איש צוות תגובה שלב 1

57 שיעורים7 שעות 40 שעות תירגול
  • Introduction
  • MITRE ATT&CK
  • Cyber Kill Chain
  • TACTICS, TECHNIQUES & PROCEDURES
  • Incedint responde methodolgy
  • Proactive Hunt
  • Live Analysis
  • Ioc’s Vs Ioa’s
  • Know your process
  • Virtualization and Windows 10 Lab Setup
    • Host & Network Based incidents
    • Threats types
    • Threat triage
    • Operation system visabilty
    • PS Transcription And User Sid
    • The Sysinternals suite
    • Process explorer Deep Dive
    • Persistnce with Autoruns
    • Autoruns CommandLine
    • Exercise Scenario – Red Line Malware
    • Unsigned binary detection
    • Operation detection procmon
    • Procmon Beautifier
    • Njrat exercise – Detection and Response
    • Network activity views
    • Detect Source Zone Identifier
    • System Resource Utilization Monitor
    • RDP Cacheing
    • ActivitiesCache
    • Windows Event logs
    • Event Logon types
    • Event id’s
    • Event log Capabilities Demo
    • Investigation Scenario Exercise
    • Evtx Over TimeLine explorer
    • Sysmon
    • Events Hunting
    • Registry Structure
    • Registry File Acquisition
    • Registry Explorer
    • Registry Points Of Interst
    • RegistryASEPS
    • UserAssist
    • ShellBags
    • Setupapi
    • Working With Wireshark
    • Wireshark Filters and Adaptations
    • Wireshark Statistics
    • DNS Analysis
    • DHCP Analysis
    • HTTP Analysis
    • Attack Scenarios Exercies
    • SMB & MS-RPC Analysis
    • Attack Scenario Exam
    • Jump Lists
    • ShimCache
    • AmCache