TN-905: Cyber Threat Intelligence Analysis

 

Course Overview:

TechNow has worked worldwide enterprise infrastructures for over 30 years and has developed demos and labs to exemplify the techniques required to demonstrate technologies that effectively support CTI.  This course integrates well with our courses TN-575: Open Source Network Security Monitoring and TN-865: Wireshark Network Traffic and Security Analysis .

TechNow develops Cyber Ranges and makes them available for conferences in support of annual meetings for Cyber Threat Response Teams.  Developing scenarios and reacting to them appropriately is a big part of the value in understanding the contexts required to comprehend valuable CTI.   As with many advanced TechNow security courses, there is a large hands-on ratio.  This course helps Cyber Protection Teams (CPT), Defensive Cyber Operations (DCO), and Mission Defense Teams (MDT) to collect, analyze and apply targeted cyber intelligence to defensive operations in order to proactively act on and tune response to attacks by cyber adversaries.  CPT, DCO, and MDT can take preemptive action by utilizing CTI, understanding CTI tools, techniques and procedures (TTPs) needed to generate and consume timely and relevant intelligence to improve resilience and prevention.

This course focuses on the collection, classification, and exploitation of knowledge about adversaries and their TTPs. .  MDT puts us close the mission and helps define the internal context to be analyzed against the CTI.  TechNow pushes the student to truly understand how to think about and use CTI to make a difference.

Attendees to TN-905: Cyber Threat Intelligence Analysis will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 5 days

Course Objectives:

  • Learn to comprehend and develop complex scenarios
  • Identify and create intelligence requirements through practices such as threat modeling
  • Utilize threat modeling to drive intelligence handling and practices 
  • Breakdown tactical, operational, and strategic-level threat intelligence
  • Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
  • How to collect adversary information creating better value CTI
  • How to filter and qualify external sources, mitigating low integrity intelligence
  • Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX
  • Move security maturity past IOCs into understanding and countering the behavioral tradecraft of threats
  • Breaking down threats mapped against their tradecraft to tweak IOCs
  • Establish structured analytical techniques to be successful in any security role
  • Learn and apply structured principles in support of CTI and how to communicate that to any security role.

Course Prerequisites:

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

TN-929: Security Essentials Training Course

Course Overview:

What a great course that is slightly misnamed!  This course may be labeled Security Essentials, but covers much of the subject matter of CISSP!  This course does more than just cover the basics.  TechNow takes the time to give the student hands on labs to exemplify an objective.  Security Essentials Prep Training Course sets the foundation for your security career and sets the expectation of comprehension with more detail than Security+ and more on par with CISSP.

This course provides students skills to take courses that prepare for higher level certifications.

Attendees to TN-929: Security Essentials  Training Course will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 9 days

Course Objectives:

  • 802.11 Suite of Protocols
  • Access Control Theory
  • Alternate Network Mapping Techniques
  • Authentication and Password Management
  • Contingency Planning
  • Crypto Concepts
  • Crypto Fundamentals
  • Defense-in-Depth
  • DNS
  • Firewall Subversion
  • Firewalls
  • HIDS Overview
  • Honeypots
  • ICMP
  • IDS Overview
  • Incident Handling Fundamentals
  • Information Warfare
  • Introduction to OPSEC
  • IP Packets
  • IPS Overview
  • IPv6
  • Legal Aspects of Incident Handling
  • Linux/Unix Configuration Fundamentals
  • Linux/Unix Logging and Log Management
  • Linux/Unix OS Security Tools and Utilities
  • Linux/Unix Overview
  • Linux/Unix Patch Management
  • Linux/Unix Process and Service Management
  • Mitnick-Shimomura
  • Network Addressing
  • Network Design
  • Network Hardware
  • Network Mapping and Scanning
  • Network Plumbing
  • Network Protocol
  • NIDS
  • OverviewPhysical Security
  • Policy Framework
  • Protecting Data at Rest
  • Public Key Infrastructure
  • PKI
  • Reading Packets
  • Risk Management
  • Safety Threats
  • Securing Windows Server Services
  • Steganography
  • OverviewTCPUDP
  • Virtual Machines
  • Virtual Private Networks VPNs
  • Viruses and Malicious Code
  • VoIP
  • Vulnerability Management Overview
  • Vulnerability Scanning
  • Web Application Security
  • Windows Auditing
  • Windows Automation and Configuration
  • Windows Family of Products
  • Windows Network Security Overview
  • Windows Permissions & User Rights
  • Windows Security Templates & Group Policy
  • Windows Service Packs, Hotfixes and Backups
  • Windows Workgroups, Active Directory and Group Policy Overview
  • Wireless Overview

Prerequisites:

 

Comments

Latest comments from students

User: sjsmith2262

Instructor comments: without question, Dave Askey knows his material!!! great instructor that gave a personalized approach.

