WIXLIB

CyberSec First Responder: Threat Detection and Response (Exam CFR-210)Course IntroductionCourse Introduction2mLesson 01 - Assessing Information Security RiskTopic A: Identify the Importance of Risk ManagementElements of Cybersecurity (Perimeter Model)Elements of Cybersecurity (Endpoint Model)The Risk EquationRisk ManagementThe Importance of Risk ManagementERMReasons to Implement ERMRisk ExposureRisk Analysis MethodsRisks Facing an EnterpriseTopic B: Assess RiskESA FrameworksESA Framework Assessment ProcessNew and Changing Business ModelsDe-perimeterizationNew Products and TechnologiesInternal and External InfluencesSystem-Specific Risk AnalysisRisk DeterminationsDocumentation of Assessment ResultsGuidelines for Assessing RiskTopic C: Mitigate RiskClasses of InformationClassification of Information Types into CIA LevelsSecurity Control CategoriesTechnical Controls (Template)Technical Controls (Example Answer)Aggregate CIA ScoreCommon Vulnerability Scoring SystemCommon Vulnerabilities and ExposuresDemo - Common Vulnerability Scoring SystemExtreme Scenario Planning and Worst Case ScenariosRisk Response TechniquesAdditional Risk Management StrategiesContinuous Monitoring and ImprovementIT GovernanceGuidelines for Mitigating RiskTopic D: Integrate Documentation into Risk ManagementFrom Policy to ProceduresPolicy DevelopmentProcess and Procedure Development1h 3m

Demo - Finding a Policy TemplateTopics to Include in Security Policies and ProceduresBest Practices to Incorporate in Security Policies and ProceduresBusiness Documents That Support Security InitiativesGuidelines for Integrating Documentation into Risk ManagementLesson 01 ReviewLesson 02 - Analyzing the Threat LandscapeTopic A: Classify Threats and Threat ProfilesThreat ActorsThreat MotivesThreat IntentionsAttack VectorsAttack Technique CriteriaQualitative Threat and Impact AnalysisGuidelines for Classifying Threats and Threat ProfilesTopic B: Perform Ongoing Threat ResearchOngoing ResearchSituational AwarenessCommonly Targeted AssetsThe Latest VulnerabilitiesThe Latest Threats and ExploitsThe Latest Security TechnologiesResources Aiding in ResearchDemo - Resources that Aid in Research of ThreatsThe Global Cybersecurity Industry and CommunityTrend DataTrend Data and Qualifying ThreatsGuidelines for Performing Ongoing Threat ResearchLesson 02 Review24mLesson 03 - Analyzing Reconnaissance Threats to Computing and Network EnvironmentsTopic A: Implement Threat ModelingThe Diverse Nature of ThreatsThe Anatomy of a Cyber AttackThreat ModelingReasons to Implement Threat ModelingThreat Modeling ProcessAttack TreeThreat Modeling ToolsThreat CategoriesTopic B: Assess the Impact of Reconnaissance IncidentsFootprinting, Scanning, and EnumerationFootprinting MethodsNetwork and System Scanning MethodsEnumeration MethodsEvasion Techniques for ReconnaissanceReconnaissance ToolsPacket Trace Analysis with WiresharkDemo - Performing Reconnaissance on a Network57m

Demo - Examining Reconnaissance IncidentsTopic C: Assess the Impact of Social EngineeringSocial EngineeringTypes of Social EngineeringPhishing and Delivery MediaPhishing and Common ComponentsSocial Engineering for ReconnaissanceDemo - Assessing the Impact of Social EngineeringDemo - Assessing the Impact of PhishingLesson 03 ReviewLesson 04 - Analyzing Attacks on Computing and Network EnvironmentsTopic A: Assess the Impact of System Hacking AttacksSystem HackingPassword SniffingPassword CrackingDemo - Cracking Passwords Using a Password FilePrivilege EscalationSocial Engineering for Systems HackingSystem Hacking Tools and Exploitation FrameworksTopic B: Assess the Impact of Web-Based AttacksClient-Side vs. Server-Side AttacksXSSXSRFSQL InjectionDirectory TraversalFile InclusionAdditional Web Application Vulnerabilities and ExploitsWeb Services ExploitsWeb-Based Attack ToolsDemo - Assessing the Impact of Web-Based ThreatsTopic C: Assess the Impact of MalwareMalware CategoriesTrojan HorsePolymorphic VirusSpywareSupply Chain AttackMalware ToolsDemo - Malware Detection and RemovalTopic D: Assess the Impact of Hijacking and Impersonation AttacksSpoofing, Impersonation, and HijackingARP SpoofingDNS PoisoningICMP RedirectDHCP SpoofingNBNS SpoofingSession HijackingHijacking and Spoofing ToolsTopic E: Assess the Impact of DoS IncidentsDoS Attacks1h 36m

