TN-979: Intrusion Analyst Course

Course Overview:

Intrusion Analyst is a hands-on course that covers intrusion detection in-depth. This includes concepts such as the use of Snort, network traffic analysis, and IDS signatures.

A skills focus enables the student to better absorb the subject matter and perform successfully on the job. This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of packet and intrusion analysis.

Attendees to TN-979: Intrusion Analyst will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

Advanced Snort Concepts
Analyst Toolkit
Domain Name System (DNS)
Examining Packet Crafting
Examining Packet Header Fields
Fragmentation
ICMP Theory
IDS Interoperability
IDS Patterns
IDS/IPS Management & Architecture Issues
Indications, Warnings & Traffic Correlation
IPv6
Microsoft Protocols
Network Traffic Analysis
NIDS Evasion, Instertion & Checksums
Snort Fundamentals & Configuration
Snort GUIs & Sensor Management
Snort Performance, Active Response & Tagging
Snort Rules
Stimulus Response
TCPdump Fundamentals
TCP/IP Fundamentals
Wireshark Fundamentals
Writing TCPdump Filters

Course Prerequisites:

GSEC or equivalent experience
UNIX, Windows, Networking, and Security Experience
This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students

User: Tosha

Instructor comments: Dave was an excellent instructor. He is very informative and knowledgeable in the course and the material. I have enjoyed the class and I would take another course with him as the instructor.

Facilities comments: Very nice and clean hotel.

User: buckey26

Instructor comments: Dave was one of the best instructors I have ever had for a tech course. He broke down everything to the point where you can understand it internally.

Liked the class? Then let everyone know!

TN-315: Complete Hack and Defend

Course Overview:

Learn to protect yourself and your company against hackers, by learning their tools and techniques, and then testing your network. This course is heavily based on Kali and primarily on Metasploit. In TN-315: Complete Hack and Defend class you will learn the step by step process that hackers use to assess your enterprise network, probe it & hack into it in mixed-platform environment including Windows, Linux, Solaris, and Cisco. This course is 90% hacking, but defenses for demonstrated hacks will be discussed. If you want to know the ins and outs of the hacks presented in this course, then this is the course for you.

Attendees to TN-315: Complete Hack & Defend Class Attendees will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

Introduction to Pen Testing using the PTES model
Metasploit Basics
- MSFconsole, MSFcli, Armitage, MSFpayload, MSFencode, NasmShell
Intelligence Gathering
- Nmap, Databases in Metasploit, Port Scanning with Metasploit
Quick Intro to Ruby
- Writing a simple Ruby script to create a custom scanner
Vulnerability Scanning
- Importing Nessus Results
- Scanning with Nessus from Within Metasploit
Exploitation
- Using the Metasploit Framework and console to exploit
Meterpreter
- Compromising a Windows System
- Attacking MS SQL, xp_cmdshell
- Dumping Usernames and Passwords, extracting and dumping hashes
- Pass the Hash and Token Impersonation
- Pivoting
- Railgun
- Using Meterpreter Scripts: Migrating a process, Killing AV, Persistence
Avoiding Detection
- Creating Stand-Alone Binaries with MSFpayload
- Encoding with MSFencode and Packers (go Green Bay:)
Exploitation Using Client Side Attacks
- Introduction to Immunity Debugger
- Using Immunity Debugger to Decipher NOP Shellcode
Metasploit Auxiliary Modules
Social Engineer Toolkit (SET)
- Spear-Phishing, Web Attack
- Creating a Multipronged Attack
Creating Your Own Module
- Adapt an existing Module
- Add some PowerShell and Run the Exploit
Meterpreter Scripting
Capture The Flag Exercise

Prerequisites:

This is an advanced Information Security Course which requires basic Windows & UNIX competency
Certification or 2 years of experience in these operating systems is highly recommended
An understanding of TCP/IP

Comments

Latest comments from students

User: dhonore

Instructor comments: Dave's presentation style is engaging and lively.

Facilities comments: The room was adequate for the needs of the class.

User: phouck

Instructor comments: David was very good. Although he went very fast at times.

Facilities comments: The room was ok. it was bit dark.

Liked the class? Then let everyone know!

Courses Similar to SANS

TechNow is in no way associated with SANS or GIAC, but has courses that are similar in subject matter:

TN-919: Penetration Tester Course

Course Overview:

This course engages students by providing in-depth knowledge of the most prominent and powerful attack vectors and an environment to perform these attacks in numerous hands-on scenarios. This course goes far beyond simple scanning for low-hanging fruit, and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.

Attendees to TN-919:Penetration Tester course will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 5 days

Course Objectives:

Advanced Hash Manipulation
Command Shell vs. Terminal Access
Enumerating Users
Exploitation Fundamentals
Injection Attacks
Legal Issues
Metasploit
Moving Files with Exploits
Obtaining and Passing Password Representations
Overview of Passwords
Penetration Testing Foundations
Penetration Testing Process
Penetration Testing via the Command Line
Profiling the Target
Reconnaissance
Scanning for Targets
Using a Proxy to Attack a Web Application
Vulnerability Scanning
Wireless Crypto and Client Attacks
Wireless Fundamentals

Course Prerequisites:

GSEC or equivalent experience
UNIX, Windows, networking, and security experience
This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students

User: kdwagoner

Instructor comments: Very knowledgeable. Kept class focused and on task

Facilities comments: Good

Liked the class? Then let everyone know!

RH-345: Red Hat JBoss Application Administration I

Course Overview:

Install, configure, and manage Red Hat JBoss Enterprise Application Platform

Red Hat JBoss® Application Administration I teaches you the best practices for installing and configuring Red Hat JBoss Enterprise Application Platform 6. Through hands-on labs, learn the essential, real-world tasks that a system administrator needs to know to effectively deploy and manage applications on JBoss Enterprise Application Platform.

Attendees to RH-345: Red Hat JBoss Application Administration I, will receive TechNow approved course materials and expert instruction.

Dates/Locations:

Duration: 5 Days

Course Objectives:

Overview of JBoss Enterprise Application Platform
Configure JBoss Enterprise Application Platform in standalone mode
Configure JBoss Enterprise Application Platform in domain mode
Configure servers
Use the CLI tool
The datasource subsystem
The logging subsystem
The messaging subsystem
The security subsystem
JVM configuration
Migrating applications to JBoss Enterprise Application Platform 6
The web subsystem