Facilities comments: class was taught in a hotel reception area, very nice, quiet and convenient for all people

User: synistry

Instructor comments: Dave was great! (as always). Wealth of knowledge and a master at customizing course content to match the education level of his students. The class kept entirely in pace with where we were at as a group overall on a day to day basis.

Facilities comments: Facilities were overall really nice. The only complaint is that the hotel / conference center had us move rooms on one occasion, and kicked us out early on two others. I would assume this is due to the last minute location change, so I don't think there is anything anyone could have done better in the situation.

Liked the class?  Then let everyone know!

C-225: C++ Object Oriented Programming

 

Course Overview:

C-225: C++ Object Oriented Programming is a hands-on course that provides a complete introduction to the ANSI Standard C++ programming language, focusing on quickly developing the practical skills needed to create real-world solutions.  Our hands-on labs are designed to promote retention and challenge students to apply their skills to new situations.

C++ is more than just C with classes.  It is a whole new language with a structure similar to C, but with significant differences to warrant a complete course to cover its features.

Attendees to C-225: C++ Oriented Programming will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • Classes
  • Casting in C++
  • Constructors & Destructors
  • Class Methods & Data
  • Inheritance
  • Overloaded Functions
  • Virtual Functions
  • Overloaded Operators
  • Pure Virtual Functions
  • Exception Handling
  • References & Constants
  • Standard Template Library
  • New and Delete
  • STL Containers

Prerequisites:

 

Comments

Latest comments from students

User: christinehejnal

Instructor comments: The material was made clear, however I don't agree that she shouldn't have catered towards the people not taking the exam.

Facilities comments: The facilities were cold and very noisy, I found it hard to concentrate.

User: mamacker1

Instructor comments: Informative instructor. Definitely not monotone. I'd recommend it to my sister if I had one.

Liked the class?  Then let everyone know!

CL-425: AWS Security Operations and Architecture

Course Overview:

This course begins by introducing you to fundamental cloud computing and AWS security concepts including AWS access control and management, governance, logging, and encryption methods. It also covers security-related compliance protocols and risk management strategies, as well as procedures related to auditing your AWS security infrastructure.

The course continues to teach students how to efficiently use AWS security services to stay secure and compliant in the AWS cloud. The course focuses on the AWS-recommended security best practices that you can implement to enhance the security of your data and systems in the cloud. The course highlights the security features of AWS key services including compute, storage, networking, and database services. This course also refers to the common security control objectives and regulatory compliance standards and examines use cases for running regulated workloads on AWS across different verticals, globally. You will also learn how to leverage AWS services and tools for automation and continuous monitoring—taking your security operations to the next level.

Attendees to CL-425: AWS Security Operations and Architecture will receive TechNow approved course materials and expert instruction.

Duration: 5 Days

Audience:
• Security engineers
• Security architects
• Security analysts
• Security auditors
• Individuals who are responsible for governing, auditing, and testing an organization’s IT infrastructure, and ensuring conformity of the infrastructure to security, risk, and compliance guidelines

DoD 8140: Not Mandated

Course Prerequisites:

We recommend that attendees of this course have the following prerequisites:
This course assumes you have the equivalent experience or have taken the AWS operational courses that are in the TechNow AWS track.
CL-415: AWS Security Operations

The above courses encapsulate prerequisite knowledge:
• Experience with governance, risk, and compliance regulations and control objectives
• Working knowledge of IT security practices
• Working knowledge of IT infrastructure concepts
• Familiarity with cloud computing concepts

Course Objectives:

