We provide virtual course about Masterclass: System Forensics, Incident Handling And Threat Hunting in english. Forensics and Incident Handling are constantly evolving and crucial topics in the area of cybersecurity.
Course description:
In order to stay on top of the attackers, the knowledge of Individuals and Teams responsible for collecting digital evidences and handling the incidents has to be constantly enhanced and updated. This advanced training provides skills necessary to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible.
This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, important aspects of Windows internals, memory and storage analysis, detecting indicators of compromise and a proper way of reporting.
Course outline:
Module 1 - Introduction to Windows Internals:
• Introduction to Windows Internals
• Processes and Threads
• PID and TID
• Information Gathering from Running Operating System
• Obtaining Volatile Data
• A Deep Dive into Autoruns
• Effective Permissions Auditing
• PowerShell Get NTFS Permissions
• Obtaining Permissions Information with Access Check
• Unnecessary and Malicious Services
• Detecting Unnecessary Services with PowerShell
Module 2 - Securing Monitoring Operations & Threat Hunting:
• Types of Hunting
• Defining Hunt Missions
• Malware Hiding Techniques
• Uncovering Internal Reconnaissance
• Uncovering Lateral Movement
• Uncovering Hidden Network Transmissions
Module 3 - Handling Malicious Code Incidents:
• Count of Malware Samples
• Virus, Worms, Trojans, and Spywares
• Incident Handling Preparation
• Incident Prevention
• Detection of Malicious Code
• Containment Strategy
• Evidence Gathering and Handling Eradication and Recovery
Module 4 - Static Malware Analysis:
• Static Malware Analysis Scenarios
• Types and Goals of Malware Analysis
• Cloud-Based Malware Analysis
• Incident Prevention and Response Steps
• Containment and Mitigation
• Executable analysis
• Static Analysis Tools
Module 5 - Behavioral Malware Analysis and Threat Hunting:
• Malware Detonation
• Sysinternals Suite
• Network Communication Analysis
• Monitoring System Events
• Memory Dump Analysis
• Simulation a Real Environment
Module 6 - Network Forensics and Monitoring:
• Types and Approaches to Network Monitoring
• Network Evidence Acquisition
• Network Protocols and Logs
• LAB: Detecting Data Thievery
• LAB: Detecting WebShells
• Gathering Data from Network Security Appliances
• Detecting Intrusion Patterns and Attack Indicators
• Data Correlation
• Hunting Malware in Network Traffic
• Encoding and Encryption
• Denial-of-Service Incidents
• Distributed Denial-of-Service Attack
• Detecting DoS Attack
• Incident Handling Preparations for DoS
• DoS Response and Preventing Strategies
Module 7 - Memory: Dumping and Analysis:
• Introduction to Memory Dumping and Analysis
• Creating Memory Dump - Belkasoft RAM Capturer and DumpIt
• Utilizing Volatility to Analyze Windows Memory Image
• Analyzing Stuxnet Memory Dump with Volatility
• Automatic Memory Analysis with Volatile
Module 8 - Memory: Indicators of compromise:
• Yara Rules Language
• Malware Detonation
• Introduction to Reverse Engineering
Module 9 - Disk: Storage Acquisition and Analysis:
• Introduction to Storage Acquisition and Analysis
• Drive Acquisition
• Mounting Forensic Disk Images
• Virtual Disk images
• Signature vs. File Carving
• Introduction to NTFS File System
• Windows File System Analysis
• Autopsy with Other filesystems
• External Device Usage Data Extraction (USB Usage etc.)
• Reviving the Account Usage
• Extracting Data Related with the Recent Use of Application, File etc.
• Recovering Data after Deleting Partitions
• Extracting Delete File and File Related Information
• Extracting Data from File Artifacts Like $STANDARD_INFORMATION etc.
• Password Recovery
• Extracting Windows Indexing Service data
• Deep-dive into Automatic Destinations
• Detailed Analysis of Windows Prefetch
• Extracting Information about
• Program execution (UserAssist, RecentApps, Shimcache, appcompatcache etc.)
• Extracting information about browser usage (web browsing history, cache, cookies etc.)
• Communicator Apps Data Extraction
• Extracting Information about
• Network Activity
• Building Timelines
Module 10 - Malicious Non-Exe Files:
• Alternative Binaries
• PowerShell Scripts
• Office Documents
• Jscript
• HTML Documents
• Living off the Land Binaries
Instructor: Paula Januszkiewicz
Target audience:
IT professionals, Forensics and Incident Handling Specialists, Security Consultants, Enterprise Administrators, Infrastructure Architects, Security Professionals, Systems Engineers, Network Administrators and other people responsible for implementing network and perimeter security.
Language:
• English course material, english speaking instructor
Certification:
This training is not related to any specific certification