TN-765: Automating Administration with Windows Powershell

Course Overview:

This course provides students with the fundamental knowledge and skills to use PowerShell for administering and automating administration of Windows servers. This course provides students the skills to identify and build the command they require to perform a specific task. In addition, students learn how to build scripts to accomplish advanced tasks such as automating repetitive tasks and generating reports. This course provides prerequisite skills supporting a broad range of Microsoft products, including Windows Server, Windows Client, Microsoft Azure, and Microsoft 365. In keeping with that goal, this course will not focus on any one of those products, although Windows Server, which is the common platform for all of those products, will serve as the example for the techniques this course teaches.

Attendees to TN-765: Automating Administration with Windows Powershell will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 5 days

Course Objectives:

Describe the functionality of Windows PowerShell and use it to run and find basic commands
Identify and run cmdlets for server administration
Work with Windows PowerShell pipeline
Describe the techniques Windows PowerShell pipeline uses
Use PSProviders and PSDrives to work with other forms of storage
Query system information by using WMI and CIM
Work with variables, arrays, and hash tables
Write basic scripts in Windows PowerShell
Write advanced scripts in Windows PowerShell
Administer remote computers
Use background jobs and scheduled jobs
Use advanced Windows PowerShell techniques

Course Prerequisites:

Experience with Windows networking technologies and implementation.
Experience with Windows Server administration, maintenance, and troubleshooting.

Comments

Latest comments from students

Liked the class? Then let everyone know!

TN-535: Certified Forensic Computer Examiner (CFCE)

CCFE Core Competencies

Procedures and Legal Issues
Computer Fundamentals
Partitioning Schemes
Data Recovery
Windows File Systems
Windows Artifacts
Report writing (Presentation of Finding)

Procedures and Legal issues

Knowledge of search and subjection and rules for evidence as applicable to computer forensics.
Ability to explain the on-scene action taken for evidence preservation.
Ability to maintain and document an environment consolidating the computer forensics.

Computer Fundamentals

Understand BIOS
Computer hardware
Understanding of numbering system (Binary, hexadecimal, bits, bytes).
Knowledge of sectors, clusters, files.
Understanding of logical and physical files.
Understanding of logical and physical drives.

Partitioning schemes

Identification of current partitioning schemes.
Understanding of primary and extended partition.
Knowledge of partitioning schemes and structures and system used by it.
Knowledge of GUID and its application.

Windows file system

Understanding of concepts of files.
Understanding of FAT tables, root directory, subdirectory along with how they store data.
Identification, examination, analyzation of NTFS master file table.
Understanding of $MFT structure and how they store data.
Understanding of Standard information, Filename, and data attributes.

Data Recovery

Ability to validate forensic hardware, software, examination procedures.
Email headers understanding.
Ability to generate and validate forensically sterile media.
Ability to generate and validate a forensic image of media.
Understand hashing and hash sets.
Understand file headers.
Ability to extract file metadata from common file types.
Understanding of file fragmentation.
Ability to extract component files from compound files.
Knowledge of encrypted files and strategies for recovery.
Knowledge of Internet browser artifacts.
Knowledge of search strategies for examining electronic

Windows Artifacts

Understanding the purpose and structure of component files that create the windows registry.
Identify and capability to extract the relevant data from the dead registry.
Understand the importance of restore points and volume shadow copy services.
Knowledge of the locations of common Windows artifacts.
Ability to analyze recycle bin.
Ability to analyze link files.
Analyzing of logs
Extract and view windows logs
Ability to locate, mount and examine VHD files.
Understand the Windows swap and hibernation files.

Report Writing (Presentation of findings)

Ability to conclude things strongly based on examination observations.
Able to report findings using industry standard technically accurate terminologies.
Ability to explain the complex things in simple and easy terms so that non-technical people can understand clearly.
Be able to consider legal boundaries when undertaking a forensic examination

N-485: In-Depth Securing Networks with Cisco Firepower Threat Defense NGFW

Course Overview:

An in-depth course on how to use and configure Cisco Firepower Threat Defense technology, from device setup and configuration and including routing, high availability, Firepower Threat Defense migration, traffic control, and Network Address Translation (NAT). Students implement advanced Next Generation Firewall (NGFW) and Next Generation Intrusion Prevention System (NGIPS) features, including network intelligence, file type detection, network based malware detection, and deep packet inspection.
Students will also learn how to configure site to site VPN, remote access VPN, and SSL decryption before moving on to detailed analysis, system administration, and troubleshooting. This course combines lecture materials and hands on labs throughout to make sure that students are able to successfully deploy and manage the Cisco Firepower system.

