Course Overview:

This course delivers the technical knowledge, insight, and hands-on training to receive in-depth knowledge on Wireshark® and TCP/IP communications analysis. You will learn to use Wireshark to identify the most common causes of performance problems in TCP/IP communications. You will learn about the underlying theory of TCP/IP and the most used application protocols, so that you can intelligently examine network traffic for performance issues or possible Indicators of Compromise (IoC).

Duration: 5 Days

Audience:

Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, and security analysts.

Course Prerequisites:

We recommend that attendees of this course have the following prerequisite:
• Network+

Dates/Locations: No Events

Course Outline:

DAY ONE

Course Set Up and Analyzer Testing

Network Analysis Overview
Wireshark Functionality Overview
Capturing Wired and Wireless Traffic
Define Global and Personal Preferences for Faster Analysis
Defined Time Values and Interpret Summaries
Interpret Basic Trace File Statistics to Identify Trends
Create and Apply Display Filters for Efficient Analysis

DAY TWO

Follow Streams and Reassemble Data
Use Wireshark’s Expert System to Identify Anomalies
TCP/IP Analysis Overview
Analyze Common TCP/IP Traffic Patterns

DAY THREE

Graph I/O Rates and TCP Trends
802.11 (WLAN) Analysis Fundamentals
Voice over IP (VoIP) Analysis Fundamentals
Network Forensics Fundamentals

DAY FOUR

Detect Scanning and Discovery Processes
Analyze Suspect Traffic

DAY FIVE

Use Command‐Line Tools

Next/Related Courses:

 

 

Course Overview:

The Implementing Cisco Enterprise Wireless Networks (ENWLSI) course gives you the knowledge and skills needed to create a secure wireless network infrastructure and troubleshoot any related issues. You’ll learn how to implement and fortify a wireless network infrastructure using Cisco Identity Service Engine (ISE), Cisco Prime Infrastructure (PI), and Cisco Connect Mobile Experience to monitor and troubleshoot network issues.

Attendees to N-515: Implementing Cisco Enterprise Wireless Network (ENWLSI) will receive TechNow approved course materials, expert instruction, and prepare you to take the 300-430 Implementing Cisco Enterprise Wireless Networks (ENWLSI) exam, which is part of the CCNP® Enterprise certification and the Cisco Certified Specialist – Enterprise Wireless Implementation certification.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • Implement network settings to provide a secure wireless network infrastructure
  • Implement a secure wireless client and troubleshoot wireless client connectivity issues
  • Implement and troubleshoot QoS in wireless networks
  • Implement and troubleshoot advanced capabilities in wireless network services

Prerequisites:

 

Comments

Latest comments from students


Liked the class?  Then let everyone know!

 

Course Overview:

CT-395: CompTIA CySA+ Cybersecurity Analyst is for IT professionals looking to gain IT security analyst skills, and for those following the recommended skills pathway to achieve cybersecurity mastery. It provides a bridge between CompTIA Security+ (CT-325) and CompTIA Advanced Security Practitioner (CASP,CT-425), thus completing a certification path within the CompTIA family of certifications. As attackers have learned to evade traditional signature-based solutions, an analytics-based approach has become extremely important. CySA+ applies behavioral analytics to the IT security market to improve the overall state of security. The CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful candidates have the knowledge and skills required to configure and use threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization, with the end goal of securing and protecting applications and systems within an organization. Let us help you bridge this gap, and leave you prepared for the certification exam (CS0-002).

TechNow is a CompTIA partner uses official CompTIA CySA+ curriculum.

Dates/Locations:

Date/Time Event
12/02/2024 - 12/06/2024
08:00 -16:00
CT-395: CYSA+
TechNow, Inc, San Antonio TX

Duration: 5 Days

Course Objectives:

  • Threat Management
  • Vulnerability Management
  • Cyber Incident Response
  • Security Architecture and Tool Sets

Prerequisites: 

While there is no required prerequisite, the CompTIA CySA+ certification is intended to follow CT-325: Security+ or equivalent experience.  It is recommended for CompTIA CySA+ candidates to have the following:

  • 3-4 years of hands-on information security or related experience
  • Network+, Security+, or equivalent knowledge.

