Hacker Tools 2023

0 views

Skip to first unread message

Kerby Reynolds

unread,

Aug 3, 2024, 5:38:16 PM8/3/24

to thioreirofi

SEC504 helps you develop the skills to conduct incident response investigations. You will learn how to apply a dynamic incident response process to evolving cyber threats, and how to develop threat intelligence to mount effective defense strategies for cloud and on-premises platforms. We'll examine the latest threats to organizations, from watering hole attacks to cloud application service MFA bypass, enabling you to get into the mindset of attackers and anticipate their moves. 30+ Hands-on Labs

The goal of modern cloud and on-premises systems is to prevent compromise, but the reality is that detection and response are critical. Keeping your organization out of the breach headlines depends on how well incidents are handled to minimize loss to the company.

In SEC504, you will learn how to apply a dynamic approach to incident response. Using indicators of compromise, you will practice the steps to effectively respond to breaches affecting Windows, Linux, and cloud platforms. You will be able to take the skills and hands-on experience gained in the course back to the office and apply them immediately.

A big focus in SEC504 is applying what you learn with hands-on exercises: 50% of the course is hands-on where you will attack, defend, and assess the damage done by threat actors. You will work with complex network environments, real-world host platforms and applications, and complex data sets that mirror the kind of work you may be asked to do. You never lose access to the lab exercises, and they can be repeated as often as you like. All lab exercises come with detailed walkthrough video content to help reinforce the learning concepts in the course.

Understanding the steps to effectively conduct incident response is only one part of the equation. To fully grasp the actions attackers take against an organization you also need to understand their tools and techniques. In the hands-on environment provided by SEC504, you will use same tools attackers use to understand how they are applied and the artifacts they leave behind. By getting into the mindset of attackers, you will learn how they apply their tactics, techniques, and procedures against your organization, and you will be able to use that insight to anticipate their moves and build better defenses.

In this course section we'll look at the techniques attackers use to conduct reconnaissance as a pre-attack step, including how they use open-source intelligence, network scanning, and target enumeration attacks to find the gaps in security. You'll use attacker techniques to assess the security of a target network, evaluating popular protocols and endpoints for Windows, Linux, Azure, and AWS targets. After delivering the attacks, you'll investigate the logging data and evidence that remains to recognize these attacks as they happen.

Password attacks are the most reliable mechanism for attackers to bypass defenses and gain access to your organization's assets. In this section we'll investigate the complex attacks that exploit password and multi-factor authentication weaknesses using the access gained to access other network targets.

In this course section we'll begin our look at target exploitation frameworks that take advantage of weaknesses on public servers and client-side vulnerabilities. Using the implicit trust of a public website, you'll apply attacker tools and techniques to exploit browser vulnerabilities, execute code with Microsoft Office documents, and exploit the many vulnerabilities associated with vulnerable web applications.

Building on password, public-facing, and drive-by attacks, we'll look at the attacks that happen after initial exploitation. You'll see how attackers bypass endpoint protection systems and use an initial foothold to gain access to internal network targets. You'll then apply the techniques you learn with privileged insider Local Area Network (LAN) attacks, using privileged access to establish persistence, how attackers scan for and collect data from a compromised organization. You will apply these skills to assess the security risks of a vulnerable cloud deployment through visualization and automated assessment techniques. Finally, we'll look at the steps to take after the course is over, turning what you've learned into long-term skills and helping you prepare for the certification exam.

Our Capture-the-Flag event is a full day of hands-on activity that has you working as a consultant for ISS Playlist, a fictitious company that has recently been compromised. You will apply all of the skills you've learned in class, using the same techniques used by attackers to compromise modern, sophisticated network environments. You will work on a team or independently to scan, exploit, and complete post-exploitation tasks against a cyber range of target systems including Windows, Linux, Internet of Things devices, and cloud targets. This hands-on challenge is designed to help players practice their skills and reinforce concepts learned throughout the course. With an integrated hint system to give you the on-demand guidance you need to succeed, the event guides you through the steps to successfully compromise target systems, bypass endpoint protection platforms, pivot to internal network high-value hosts, and exfiltrate company data.

The GIAC Incident Handler (GCIH) certification validates a practitioner's ability to detect, respond, and resolve computer security incidents using a wide range of essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

Your course media will now be delivered via download. The media files for class can be large, some in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.