1. صفحه اصلی
  2. آموزش آفلاین
  3. امنیت
  4. تاکتیک ها و دفاع پیشرفته تیم بنفش | SANS SEC599: Purple Team Tactics & Kill Chain Defenses

تاکتیک ها و دفاع پیشرفته تیم بنفش | SANS SEC599: Purple Team Tactics & Kill Chain Defenses

این دوره به صورت اورجینال و زبان اصلی میباشد
599

نوع آموزش: آفلاین

پشتیبانی: تیکتینگ

 

ارائه مدرک: ندارد

زبان آموزش:

فارسی/ انگلیسی 

(طبق توضیحات)

بازگشت وجه:

طبق قوانین سایت

قیمت

5,990,000 ریال
  • SEC599.1: Introduction and Reconnaissance
  • Course Outline and Lab Setup
    • Course objectives and lab environment
    • What’s happening out there?
    • Introducing SYNCTECHLABS
    • Exercise: One click is all it takes…
  • Adversary Emulation and the Purple Team
    • Introducing the extended Kill Chain
    • What is the purple team?
    • MITRE ATT&CK framework and “purple tools”
    • Key controls for prevention and detection
    • Exercise: Hardening our domain using SCT and STIG
    • Building a detection stack
    • Exercise: Kibana, ATT&CK Navigator, and FlightSim
  • Reconnaissance
    • Reconnaissance – Getting to know the target
    • Exercise: Automated reconnaissance using SpiderFoot
  • SEC599.2: Payload Delivery and Execution
  • Common Delivery Mechanisms
  • Hindering Payload Delivery
    • Removable media and network (NAC, MDM, etc.) controls
    • Exercise: Stopping NTLMv2 sniffing and relay attacks in Windows
    • Mail controls, web proxies, and malware sandboxing
    • YARA – A common payload description language
    • Exercise: Building a Sandbox using Cuckoo and YARA
  • Preventing Payload Execution
    • Initial execution – Application whitelisting
    • Exercise: Configuring AppLocker
    • Initial execution – Visual Basic, JS, HTA, and PowerShell
    • Exercise: Controlling script execution in the enterprise
    • Initial execution – How to detect?
    • Exercise: Detection with Script Block Logging, Sysmon, and SIGMA
    • Operationalizing YARA rules – Introducing ProcFilter
    • Exercise: Preventing payload execution using ProcFilter
  • SEC599.3: Exploitation, Persistence, and Command and Control
  • Protecting Applications from Exploitation
    • Software development lifecycle (SDL) and threat modeling
    • Patch management
    • Exploit mitigation techniques
    • Exercise: Exploit mitigation using Compile-Time Controls
    • Exploit mitigation techniques – ExploitGuard, EMET, and others
    • Exercise: Exploit mitigation using ExploitGuard
  • Avoiding Installation
    • Typical persistence strategies
    • How do adversaries achieve persistence?
    • Exercise: Catching persistence using Autoruns and OSQuery
  • Foiling Command and Control
    • Detecting command and control channels
    • Exercise: Detecting command and control channels using Suricata, JA3, and RITA
  • SEC599.4: Lateral Movement
  • Protecting Administrative Access
    • Active Directory security concepts
    • Principle of least privilege and UAC
    • Exercise: Implementing LAPS
    • Privilege escalation techniques in Windows
    • Exercise: Local Windows privilege escalation techniques
  • Key Attack Strategies against AD
    • Abusing local admin privileges to steal more credentials
    • Exercise: Hardening Windows against credential compromise
    • Bloodhound – Mapping out AD attack paths
    • Exercise: Mapping attack paths using BloodHound
    • Kerberos attacks: Kerberoasting, Silver tickets, Over-PtH
    • Exercise: Kerberos attack strategies
  • How Can We Detect Lateral Movement?
    • Key logs to detect lateral movement in AD
    • Deception – Tricking the adversary
    • Exercise: Detecting lateral movement in AD
  • SEC599.5: Action on Objectives, Threat Hunting, and Incident Response
  • Domain Dominance
    • Dominating the AD – Basic strategies
    • Golden Ticket, Skeleton Key, DCSync, and DCShadow
    • Detecting domain dominance
    • Exercise: Domain dominance
  • Data Exfiltration
    • Common exfiltration strategies
    • Exercise: Detecting data exfiltration
  • Leveraging Threat Intelligence
    • Defining threat intelligence
    • Exercise: Leveraging threat intelligence with MISP and Loki
  • Threat Hunting and Incident Response
    • Proactive threat hunting strategies
    • Exercise: Hunting your environment using OSQuery
    • Incident response process
    • Exercise: Finding malware using Volatility and YarGen
  • SEC599.6: APT Defender Capstone
  • Applying Previously Covered Security Controls In-depth
  • Reconnaissance
  • Weaponization
  • Delivery
  • Exploitation
  • Installation
  • Command and Control
  • Action on Objectives

حجم فایل ها

برای استفاده

قیمت

5,990,000 ریال
فهرست