Objectives:
-
Understand the threats faced by modern networks, systems and application platforms
-
Understand the techniques used to detect, prevent and respond to these threats
-
Build enablement solutions for detection and situational awareness
-
Respond, contain and start hunting out known and unknown threats
-
Use leading ‘open source’ security tools to serve active and passive defence techniques
-
Discover and analyse ‘high risk’ weakness within systems
-
Create an actionable and auditable policies
-
Understand cryptography and its applications in a digital world
-
Begin to analyse, attribute and predict the threats and create an active defence posture
Course Outline:
Module 1: Defensible Network Architecture, Virtualisation and Cloud Security
Defensible Network Architecture, Network Security Tools, Wireless Networks, Virtualisation and Cloud Security, Internet of Things and Smart Cities
-
Lab 1.1 - Use CLI for diagnostic purposes
-
Learners will go over the Windows command ‘ping’ to test network connectivity to a machine and ‘arp’ to retrieve information about devices on a network.
-
Lab 1.2 - Create and alter packets with hping
-
Learners will understand how to use the hping utility on Linux to create and send different types of packets to a host to perform different purposes.
-
Lab 1.3 -... Läs mer
Objectives:
-
Understand the threats faced by modern networks, systems and application platforms
-
Understand the techniques used to detect, prevent and respond to these threats
-
Build enablement solutions for detection and situational awareness
-
Respond, contain and start hunting out known and unknown threats
-
Use leading ‘open source’ security tools to serve active and passive defence techniques
-
Discover and analyse ‘high risk’ weakness within systems
-
Create an actionable and auditable policies
-
Understand cryptography and its applications in a digital world
-
Begin to analyse, attribute and predict the threats and create an active defence posture
Course Outline:
Module 1: Defensible Network Architecture, Virtualisation and Cloud Security
Defensible Network Architecture, Network Security Tools, Wireless Networks, Virtualisation and Cloud Security, Internet of Things and Smart Cities
-
Lab 1.1 - Use CLI for diagnostic purposes
-
Learners will go over the Windows command ‘ping’ to test network connectivity to a machine and ‘arp’ to retrieve information about devices on a network.
-
Lab 1.2 - Create and alter packets with hping
-
Learners will understand how to use the hping utility on Linux to create and send different types of packets to a host to perform different purposes.
-
Lab 1.3 - Breaking WAP
-
Learners will use aircrack-ng to crack a Wireless Application Protocol key.
-
Lab 1.4 - p0f Network Monitoring
-
Learners will use p0f to monitor network traffic and determine what OS and application created it.
-
Lab 1.5 - Wireshark and TCPdump
-
Learners will use Wireshark and TCPdump to capture network traffic.
-
Lab 1.6 - Setting up your own virtual machine
-
Learners will use virtual machine images and create their own Virtual Machine using a software-based hypervisor. (Stretch Exercise)
-
Lab 1.7 - Car hacking with Can-utils
-
Learners will use can-utils to get information from a virtual can device, understand the security risks associated with the ease of connecting a machine to a CAN network and use metasploit to run an exploit to flood a CAN interface with dummy traffic.
-
Lab 1.8 – Shodan
-
Learners will use specialised search engines to search for vulnerable machines using extended QA education learner access.
Module 2: Defence-in-Depth
Defense-in-Depth, Access Control and Password Management, Security Policies and Frameworks, Critical Security Controls, Malware and Exploit Mitigations, Advanced Persistent Threat
-
Lab 2.1 - Using Social Engineering Toolkit
-
Learners will use the Social Engineering Toolkit to generate a fake website and harvest credentials from it.
-
Lab 2.2 - Using chkrootkit to detect a rootkit
-
Learners will use chkrootkit to scan a Linux machine for rootkits.
-
Lab 2.3 - Malicious URL Checking
-
Learners will use online tools to test URLs to see if a page contains malicious content.
-
Lab 2.4 - Payload Evaluation
-
Learners will use the Social Engineering-Toolkit to generate a meterpreter payload and evaluate a file that contains malware using an online evaluation tool.
