TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies

 

Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objective:

    • To provide management an overview of what it takes to stand up a SOC.

Prerequisites:

  • Students should have an understanding of the security field.

Course Outline:

  • What threats does my organization care about?
  • What does a threat look like?
  • What does a threat look like?
  • How to present the SOC internally.
  • Communication with Stakeholders and Executives
    • Leveraging and integrating existing security measures
  • People
    • Establishing a skill matrix and work roles for SOC members
    • Establishing a training path
    • Personnel background requirementsProcesses
  • Processes
    • Alignment to standards: NIST, PCI, HIPAA, etc.
    • Risk related decision trees
    • Playbooks
    • Threat Intelligence Integration
  • Technology – Tool Suites to Support:
    • Ethical Hacking
    • Network Security Monitoring and SIEM
    • Forensics
    • Dashboards
    • Analysis and Hunting
    • Incident Management and Ticketing

 

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

TN-345: Python for Penetration Testers

 

Course Overview:

 

This Python for Penetration Testing course is designed to give you the skills you need for maintaining or developing Python Penetration Testing tools oriented towards offensive operations.  We have a suite of courses and certifications that help  understand a problem, this course prepares the student to rapidly develop prototype code to attack or defend against it.

The course concludes with a Capture the Flag event that will test both your ability to apply your new tools and coding skills in a Python Penetration Testing challenge.

This course is not intended to be an Advanced Python course, but to exemplify penetration techniques utilizing Python.  The course covers Threading, Sockets, OOP, and third party modules that facilitate the offensive operator’s objective.

This course utilizes the “Violent Python” text book.

Attendees to TN-345: Python for Penetration Testers Class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 3 Days

Course Objectives:

  • Python Lanuage Refress
  • Network Sockets
  • Exception Handling
  • Hashes and Cracking Passwords
  • Threading
    • Concepts and Python Implementation
    • Queues and Synchronization
    • urlparse and httplib to probe URLs
    • Crack a password protected zip file
  • Port Scanner
    • Threading a Port Scanner
  • nmap integration
  • Deploying shellcode
  • Mechanize, BeautifulSoup
    • HTTP Form Password Guessing
    • HTTP Proxies (Burp Suite)
    • HTTP Cookies Session Hijacking
      • CookieMonster
  • Images and Metadata
  • Justniffer
  • SQL Injection
    • sqlmap
    • SQLBrute
  • Antivirus and IDS evasion
    • PyInstaller
    • Metasploit
  • Scapy
    • Deploy shellcode
    • DNS Cache Poisoning
    • Packety Violence

Prerequisites:

Comments

Latest comments from students

  

Liked the class?  Then let everyone know!

TN-999: Reverse Engineering Malware Course

Course Overview:

This course is designed for professionals that are expected to do malware analysis. A skills focus enables the student to better absorb the subject matter and perform successfully on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics Reverse Engineering Malware.

Attendees to TN-999: Reverse Engineering Malware will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Toolkit and Lab Assembly
  • Malware Code and Behavioral Analysis Fundamentals
  • Malicious Static and Dynamic Code Analysis
  • Collecting/Probing System and Network Activities
  • Analysis of Malicious Document Files
  • Analyzing Protected Executables
  • Analyzing Web-Based Malware
  • DLL Construction and API Hooking
  • Common Windows Malware Characteristics in x86 Assembly
  • Unpacking Protected Malware
  • In-Depth Analysis of Malicious Browser Scripts, Flash Programs and Office
  • In-Depth Analysis of Malicious Executables
  • Windows x86 Assembly Code Concepts for Revers-Engineering Memory Forensics for Rootkit Analysis

Prerequisites:

  • Strong understanding of core systems and network concepts
  • Exposure to programming and assembly concepts
  • Comfortable with command line access

Comments

Latest comments from students

User: marcus.osullivan

Instructor comments: Good stuff. I like the beginning half where there was help from an additional instructor to facilitate fixing computer errors that inevitably popped up.

Facilities comments: The baby deer were neat! I like the resort.

Liked the class?  Then let everyone know!

TN-525: Certified Penetration Testing Professional (CPENT)

Course Overview:

A rigorous Pen Testing program that, unlike contemporary Pen Testing courses, teaches you how to perform an effective penetration test across filtered networks. The course requires you to Pen Test IoT systems, OT systems, builds on your ability to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and various technologies.

What’s Included:

    • EC-Council official E-Courseware
    • EC-Council official Certificate of Attendance
    • EC-Council iLabs with access for 6 months
    • EC-Council CPENT Range access
    • CEH Exam Voucher

     

    Dates/Locations:

    No Events

    Duration: 5 days

    Course Content:

      • Module 01. Introduction to Penetration Testing
      • Module 02. Penetration Testing Scoping and Engagement
      • Module 03. Open Source Intelligence (OSINT)
      • Module 04. Social Engineering Penetration Testing
      • Module 05. Network Penetration Testing – External
      • Module 06. Network Penetration Testing – Internal
      • Module 07. Network Penetration Testing – Perimeter Devices
      • Module 08. Web Application Penetration Testing
      • Module 09. Wireless Penetration Testing
      • Module 10. IoT Penetration Testing
      • Module 11. OT/SCADA Penetration Testing
      • Module 12. Cloud Penetration Testing
      • Module 13. Binary Analysis and Exploitation
      • Module 14. Report Writing and Post Testing Actions

     

    Prerequisites:

        • Pass the CEH exam
        • Pass the CND exam

    Target Audience:

    Penetration Testers, Ethical Hackers, Information Security Consultants/ Testers/ Analysts/ Engineers, Network Server Administrators, Firewall & System Administrators, Risk Assessment Professionals

     

    Comments

    Latest comments from students

     

    Liked the class?  Then let everyone know!

TN-901: Linux for Security Professionals

Course Overview:

This course will be fast paced with in-depth and live demonstrations.

Date/Locations:

No Events

Duration: 1 day

Course Objectives:

  • AIDE
  • DNS Security with DNSsec
  • Logging and Audit Management
  • Linux Security Modules and SE-Linux
  • Linus Containers (Jailing Services and Apps)
  • SSH and SSL tunneling

Prerequisites:

 

Comments

Latest comments from students

Liked the class?  Then let everyone know!