies available under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the Contractor in writing within ninety (90) days after acceptance (installation is considered acceptance). The Contractor may offer an extended warranty to the Government to include repair or replacement of any product whose non-compliance is discovered and made known to the Contractor in writing at any time prior to June 1, 2000, or for a period of 6 months following acceptance (installation is considered acceptance) whichever is later. Nothing in this warranty shall be construed to limit any rights or remedies the Government may otherwise have under this contract with respect to defects other than Year 2000 performance.

21. BLANKET PURCHASE AGREEMENTS (BPAs)?Federal Acquisition Regulation (FAR) 13.303-1(a) defines Blanket Purchase Agreements (BPAs) as “…a simplified method of filling anticipated repetitive needs for supplies or services by establishing ‘charge accounts’ with qualified sources of supply.” The use of Blanket Purchase Agreements under the Federal Supply Schedule Program is authorized in accordance with FAR 13.303-2(c)(3), which reads, in part, as follows:

“BPAs may be established with Federal Supply Schedule Contractors, if not inconsistent with the terms of the applicable schedule contract.”

Federal Supply Schedule contracts contain BPA provisions to enable schedule users to maximize their administrative and purchasing savings. This feature permits schedule users to set up “accounts” with Schedule Contractors to fill recurring requirements. These accounts establish a period for the BPA and generally address issues such as the frequency of ordering and invoicing, authorized callers, discounts, delivery locations and times. Agencies may qualify for the best quantity/volume discounts available under the contract, based on the potential volume of business that may be generated through such an agreement, regardless of the size of the individual orders. In addition, agencies may be able to secure a discount higher ?than that available in the contract based on the aggregate volume of business possible under a BPA. Finally, Contractors may be open to a progressive type of discounting where the discount would increase once the sales accumulated under the BPA reach certain prescribed levels. Use of a BPA may be particularly useful with the new Maximum Order feature. See the Suggested Format, contained in this Schedule Price List, for customers to consider when using this purchasing tool.

22. CONTRACTOR TEAM ARRANGEMENTS?Contractors participating in contractor team arrangements must abide by all terms and conditions of their respective contracts. This includes compliance with Clauses 552.238-74, Contractor’s Reports of Sales and 552.238-76, Industrial Funding Fee, i.e., each contractor (team member) must report sales and remit the IFF for all products and services provided under its individual contract.

in   
 

Course Overview:

TN-575: Open Source Network Security Monitoring teaches students how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. No network is bullet proof and when attackers access your network, this course will show you how to build a security net to detect, contain, and control the attacker. Sensitive data can be monitored and deep packet and deep attachment analysis can be achieved. As organizations stand up a Security Operations Center (SOC) the enterprise NSM is the key ingredient to that SOC. This course not only teaches how to implement an NSM technologically, but how to effectively monitor an enterprise operationally. You will learn how to architect an NSM solution: where to deploy your NSM platforms and how to size them, stand-alone or distributed, and integration into packet analysis, interpret evidence, and integrate threat intelligence from external sources to identify sophisticated attackers. A properly implemented NSM is integral to incident response and provides the responders timely information to react to the incident. TN-575: Open Source Network Security Monitoring is a lab intensive environment with a cyber range that gives each student in-depth knowledge and practical experience monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls.

Attendees to TN-575: Open Source Network Security Monitoring class will receive TechNow approved course materials and expert instruction.

This Course is taught utilizing Security Onion or RockNSM as specified by the customer.

Dates/Locations:

No Events

Duration: 5 Days

Course Objective:

The focus of this course is to present a suite of Open Source security products integrated into a highly functional and scalable Network Security Monitoring solution.

Prerequisites:

Students should have a basic understanding of networks, TCP/IP and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required

Course Outline:

  • Network Security Monitoring (NSM) Methodology
  • High Bandwidth Packet Capture Challenges
  • Installation of Security Onion
    • Use Cases (analysis, lab, stand-alone, distributed)
    • Resource Requirements
  • Configuration
    • Setup Phase I – Network Configuration
    • Setup Phase 2 – Service Configuration
    • Evaluation Mode vs. Configuration Mode
    • Verifying Services
  • Security Onion Architecture
    • Configuration Files and Folders
    • Network Interfaces
    • Docker Environment
    • Security Onion Containers
  • Overview of Security Onion Analyst Tools
    • Kibana
    • CapME
    • CyberChef
    • Squert
    • Sguil
    • NetworkMiner
  • Quick Review of Wireshark and Packet Analysis
    • Display and Capture Filters
    • Analyze and Statistics Menu Options
    • Analysis for Signatures
  • Analyzing Alerts
    • Replaying Traffic
    • 3 Primary Interfaces:
      • Squert
      • Sguil
      • Kibana
    • Pivoting Between Interfaces
    • Pivoting to Full Packet Capture
  • Snort and Surricata
    • Rule Syntax and Construction
    • Implementing Custom Rules
    • Implementing Whitelists and Blacklists
  • Hunting
    • Using Kibana to Slice and Dice Logs
    • Hunting Workflow with Kibana
  • Bro
    • Introduction and Overview
      • Architecture, Commands
    • Understanding and Examining Bro Logs
      • Using AWK, sort, uniq, and bro-cut
    • Working with traces/PCAPs
    • Bro Scripts Overview
      • Loading and Using Scripts
    • Bro Frameworks Overview
      • Bro File Analysis Framework FAF
    • Using Bro scripts to carve out more than files
  • RockNSM ( * If Applicable)
    •  Kafka
      • Installation and Configuration
      • Kafka Messaging
      • Brokers
      • Integration with Bro and FSF
    • File Scanning Framework FSF
      • Custom YARA Signatures
      • JSON Trees
      • Sub-Object Recursion
      • Bro and Suricata Integration
  • Elastic Stack
    • Adding new data sources in Logstash
    • Enriching data with Logstash
    • Automating with Elastalert
    • Building new Kibana dashboards
  • Production Deployment
    • Advanced Setup
    • Master vs Sensor
    • Node Types – Master, Forward, Heavy, Storage
    • Command Line Setup with sosetup.conf
    • Architectural Recommendations
    • Sensor Placement
    • Hardening
    • Administration
    • Maintenance
  • Tuning
    • Using PulledPork to Disable Rules
    • BPF’s to Filter Traffic
    • Spinning up Additional Snort / Suricata / Bro Workers to Handle Higher Traffic Loads

Comments

Latest comments from students


 

Liked the class?  Then let everyone know!