-
Lab 2.5 - Advanced Persistent Threat (APT) Analysis
-
Learners will classify the typical behaviours of APT groups sponsored by different nation states.
Module 3: Vulnerability Scanning, Risk Response and Threat Management
Vulnerability Scanning and Penetration Testing, Network Security Devices, Endpoint Security, Log Analysis, Tools and Techniques for Active Defense, Contingency Planning
-
Lab 3.1 - Nmap and Zenmap
-
Learners will use nmap to perform scans of the most common ports on a server and Zenmap to perform more comprehensive scans easily with a graphical interface.
-
Lab 3.2 - Vulnerability Scanning with Nikto
-
Learners will use nikto to perform a vulnerability scan against a web server and analyse the results.
-
Lab 3.3 - Advanced Network Scanning with SPARTA
-
Learners will Use SPARTA to perform multiple vulnerability scans against a host and analysis the results.
-
Lab 3.4 - Windows Defender Firewall
-
Learners will create custom Windows Defender Firewall Rules and enable/disable Windows Defender Firewall Rules.
-
Lab 3.5 - Linux Firewalls
-
Learners will use iptables to create custom firewall rules and use firewalld as an alternative to iptables.
-
Lab 3.6 - Setting Up a Proxy
-
Learners will use the tool Squid to turn a Linux machine into a proxy.
-
Lab 3.7 - Windows Defender AV
-
Learners will use Windows Defender to perform a virus scan of a computer and Task Scheduler to schedule Windows Defender scans to be more regular and defensive.
-
Lab 3.8 – Honeypots
-
Learners will use pentbox to set up a honeypot for attacker attraction and defensive mitigation purposes.
Module 4: Operating System and Application Security
Security Infrastructure, Enforcing Security Policies, Network Services, Windows Forensics, Security Utilities and Patching, Linux Forensics, Web Vulnerabilities
-
Lab 4.1 – SQLi
-
Learners will use networking scanning tools to discover a web server and what services it has running from the ports it has open, explore the services a machine has open to find a vulnerability to exploit with SQLmap and use Meterpreter and Metasploit to create and use a back-door to a machine.
-
Lab 4.2 - Windows Log Analysis
-
Learners will use Event Viewer to view and find logs on Windows and understand the different categories of logs on Windows.
-
Lab 4.3 - Linux Log Analysis
-
Learners will use command line tools to find entries in Linux logs for attack detection.
-
Lab 4.4 - Email headers
-
Learners will use tools to grab an email header and analyse email headers to aid threat hunting.
Module 5: Applied Cryptography and Cryptocurrency
Fundamental Concepts of Cryptography, Applied Cryptography, Cryptocurrencies
-
Lab 5.1 - Digital Certificates
-
Learners will analyse the digital certificate of a HTTPS website.
-
Lab 5.2 - Hashing Scenario
-
Learners will use an online tool to generate hashes of files, understand the use of hashing a file and the risk of hash collisions.
-
Lab 5.3 - Eavesdropping with Wireshark
-
Learners will use Wireshark to listen to network traffic to help identify anomalies.
-
Lab 5.4 - Password Cracking
-
Learners will use a command line tool to crack a password hash using a wordlist and a command line tool to crack a Linux password from the /etc/shadow file.
-
Lab 5.5 - Password Management
-
Learners will learn how to enforce password ageing through Command Line on a windows environment and apply password ageing through Group Policy Editor on Windows.
-
Lab 5.6 - Bitcoin in crime
-
Learners will use search engines to determine whether a bitcoin address has been used in relation to any malicious activities.
-
Lab 5.7 - Auditing a bitcoin transaction
-
Learners will analyse the transactions associated with a Bitcoin address in order to audit the transactions for nefarious purposes.
Appendix
-
Lab A.1 - FTK Imaging
-
Learners will use FTK Imager to perform a live acquisition of a Windows drive.
-
Lab A.2 - Designing and building a network architecture using Packet Tracer
-
Learners will use Packet Tracer to model a physical network and configure a VLAN.