DoS Attack TechniquesDDoSDoS Evasion TechniquesDoS ToolsDemo - Assessing the Impact of DoS AttacksTopic F: Assess the Impact of Threats to Mobile SecurityTrends in Mobile SecurityWireless ThreatsBYOD ThreatsMobile Platform ThreatsMobile Infrastructure Hacking ToolsTopic G: Assess the Impact of Threats to Cloud SecurityCloud Infrastructure ChallengesThreats to Virtualized EnvironmentsThreats to Big DataExample of a Cloud Infrastructure AttackCloud Platform SecurityLesson 04 ReviewLesson 05 - Analyzing Post-Attack TechniquesTopic A: Assess Command and Control TechniquesCommand and ControlIRCHTTP/SDNSICMPAdditional ChannelsDemo - Assessing Command and Control TechniquesTopic B: Assess Persistence TechniquesAdvanced Persistent ThreatRootkitsBackdoorsLogic BombDemo - Detecting RootkitsRogue AccountsTopic C: Assess Lateral Movement and Pivoting TechniquesLateral MovementPass the HashGolden TicketRemote Access ServicesWMICPsExecPort ForwardingVPN PivotingSSH PivotingRouting Tables and PivotingTopic D: Assess Data Exfiltration TechniquesData ExfiltrationCovert ChannelsSteganography1h 3m

Demo - SteganographyFile Sharing ServicesTopic E: Assess Anti-Forensics TechniquesAnti-ForensicsGolden Ticket and Anti-ForensicsDemo - Assessing Anti-ForensicsBuffer OverflowsMemory ResidentsProgram PackersVM and Sandbox DetectionADSCovering TracksLesson 05 ReviewLesson 06 - Evaluating the Organization’s Security PostureTopic A: Conduct Vulnerability AssessmentsVulnerability AssessmentPenetration TestingVulnerability Assessment vs. Penetration TestingVulnerability Assessment ImplementationVulnerability Assessment ToolsSpecific Assessment ToolsPort Scanning and FingerprintingSources of Vulnerability InformationOperating System and Software PatchingSystemic Security IssuesDemo - Perform a Vulnerability Scan with NessusDemo - Perform a Vulnerability Scan with MBSATopic B: Conduct Penetration Tests on Network AssetsROEPen Test PhasesPen Test ScopeExternal vs. Internal Pen TestingPen Testing TechniquesPen Testing Tools of the TradeKali LinuxData MiningAttack Surface Scanning and MappingPacket Manipulation for EnumerationSimulated AttacksPassword AttacksPenetration Test ConsiderationsTopic C: Follow Up on Penetration TestingEffective Reporting and DocumentationTarget AudiencesInformation Collection MethodsPenetration Test Follow-UpReport Classification and DistributionLesson 06 Review54m

