Course Overview:

Intrusion Analyst is a hands-on course that covers intrusion detection in-depth. This includes concepts such as the use of Snort, network traffic analysis, and IDS signatures.

A skills focus enables the student to better absorb the subject matter and perform successfully on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of packet and intrusion analysis.

Attendees to TN-979: Intrusion Analyst will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Advanced Snort Concepts
  • Analyst Toolkit
  • Domain Name System (DNS)
  • Examining Packet Crafting
  • Examining Packet Header Fields
  • Fragmentation
  • ICMP Theory
  • IDS Interoperability
  • IDS Patterns
  • IDS/IPS Management & Architecture Issues
  • Indications, Warnings & Traffic Correlation
  • IPv6
  • Microsoft Protocols
  • Network Traffic Analysis
  • NIDS Evasion, Instertion & Checksums
  • Snort Fundamentals & Configuration
  • Snort GUIs & Sensor Management
  • Snort Performance, Active Response & Tagging
  • Snort Rules
  • Stimulus Response
  • TCPdump Fundamentals
  • TCP/IP Fundamentals
  • Wireshark Fundamentals
  • Writing TCPdump Filters

Course Prerequisites:

  • GSEC or equivalent experience
  • UNIX, Windows, Networking, and Security Experience
  • This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students


User: Tosha

Instructor comments: Dave was an excellent instructor. He is very informative and knowledgeable in the course and the material. I have enjoyed the class and I would take another course with him as the instructor.

Facilities comments: Very nice and clean hotel.


User: buckey26

Instructor comments: Dave was one of the best instructors I have ever had for a tech course. He broke down everything to the point where you can understand it internally.


Liked the class?  Then let everyone know!

Course Overview:

This course is designed for professionals that are expected to do malware analysis. A skills focus enables the student to better absorb the subject matter and perform successfully on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics Reverse Engineering Malware.

Attendees to TN-999: Reverse Engineering Malware will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Toolkit and Lab Assembly
  • Malware Code and Behavioral Analysis Fundamentals
  • Malicious Static and Dynamic Code Analysis
  • Collecting/Probing System and Network Activities
  • Analysis of Malicious Document Files
  • Analyzing Protected Executables
  • Analyzing Web-Based Malware
  • DLL Construction and API Hooking
  • Common Windows Malware Characteristics in x86 Assembly
  • Unpacking Protected Malware
  • In-Depth Analysis of Malicious Browser Scripts, Flash Programs and Office
  • In-Depth Analysis of Malicious Executables
  • Windows x86 Assembly Code Concepts for Revers-Engineering Memory Forensics for Rootkit Analysis

Prerequisites:

  • Strong understanding of core systems and network concepts
  • Exposure to programming and assembly concepts
  • Comfortable with command line access

Comments

Latest comments from students



User: marcus.osullivan

Instructor comments: Good stuff. I like the beginning half where there was help from an additional instructor to facilitate fixing computer errors that inevitably popped up.

Facilities comments: The baby deer were neat! I like the resort.


Liked the class?  Then let everyone know!

Course Overview:

This is a hands-on course that covers many of the concepts of securing the perimeter of an organization. This includes concepts such as intrusion detection, packet filtering, and central logging.

A skills focus enables the student to better absorb the subject matter and perform better on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of Firewalls.

This course is an excellent precursor to PA-215 Palo Alto Firewall Essentials FastTrack.

Attendees to TN-949: Certified Firewall Analyst Prep will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Analyzing Network and Wireless Design
  • Creating and Auditing a Rulebase
  • Firewall Assessment and Penetration Testing
  • Host-Based Detection and DLP
  • Incident Detection and Analysis
  • IOS and Router Security
  • IPv6 and ICMPv6
  • Log Collection and Analysis
  • NAT and Proxies
  • Netfilter IPtables
  • Network Access Control
  • Network-Based Intrusion Detection
  • Packet Filters and Inspection
  • Packet Fragmentation
  • Perimeter Concepts and IP Fundamentals
  • Securing Hosts and Services
  • TCP/IP Protocols
  • VPN Design and Auditing
  • VPN Implementation

Course Prerequisites:

  • GSEC or equivalent experience
  • UNIX, Windows, networking and security  experience
  • This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students


Liked the class?  Then let everyone know!

