Cyber Security Training and Boot Camp

ADVANCED CYBERSECURITY SKILLS BOOTCAMP  - 2018

 


REVERSING SKILLS

(EXPLOIT KITS, MALICIOUS DOCUMENTS & RANSOMWARE)

This intensive two-day course is designed to teach latest techniques used by exploit kit authors.

 

Day 1  

Environment Setup

Create a vulnerable Virtual machine with open source tools as well as  exploit detection drivers. Collect and analyze events collected from these tools.  

Exploit Kit INTRoduction

Overview of latest exploit kits, redirection gates, evasion techniques.

De-obfuscating Landing Page

Introduction to Exploit Kits landing pages. Understanding the obfuscation techniques and tools to decode.  

Exploit under debugger

Understand the exploit techniques used – ROP/Shellcode/APIs/Delivery mechanism

DAY2

Understanding Flash Exploits

In this section, students will learn how to deobfuscate malicious SWF files and extract interesting information.

Introduction to Macro Malware

A deep look at latest targeted attacks along utilizing macros. The students will dissect and execute samples in a safe environment.

Introduction to Ransomware techniques

Dissecting a POC ransomware.

Introduction to File-less attack

In this section, students are introduced to advanced file-less attacks. Students will go through Angler’s file-less shellcode along with few interesting macros attacks.

INTEL & INCIDENT RESPONSE

(Incident Response, Threat Hunting & Attribution)

This intensive two-day course is designed to teach the investigative techniques needed to respond to latest threats. The class is built upon a series of hands-on labs that highlight the phases of a targeted attack.

DAY 1

The Incident Response Process

An introduction to the threat landscape, targeted attack life-cycle, initial attack vectors used by different threat actors, and the phases of an effective incident response process

Introduction to Key Concepts

A deep dive will be taken into file system metadata, registry, event logs, services, common persistence mechanisms, and artifacts of execution

Memory Forensic

The students will get introduced to memory forensic and perform hunting to look for interesting information.

DAY 2

Enterprise Investigations

Apply the lessons-learned from the previous modules to proactively investigate an entire environment, at-scale, for signs of compromise. An in-depth analysis of how attackers move from system-to-system in a compromised Windows environment

Remediation

The remediation phase of an enterprise investigation is an important part of the incident response process. Discussion on longer term strategic posturing to improve the resiliency of the organization as a whole.

Introduction To Threat Hunting

Students are introduced to threat hunting concepts using threat intelligence, anomaly detection and known threat actor techniques, tactics and procedures (TTPs)

 

RED TEAM SKILLS

  (ADVANCED ATTACK TECHNIQUES &  TTP SIMULATION)

This intensive two-day course is designed to teach how to think like an attacker, understand the advanced techniques used in real attacks and how to build and simulate advanced TTPs.

DAY 1

REDTEAM GOALS

This session explains the goals of red team. How to manage a red team engagement. 

KILLCHAIN TAXONOMY & DEFENSE

An introduction to targeted attack stages. Enumeration of techniques in each stage. How next generation security products detect stuff. What it takes to bypass state of art security controls

TTP SIMULATION - INITIAL COMPROMISE TECHNIQUES

Hands on lab to achieve initial compromise through spear phishing, exploits and server attacks.

DAY 2

TTP SIMULATION – BUILDING MALICIOUS BINARY COMPONENTS

In this hands on session, students build state of the art attack components  on top of a core library to achieve covert dropping, persistence, c&c,  RAT bahavior , lateral movement and data theft

TTP SIMULATION – BUILDING SCRIPTING COMPONENTS

This session focuses on building malicious components using PowerShell, WMI etc

END TO END APT ATTACK CHALLENGE

Students have to leverage the components built to perform an end to end APT attack in a simulated environment.