Comments

Latest comments from students


 

Liked the class?  Then let everyone know!

Course Overview:

PowerShell is made for Security Operations (SecOps) automation on Windows. SecOps requires automation in order to scale out security changes and monitoring beyond a handful of hosts. For example, when a vulnerability must be remediated but there is no patch for it yet, automation is needed to quickly and consistently enact the changes necessary. PowerShell “remoting” is encrypted remote command execution of PowerShell scripts in a way that can scale to thousands of endpoints and servers.

Imagine being able to hunt for indicators of compromise across thousands of machines with just a few lines of PowerShell code. Or imagine having the local Administrator account password reset every night on thousands of endpoints in a secure way, and being able to retrieve that password securely too.

We will show you to do these tasks and more. Transcription logging for forensics, strong encryption code signing, application whitelisting of scripts, IPSec port control, and Just Enough Admin (JEA).

As more and more of our systems are moved up to the cloud, PowerShell will become even more important. Amazon Web Services, Microsoft Azure, Office 365, Hyper-V and VMware already support PowerShell administration for many tasks.

Attendees to TN-965: Windows Security Automation with PowerShell will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Intended Audience
This course is intended for IT Professionals already experienced in general Windows Server and Windows Client administration or already experienced in administering and supporting Application servers and services including applications like Exchange, SharePoint, and SQL. It is broadly intended for students who want to use Windows PowerShell to automate administrative tasks from the command line, using any Microsoft or independent software vendor (ISV) product that supports Windows PowerShell manageability.

Course Objectives:

PowerShell Overview and Tips

    • Getting started running commands
    • Using and updating the built-in help
    • Execution policies
    • Fun tricks with the ISE graphical editor
    • Piping .NET and COM objects, not text
    • Using properties and methods of objects
    • Helping Linux admins feel more at home
    • Aliases, cmdlets, functions, modules, etc.
    • Customizing your profile script

What Can We Do With PowerShell

    • PowerShell remote command execution
    • Fan-out remoting and security
    • File copy via PowerShell remoting
    • Capturing the output of commands
    • Parsing text files and logs with regex patterns
    • Searching remote event logs faster with XPath
    • Mounting the registry as a drive
    • Exporting data to CSV, HTML and JSON files
    • Parsing and mining nmap port scanner XML output
    • Running scripts as scheduled jobs
    • Pushing out scripts through Group Policy
    • Importing modules and dot-sourcing functions
    • http://www.PowerShellGallery.com

Write your own scripts

    • Writing your own functions
    • Passing arguments into your scripts
    • Function parameters and returning output
    • Flow control: if-then, do-while, foreach, switch
    • The .NET Framework class library: a playground
    • How to pipe data in/out of your scripts

Continuous Secure Configuration Enforcement

    • How to use Group Policy and PowerShell together
    • Automate with INF security templates
    • How to customize INF templates
    • Microsoft Security Compliance Manager (SCM)
    • SECEDIT.EXE scripting
    • Building an in-house security repository for SecOps/DevOps
    • NSA’s Secure Host Baseline GPOs

Group Policy Precision Targeting

    • Managing Group Policy Objects (GPOs) with PowerShell
    • LSDOU, Block Inheritance, Enforced GPOs
    • Group Policy permissions for targeting changes
    • ADMX templates for mass registry editing
    • Deploying PowerShell startup and logon scripts
    • WMI item-level targeting of GPO preferences
    • GPO scheduled tasks to run PowerShell scripts
    • Remote command execution via GPO (not remoting)
    • Empowering the Hunt Team to fight back!

Server Hardening for SecOps/DevOps

    • Server Manager scripting with PowerShell
    • Adding and removing roles and feature
    • Remotely inventory roles, features, and apps
    • Why Server Nano or Server Core
    • Running PowerShell automatically after service failure
    • Service account identities, passwords, and risks
    • Tools to reset service account passwords securely

PowerShell Desired State Configuration (DSC)

    • DSC is Configuration Management built in for free
    • Using DSC for continuous reinforcement of settings
    • Writing your own DSC configuration scripts
    • Free DSC resource modules: www.PowerShellGallery.com
    • How to push DSC configurations to many targets
    • DSC background job processing in push mode
    • Examples: sync files, install roles, manage groups
    • Auditing a remote target against a DSC MOF template
    • “ApplyAndAutoCorrect” mode for continuous enforcement