Lesson 07 - Collecting Cybersecurity IntelligenceTopic A: Deploy a Security Intelligence Collection and Analysis PlatformSecurity IntelligenceThe Challenge of Security Intelligence CollectionSecurity Intelligence Collection LifecycleSecurity Intelligence Collection PlanCSMWhat to MonitorSecurity Monitoring ToolsData CollectionPotential Sources of Security IntelligenceGuidelines for Determining Which Data to Collect for Security IntelligenceGuidelines for Determining Which Fields You Should LogGuidelines for Configuring Logging Systems Based on Their ImpactGuidelines for Determining Which Events Should Prompt an AlertInformation ProcessingExternal Data SourcesPublicly Available InformationCollection and Reporting AutomationData RetentionTopic B: Collect Data from Network-Based Intelligence SourcesNetwork Device Configuration FilesNetwork Device State DataSwitch and Router LogsWireless Device LogsFirewall LogsWAF LogsIDS/IPS LogsProxy LogsCarrier Provider LogsSoftware-Defined NetworkingNetwork Traffic and Flow DataLog TuningDemo - Collecting Network-Based Security IntelligenceTopic C: Collect Data from Host-Based Intelligence SourcesOperating System Log DataWindows Event LogsSyslog DataApplication LogsDNS Event LogsSMTP LogsHTTP LogsFTP LogsSSH LogsSQL LogsDemo - Collecting Host-Based Security IntelligenceDemo - Parsing Log FilesLesson 07 Review1h 15m

Lesson 08 - Analyzing Log DataTopic A: Use Common Tools to Analyze LogsPreparation for AnalysisGuidelines for Preparing Data for AnalysisLog Analysis ToolsThe grep CommandThe cut CommandThe diff CommandThe find CommandWMIC for Log AnalysisEvent ViewerBashWindows PowerShellAdditional Log Analysis ToolsGuidelines for Using Windows- and Linux-Based Tools for Log AnalysisDemo - Analyzing Linux Logs for Security IntelligenceTopic B: Use SIEM Tools for AnalysisSecurity Intelligence CorrelationSIEMThe Realities of SIEMSIEM and the Intelligence LifecycleGuidelines for Using SIEMs for Security Intelligence AnalysisDemo - Incorporating SIEMs into Security Intelligence AnalysisTopic C: Parse Log Files with Regular ExpressionsRegular ExpressionsQuantification OperatorsAnchor OperatorsCharacter Set OperatorsMiscellaneous Search OperatorsSpecial OperatorsBuild an ExpressionKeyword SearchesSpecial Character SearchesIP Address SearchesGuidelines for Writing Regular ExpressionsLesson 08 Review1h 23mLesson 09 - Performing Active Asset and Network AnalysisTopic A: Analyze Incidents with Windows-Based ToolsRegistry Editor (regedit)Analysis with Registry EditorFile System Analysis Tools for WindowsProcess ExplorerProcess MonitorService Analysis Tools for WindowsVolatile Memory Analysis Tools for WindowsActive Directory Analysis ToolsNetwork Analysis Tools for WindowsDemo - Windows-Based Incident Analysis ToolsTopic B: Analyze Incidents with Linux-Based Tools1h 41m

File System Analysis Tools for LinuxProcess Analysis Tools for LinuxVolatile Memory Analysis Tools for LinuxSession Analysis Tools for LinuxNetwork Analysis Tools for LinuxDemo - Linux-Based Incident Analysis ToolsTopic C: Analyze MalwareMalware SandboxingCrowd-Sources Signature DetectionVirusTotal Malware EntryReverse EngineeringDisassemblersDisassembly of Malware in IDAMalware StringsAnti-Malware SolutionsMAECGuidelines for Analyzing MalwareDemo - Analyzing MalwareTopic D: Analyze Indicators of CompromiseIOCsUnauthorized Software and FilesSuspicious EmailsSuspicious Registry EntriesUnknown Port and Protocol UsageExcessive Bandwidth UsageService Disruption and DefacementRogue HardwareSuspicious or Unauthorized Account UsageGuidelines for Analyzing Indicators of CompromiseDemo - Analyzing Indicators of CompromiseLesson 09 ReviewLesson 10 - Responding to Cybersecurity IncidentsTopic A: Deploy an Incident Handling and Response ArchitectureIncident Handling and Response PlanningSite BookIncident Response ProcessSOCsCSIRT OrganizationCSIRT RolesA Day in the Life of a CSIRTCSIRT Communication ProcessIncident Indicator SourcesThe Impact and Scope of IncidentsIncident Evaluation and AnalysisIncident ContainmentIncident Mitigation and EradicationIncident RecoveryLessons LearnedIncident Handling Tools1h 13m