ثبت نامورود به پنل کاربری
معرفی کتاب SANS SEC599: Defeating Advanced Adversaries 2019
با سلام خدمت همراهان همیشگی فرکیان تک. با شما هستیم با کتاب Defeating Advanced Adversaries 2019 این کتاب بر مفاهیم امنیت شبکه و تست نفوذ تمرکز کرده است .
معرفی کتاب :
کتاب SEC599 شکست دادن دشمنان پيشرفته ، تاکتيک هاي تيم بنفش ، دفاع زنجيره اي و درک عميقي از نحوه عملکرد دشمنان فعلي ارائه مي دهد و شما را با دانش و تخصص لازم براي شناسايي ، پاسخ به تهديدات سایبری در حال افزایش و باج افزار ها آماده مي کند . هدف SEC599 استفاده از مفهوم تيم بنفش با گرد هم آوردن تيمهاي قرمز و آبي براي حداکثر تأثير است و با توجه به اينکه استراتژي فقط پيشگيري کافي نيست ، اين دوره بر استراتژيهاي حمله فعلي و چگونگي کاهش موثر و شناسايي آنها با استفاده از ساختار زنجيره ای تمرکز ميکند . در طول دوره، اصل تيم و تکنيک هاي حمله به طور عميق توضيح داده مي شوند ، پس از آن کنترل هاي امنيتي موثر معرفي و اجرا مي شوند . در طراحي دوره فناوريهاي مختلفی مانند : سيستمهاي IDS، پروکسيهاي وب ، … و در نهایت ، ايمن نگه داشتن شبکه خود در برابر دشمنان پيشرفته ارائه ميشود .
فهرست مطالب :
SEC599.1: شناخت Adversary
SEC599.2: جلوگيري از Payload
SEC599.3: جلوگيري از Exploitation
SEC599.4: اجتناب از نصب Foiling، Command and Control
SEC599.5: جلوگيري از نفوذ ، فريب سايبري و واکنش به حادثه
Advanced Persistent Threat Defender Capstone :SEC599.6
آنچه خواهید آموخت :
انواع حملات
چرخه حمله پيشرفته تهديد مداوم (APT) جهت توصيف حملات
درک نحوه عملکرد حملات
نحوه اجراي کنترل هاي امنيتي براي جلوگيري ، شناسايي و پاسخ به حملات سايبري
راه اندازي قابليت تشخيص اساسي با استفاده از ELK، OSQuery و Suricata
استفاده از قوانين YARA براي شناسايي بارهاي مخرب روي ديسک و حافظه
توسعه سياستهاي گروهي براي توقف اجراي کدهاي مخرب و اجراي کنترل اسکريپت
توقف اکسپلويت با استفاده از تکنيکهاي کاهش بهرهبرداري
جلوگيري از تداوم بدافزار
تشخيص پايداري بدافزار با استفاده از OSQuery
جلوگيري از حرکت جانبي با سختکردن محيطهاي اکتيو دايرکتوري ويندوز
تشخيص حرکت جانبي از طريق مانيتورينگ رويداد Sysmon و Windows
مسدود کردن و تشخيص فرمان و کنترل از طريق تجزيه و تحليل ترافيک شبکه
مديريت، به اشتراک گذاري و عملياتي کردن اطلاعات با استفاده از MISP
براي مشاهده تمامي کتاب هاي زبان اصلي بر روي لينک کليک کنيد .
با ما همراه باشید.
Course Syllabus
SEC599.1: Knowing the Adversary, Knowing Yourself
SEC599.2: Averting Payload Delivery
SEC599.3: Preventing Exploitation
SEC599.4: Avoiding Installation, Foiling Command and Control, and Thwarting Lateral Movement
SEC599.5: Thwarting Exfiltration, Cyber Deception, and Incident Response
SEC599.6: Advanced Persistent Threat Defender Capstone
You just got hired to help our virtual organization “SyncTechLabs” build out a cyber security capability. On your first day, your manager tells you: “We looked at some recent cyber security trend reports and we feel like we’ve lost the plot. Advanced persistent threats, ransomware, denial of service…We’re not even sure where to start!”
Cyber threats are on the rise: ransomware is affecting small, medium and large enterprises alike, while state-sponsored adversaries are attempting to obtain access to your most precious crown jewels. SEC599: Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses will provide an in-depth understanding of how current adversaries operate and arm you with the knowledge and expertise you need to detect and respond to today’s threats.
SEC599 aims to leverage the purple team concept by bringing together red and blue teams for maximum effect. Recognizing that a prevent-only strategy is not sufficient, the course focuses on current attack strategies and how they can be effectively mitigated and detected using a Kill Chain structure. Throughout the course, the purple team principle will be maintained, where attack techniques are first explained in-depth, after which effective security controls are introduced and implemented.
SANS SEC599: Defeating Advanced Adversaries
Course authors Erik Van Buggenhout & Stephen Sims (both certified as GIAC Security Experts) are hands-on practitioners who have achieved a deep understanding of how cyber attacks work through penetration testing and incident response. While teaching penetration testing courses, they were often asked “But how do I prevent this type of attack?” With more than 20 labs plus a full-day “Defend-The-Flag” exercise during which students attempt to defend our virtual organization from different waves of attacks against its environment, SEC599 gives students real world examples of how to prevent attacks.
Our six-day journey will start with an analysis of recent attacks through in-depth case studies. We will explain what types of attacks are occurring and introduce the Advanced Persistent Threat (APT) Attack Cycle as a structured approach to describing attacks. In order to understand how attacks work, you will also compromise our virtual organization “SyncTechLabs” in our Day 1 exercises.
Throughout days 2 through 5 we will discuss how effective security controls can be implemented to prevent, detect, and respond to cyber attacks. Some of the topics we will address include:
- How red and blue teams can improve collaboration, forming a true purple team;
- How current advanced adversaries are breaching our defenses;
- Security controls structured around the Kill Chain, including:
- Setting up a fundamental detection capability using ELK, OSQuery, and Suricata
- Building your own mail sandbox solution to stop spear phishing using Suricata and Cuckoo
- Leveraging YARA rules to detect malicious payloads on disk and in memory
- Developing effective group policies to stop malicious code execution and implement script control (AppLocker, Software Restriction Policies, Script hardening, etc.)
- Stopping 0-day exploits using exploit mitigation techniques (leveraging EMET and ExploitGuard)
- Preventing malware persistence using least-privilege (UAC, Just-Enough-Admin, privileged account management, etc.)
- Detecting malware persistence using OSQuery
- Preventing lateral movement by hardening Windows Active Directory environments (e.g. CredentialGuard, Privileged Access Workstations, Protected Processes, etc.)
- Detecting lateral movement through Sysmon and Windows event monitoring
- Blocking and detecting command and control through network traffic analysis
- Managing, sharing and operationalizing threat intelligence using MISP
- Hunting for compromise in the network by leveraging Loki
In designing the course and its exercises, the authors went the extra mile to ensure that attendees “build” something that can be used later on. For this reason, the different technologies illustrated throughout the course (e.g., IDS systems, web proxies, sandboxes, visualization dashboards, etc.) will be provided as usable virtual machines on the course USB.
SEC599 will finish with a bang. During the “Defend-the-Flag” challenge on the final course day you will be pitted against advanced adversaries in an attempt to keep your network secure. Can you protect the environment against the different waves of attacks? The adversaries aren’t slowing down, so what are you waiting for?