This class will be designed for the following groups/individuals:
Information Technology Professionals (Sys Admins, Network Engineers, etc) looking for additional security training Security Professionals wanting to learn more about defense ("Blue Team") New Security Analysts just starting out in their role Anyone looking to step up their security game at home
The class will be divided into two main sections. In the first section, class participants will learn about and discuss some of the concepts, methods, and tools used in a traditional SOC (Security Operations Center) environment including, but not limited to; Snort, Suricata, ArcSight, Nagios, and Wireshark before participating in hands-on exercises in network flow monitoring and PCAP (packet capture) analysis using Wireshark. Currently, there is a planned contest where participants will group into teams and attempt to correctly identify as many types of attacks used in a given PCAP acquired from a recent cyber challenge. The winning team will be asked to present their analysis of the PCAP to the rest of the class and explain their dissection and identification methods.
In the second section, class participants will learn and discuss some of the concepts and techniques used in incident response and digital forensics including, but not limited to; memory analysis, registry analysis, browser history analysis, malware analysis, and event log analysis. Tool discussion will include Volatility (open source memory forensics framework), FRED (Forensic Registry Editor), EnCase, and TSK/Autopsy before participating in hands-on exercises using TSK/Autopsy to examine a "compromised" hard drive. There is also a planned challenge where participants will group into teams and will utilize forensics tools to analyze a "compromised" virtual server and correctly identify the different types of exploits used against it. The winning team will be asked to present their analysis to the rest of the class.
Following these two main sections, there will be a brief wrap-up session where participants will be encouraged to discuss what they have learned, and will be able to ask questions.