Course Overview:

A skills focus enables the student to better absorb the subject matter and perform successfully on the exam.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of the attacks and the effectiveness.  Students then gain network experience and use sniffing to help exemplify the benefit of learning wired and wireless security configurations. The course concludes with exercising real attack strategies to demonstrate the techniques acquired throughout the course.

Attendees to TN-939:  Hacker Techniques, Exploits, and Incident Handling will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 9 days

Course Objectives:

  • Backdoors & Trojan Horses
  • Buffer Overflows
  • Covering Tracks: Networks
  • Covering Tracks: Systems
  • Denial of Service Attacks
  • Exploiting Systems Using Netcat
  • Format String Attacks
  • Incident Handling Overview and Preparation
  • Incident Handling Phase 2: Identification
  • Incident Handling Phase 3: Containment
  • Incident Handling: Recovering and Improving Capabilities
  • IP Address Spoofing
  • Network Sniffing
  • Password Attacks
  • Reconnaissance
  • Rootkits
  • Scanning: Host Discovery
  • Scanning: Network and Application Vulnerability scanning and tools
  • Scanning: Network Devices (Firewall rules determination, fragmentation, and IDS/IPS evasion)
  • Scanning: Service Discovery
  • Session Hijacking, Tools and Defenses
  • Types of Incidents
  • Virtual Machine Attacks
  • Web Application Attacks
  • Worms, Bots & Bot-Nets

Prerequisites:

  • GSEC or equivalent experience
  • UNIX, Windows, Networking, and Security Experience
  • This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students


User: m_jurrens

Instructor comments: Both instructors Mr. Askey and Mr. Hackney, were very good. the open learning environment was extremely productive and I felt we all learned far more that we ever would out of a structured rote memorization course.


User: natebonds

Instructor comments: Both Mr. Askey and Hackney were extremely knowledgeable. They were also extremely interested in helping each student learn. I was particularly impressed with the way they tailored the course to optimize our time since we weren't testing. I feel like I know much much more than I did when the class started.

Facilities comments: The facilities were fine. I would have preferred it be closer to Lackland.


Liked the class?  Then let everyone know!

Course Overview:

As VoIP (Voice-over IP) is integrated into the operations of many missions, it is imperative to understand its security ramifications.  In the N-595: VoIP Security Analysis and Design class the objectives are designed for those who are chartered with the responsibility of securing networks and application environments that incorporate VoIP.   Topics include how VoIP works, its interactions with the network, its vulnerabilities and mitigations.  Focus is on leading open source and proprietary technologies utilizing Asterisk and Cisco and the protocols SIP, H.323, RTP, MGCP, and Skinny.  Other protocols such as Nortel's UNIStim will be addressed.  As for Cisco, security pieces in the VoIP CallManager servers, Catalyst switches, IOS-based routers, and ASA firewalls, amounts to several different platforms, each with its own management interface and lockdown procedures.   Various open source tools including those in BackTrack are used for VoIP attacks.  A task list of actions for securing enterprise VoIP is carried out in hands-on labs, performed on Cisco phones, routers, switches, and ASA firewalls.

Attendees to N-595: VoIP Security Analysis and Design will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • VoIP Architecture
  • VoIP Signaling and media protocols
  • Common VoIP authentication mechanisms
  • Common VoIP encryption techniques
  • VoIP protocol analysis with Wireshark
  • Maintaining QoS while mitigating DoS
  • VoXML, XML, and application integration security
  • Converged network security design and implementation
  • Impact of NAT and firewalls
  • SIP, H.323, and MGCP vulnerabilities
  • VPN, IPsec and SRTP to secure VoIP services
  • Penetration testing with open source tools
  • Attacks for Eavesdropping, call redirection, and DoS
  • Design of hacked firmware virtualization layer
  • Concise lockdown steps for network hardware and VoIP

Prerequisites:

  • This is an advanced Information Security Course which requires basic Windows & UNIX competency
  • Certification or 2 years of experience in these operating systems is highly recommended
  • As well as an understanding of TCP/IP

Comments

Latest comments from students


Liked the class?  Then let everyone know!