It is a five-day instructor-led course that is aimed at providing network security engineers with the knowledge and skills that are needed to implement and maintain perimeter solutions that are based on Cisco Firepower security appliances. At the end of the course, students will be able to reduce risk to their IT infrastructure and applications using Cisco Firepower security appliance features, and provide detailed operations support for the Firepower appliance.

Attendees to N-485: In-Depth Securing Networks with Cisco Firepower Threat Defense NGFW will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

Understand Sourcefire, Firepower 6.2, FireAMP, and Firepower Threat Defense (FTD)
Configure the Firepower Management Center (FMC)
Raise you confidence managing the Firepower Manager and Firepower tThreat Defense (FTD)
Describe the Cisco Firepower Systems infrastructure
Navigate the user interface and administrative features of the Cisco Firepower 6.2 system, including advanced analysis and reporting functionality to properly assess threats
Describe the System Configuration and Health policies and implement them
Describe the role Network Discovery (Firepower) technology plays in the Cisco devices
Describe, create, and implement objects for use in Access Control policies
Create DNS and URL policies and configure Sinkholes
Configure FTD policies such as Platform, Routing, Interface, Zones, PreFilter, QoS, NAT and Flex Config!
Describe advanced policy configuration and Firepower system configuration options
Configure Malware Policies to find and stop Malware
Understand Security Intelligence, and how to configure SI to stop attacks NOW!
Configure policies to find and stop Ransomware
Understand how to fine tune IPS policies
Understand how to find tun Snort Preprocessor policies (NAP)
Configure Correlation events, white rules, traffic profiles and create respective events and remediate them
Analyze events
Create reporting templates and schedule them
Configure backups, rule updates, Firepower Recommendations, URL updates, and more to run every week automatically
Set up external authentication for users using LDAP/Realms
Configuring system integration, realms, and identity sources
Configure FMC domains and implement them
Configure FTD HA with two FTD devices
SSL Policy – decrypt your traffic
AnyConnect and Site-to-Site VPN
Understand network and host based AMP. Configure and analyze host based AMP
Understand Cisco Identity Services Engine (ISE)
Configure ISE and integrate with Cisco FMC identity policy using PxGrid

Prerequisites:

Cisco Certified Network Associate (CCNA) certification. or equivalent
Cisco Certified Network Associate Security (CCNA Security) certification. or equivalent
Working knowledge of the Microsoft Windows operating system.

Comments

Latest comments from students

Liked the class? Then let everyone know!

TN-969: Windows Security Administrator Course

Course Overview:

A skills focus enables the student to better absorb the subject matter and perform successfully on the job. This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs to secure Windows systems. Lecture and labs start with quick review of Active Directory and group policy to enforce security mechanisms within the Windows architecture. Students then gain network experience and use sniffing to help exemplify the benefit of learning wired and wireless security configurations. PowerShell is made for SecOps/DevOps automation and students will learn to write PowerShell scripts to automate security operations and Desired State Configuration (DSC). The course concludes with exercising real attack strategies to demonstrate the effectives of properly securing your host.

Attendees to TN-969: Windows Security Administrator course will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

Active Directory and BloodHound
Security Controls
PKI
Encryption
Wireless & Network Security and Hardening DNS
802.1x and Endpoint Protection
Firewalls and VPN
PowerShell Scripting
JEA, DSC, Enterprise Security with PowerShell
Windows Attack Strategies

Prerequisites:

Security+
Windows System Administration Skills

Comments

Latest comments from students

User: bbrabender

Instructor comments: Instructor was very knowledgeable and help more inexperienced users with concepts as well explaining in a way that can be understood.

Facilities comments: N/A

User: dale.r.anderson

Instructor comments: Instructor was well knowlegeable accross alot of domains.

Facilities comments: Pretty good

Liked the class? Then let everyone know!

TN-909: Windows Forensic Analysis

Course Overview:

Windows Forensic Analysis is a hands-on course that covers digital forensics of the Microsoft Windows operating system. The collection and analysis of data tracking user based activity that can be used for internal purposes or legal litigation. TechNow has the student analyze many data images for various Windows operating systems, as current as Windows 8.1, Windows 10 in an environment that uses many Cloud technologies such as Office365, Skydrive, Sharepoint, Exchange Online, and Windows Phone.

This is not death by power point. The course is aligned with digital forensic investigators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of Windows Forensic Analysis.

Attendees to TN-909: Windows Forensic Analysis will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

Windows Operating System Components
Core Forensic Principles
Live Response and Triage-Based Acquisition Techniques
Windows Image Mounting and Examination
Memory, Pagefile, Filesystems
Data and Metadata
Profiling systems and users
Tracking USB and BYOD
Log and Registry Analysis
User Communications
Email Forensics
Browser Forensics
Reporting and Presentation