Networks are coming under increasing numbers of attacks each year and the volume of threats shows no signs of subsiding. New malware samples are detected at an ever increasing rate that is currently in excess of 500,000 unique new samples per day. The number of reported data breaches increases each year and these breaches cost companies billions of dollars a year. In order to properly defend networks from these threats, the threats need to be fully understood.
This course will introduce students to the tools, techniques, and procedures used by adversaries to compromise networks. Students will become familiar with the various categories of malware, attacker methodologies, and various attack vectors. They will introduced to the methodology for detecting, containing, eradicating, and recovering from a breach or malware outbreak.
This course is only available on-site at your location.
- Day 1
- Threat Landscape. A discussion into the cyber threats facing enterprises. Attacker motivations, Threat Statistics
- Malware Types. An introduction to the different categories of malware. Viruses/Worms, Spyware/Adware, Crimeware, Trojans, Botnets, Rootkits, Ransomware
- Attack methodology. An introduction into how attackers breach networks. Footprinting, Scanning, Enumeration, Penetration, Escalation, Command and Control, Lateral Movement, Persistence, Covering Tracks
- Advanced Persistent Threats. A discussion into what makes an APT.
- Day 2
- Attack Vectors. An overview of the most common attacks. Social Engineering, Phishing, Spear Phishing, Remote Access Malware, Buffer Overflows, Cross Site Scripting, Session Highjacking , SQL Injection, URL Misinterpretation , Data Spillage
- Detection Evasion. An introduction into ways attackers hide from security. IP spoofing, IP fragmentation , Protocol violations, Overlapping fragments, Encryption
- Day 3
- Incident Response. An introduction into how to respond to incidents. Background and Overview, Preparation , Detection, Analysis, Containment, Eradication, Recovery, Post-Incident, Cyber Kill Chain
- Implementing Controls, Determining controls, Ensuring compliance, FFIEC IT Security Handbook
- Day 4
- Security issues related to emerging technologies. BYOD, Virtualization, Cloud Technologies , Mobile Devices/Banking , Encryption at rest and in motion
- Security Vendors. An introduction to the services offered by others. MSSPs, IR Retainers, Cyber Threat Intel
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.