PowerShell Just Enough Admin (JEA)

    • JEA is Windows sudo, like on Linux
    • JEA is Windows setuid root, like on Linux
    • Restricting commands and arguments
    • Verbose transcription logging
    • How to set up and configure JEA
    • Privilege Access Workstations (PAWs)

PowerShell and WMI

    • Windows Management Instrumentation (WMI) service
    • What is WMI and why do hackers abuse it so much?
    • Using PowerShell to query WMI CIM classes
    • WMI authentication and traffic encryption
    • Inventory operating system versions and installed software
    • WMI remote command execution versus PowerShell remoting
    • PowerShell security best practices
    • PowerShell transcription logging to catch hackers

Prerequisites:

  • Previous Windows Server and Windows Client management knowledge and hands on experience.
    Experience installing and configuring Windows Server into existing enterprise environments, or as standalone installations.
  • Knowledge and experience of network adapter configuration, basic Active Directory user administration, and basic disk configuration.
  • Knowledge and hands on experience specifically with Windows Server 2012/Windows Server 2012 R2 and Windows 8/Windows 8.1 would be of benefit but is not essential.

Comments

Latest comments from students


Liked the class?  Then let everyone know!

  

 

Course Overview:  PA-242: Palo Alto Networks Firewall Manage Cyberthreats (EDU-231) Training Class is a two-day course that teaches students strategies in defense against cyberthreats.  Successful completion of this course enables administrators to better understand the threat landscape.  This is not a virtualized theoretical course.  This is hands-on, real world instruction, directly relevant to the DoD and Commercial implementations of Palo Alto Networks next-generation firewalls.

Each student is issued a physical Palo Alto firewall and a Cisco layer 3 switch at their desk.  Real hardware per student for real experience and real skill development.  TechNow provides a very comprehensive client infrastructure that includes Windows, Linux, and multiple packet sniffer agents.

The instructor for this course has been a lead in Unix kernel development to implement firewall and intrusion detection technologies.  Additionally, the instructor has taught several security appliance products and carries several SANS, ISC2, ISACA, Cisco, Unix, and Windows certifications.

Attendees to the PA-242: Palo Alto Networks Firewall Manaage Cyberthreats  (EDU-231) Training Course will receive TechNow approved course materials and expert instruction.

Dates/Locations: No Events

Duration: 2 days

Course Objectives:   Students attending this training course will gain an understanding of cyberthreats and their characteristics.  Students will learn how to manage cyberthreats using security policies, profiles, and signatures to protect their network against emerging threats.

Day 1

  • Mod 1: Threat Landscape
    • Advanced Persistent
    • Threats
    • Data Breaches and Tactics
    • Threat Management
    • Strategies
  • Mod 2: Integrated
    • Approach to Threat
    • Protection
    • Integrated Approach to
    • Protection
    • Next-Generation Firewall
    • Advanced Endpoint
    • Protection
  • Mod 3: Network Visibility
    • Zero Trust Model
    • SSL Decryption
    • Decryption Policy
  • Mod 4: Reducing the Attack
    • Surf
    • ection

 

Day 2

  • Mod 5: Handling Known
    • Threats
    • WildFire Analysis
    • Security Profiles
  • Mod 6: Handling Unknown
    • Traffic and Zero-Day Exploits
    • WildFire
    • Researching Threat Events
    • Identifying Unknown
    • Applications
  • Mod 7: Investigating
    • Breaches
    • Identify IOCs Using
    • App-Scope
    • Log Correlation
    • Finding Infected Host
  • Mod 8: Using Custom
    • Signatures
    • Creating Custom App-IDs
    • Threat Signatures

A

Prerequisites:

  • Students must complete the PA-213: Install, Configure, and Manage course
  • Understanding of network concepts, including routing, switching, and IP addressing
  • In-depth knowledge of port-based security and security technologies such as IPS, proxy, and content filtering

This course is in no way associated with Palo Alto Networks, Inc.

Comments

Latest comments from students


Like the class?  Then let everyone know!