This course teaches you how to:
• Identify the security and compliance benefits of using the AWS cloud.
• Discuss the AWS Shared Responsibility Model.
• Describe the access control and access management features of AWS.
• Use AWS services for security logging and monitoring.
• Describe data encryption methods to secure sensitive data.
• Describe AWS services used to protect network security.
• Describe the basic steps to ensure strong governance of your AWS resources.
• Identify AWS services used to maintain governance of control environments.
• Use the AWS audit features.
• Explain how to audit an AWS environment.
• Explain the AWS compliance and assurance programs.
• Describe how AWS audits and attestations validate that security controls are implemented and operating effectively.
• Assimilate and leverage the AWS shared security responsibility model.
• Mange user identity and access management in the AWS cloud.
• Use AWS security services such as AWS Identity and Access Management, Amazon Virtual Private Cloud, AWS Config, AWS CloudTrail, AWS Key Management Service, AWS CloudHSM, and AWS Trusted Advisor.
• Implement better security controls for your resources in the AWS cloud.
• Manage and audit your AWS resources from a security perspective.
• Monitor and log access and usage of AWS compute, storage, networking, and database services.
• Analyze events by capturing, monitoring, processing, and analyzing logs.
• Identify AWS services and tools to help automate, monitor, and manage security operations on AWS.
• Perform security incident management in the AWS cloud.
• Perform security assessments to ensure that common vulnerabilities are patched and security best practices are applied. The assessment outline deals both with AWS specifics and also lays down the workflow of NIST, FedRAMP, and Cloud Security Alliance STAR compliance for a deployed AWS solution.

Dates/Locations: No Events

Course Outline:

Day 1
• Introduction to Cloud Computing and AWS Security
• Access Control and Management
• AWS Security: Governance, Logging, and Encryption
• Compliance and Risk Management

Day 2
• Introduction to Cloud Security Course Objectives
• Security of the AWS Cloud: Entry Points, Web Application, Communications, and Incident Response.
• Cloud Aware Governance and Compliance and related control frameworks.
• Identity and Access Management
Day 3
• Securing AWS Infrastructure Services
• Securing AWS Container Services
• Securing AWS Abstracted Services
• Using AWS Security Services
Day 4
• Data Protection in the AWS Cloud
• Managing security in a hybrid environment
• Deep dive into AWS monitoring and log analysis
• Protecting against outside threats to AWS VPC
Day 5
• How to carry out a Pentest on an AWS solution
• Security Incident Management and Automating security and incident response
• Threat detection and monitoring sensitive data
• Lets Do it! Building Compliant Workloads on AWS—Case Study

 

TN-515: Implementing Cybersecurity and Information Assurance Methodologies

  

Course Overview: 

Learn to protect yourself and your company against hackers, by learning their tools and techniques, and then testing your network.  This course is heavily based on Kali and primarily on Metasploit.  In TN-515: Implementing Cybersecurity and Information Assurance Methodologies class you will learn the step by step process that hackers use to assess your enterprise network, probe it & hack into it, utilizing a mixed-platform target environment including Windows, Linux, Solaris, and Cisco.  This course is 90% hacking, but  defenses for demonstrated hacks will be discussed.  If you want to know the ins and outs of the hacks presented in this course, then this is the course for you.

Attendees to TN-515: Implementing Cybersecurity and Information Assurance Methodologies Class Attendees will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • Introduction to Pen Testing using the PTES model
  • Metasploit Basics
    • MSFconsole, MSFcli, Armitage, MSFpayload, MSFencode, NasmShell
  • Intelligence Gathering
    • Nmap, Databases in Metasploit, Port Scanning with Metasploit
  • Quick Intro to Ruby
    • Writing a simple Ruby script to create a custom scanner
  • Vulnerability Scanning
    • Importing Nessus Results
    • Scanning with Nessus from Within Metasploit
  • Exploitation
    • Using the Metasploit Framework and console to exploit
  • Meterpreter
    • Compromising a Windows System
    • Attacking MS SQL, xp_cmdshell
    • Dumping Usernames and Passwords, extracting and dumping hashes
    • Pass the Hash and Token Impersonation
    • Pivoting
    • Railgun
    • Using Meterpreter Scripts: Migrating a process, Killing AV, Persistence
  • Avoiding Detection
    • Creating Stand-Alone Binaries with MSFpayload
    • Encoding with MSFencode and Packers (go Green Bay:)
  • Exploitation Using Client Side Attacks
    • Introduction to Immunity Debugger
    • Using Immunity Debugger to Decipher NOP Shellcode
  • Metasploit Auxiliary Modules
  • Social Engineer Toolkit (SET)
    • Spear-Phishing, Web Attack
    • Creating a Multipronged Attack
  • Creating Your Own Module
    • Adapt an existing Module
    • Add some PowerShell and Run the Exploit
  • Meterpreter Scripting
  • Capture The Flag Exercise

Prerequisites:

  • This is an advanced  Cybersecurity and Information Assurance Course which requires basic Windows & UNIX competency
  • Certification or 2 years of experience in these operating systems is highly recommended
  • An understanding of TCP/IP

Comments

Latest comments from students

  

Liked the class?  Then let everyone know!