معرفی کتاب SANS SEC599: Defeating Advanced Adversaries 2019

downlaod Defeating Advanced 2019

با سلام خدمت همراهان همیشگی فرکیان تک. با شما هستیم با کتاب Defeating Advanced Adversaries 2019 این کتاب بر مفاهیم امنیت شبکه و تست نفوذ تمرکز کرده است .

معرفی کتاب :

کتاب SEC599 شکست دادن دشمنان پيشرفته ، تاکتيک هاي تيم بنفش ، دفاع زنجيره اي و درک عميقي از نحوه عملکرد دشمنان فعلي ارائه مي دهد و شما را با دانش و تخصص لازم براي شناسايي ، پاسخ به تهديدات سایبری در حال افزایش و باج افزار ها آماده مي کند . هدف SEC599 استفاده از مفهوم تيم بنفش با گرد هم آوردن تيم‌هاي قرمز و آبي براي حداکثر تأثير است و با توجه به اينکه استراتژي فقط پيشگيري کافي نيست ، اين دوره بر استراتژي‌هاي حمله فعلي و چگونگي کاهش موثر و شناسايي آنها با استفاده از ساختار زنجيره ای تمرکز مي‌کند . در طول دوره، اصل تيم و تکنيک هاي حمله به طور عميق توضيح داده مي شوند ، پس از آن کنترل هاي امنيتي موثر معرفي و اجرا مي شوند . در طراحي دوره فناوري‌هاي مختلفی مانند : سيستم‌هاي IDS، پروکسي‌هاي وب ، … و در نهایت ، ايمن نگه داشتن شبکه خود در برابر دشمنان پيشرفته ارائه مي‌شود .

فهرست مطالب :

SEC599.1: شناخت Adversary

SEC599.2: جلوگيري از Payload

SEC599.3: جلوگيري از Exploitation

SEC599.4: اجتناب از نصب Foiling، Command and Control

SEC599.5: جلوگيري از نفوذ ، فريب سايبري و واکنش به حادثه

Advanced Persistent Threat Defender Capstone :SEC599.6

آنچه خواهید آموخت :

انواع حملات
چرخه حمله پيشرفته تهديد مداوم (APT) جهت توصيف حملات
درک نحوه عملکرد حملات
نحوه اجراي کنترل هاي امنيتي براي جلوگيري ، شناسايي و پاسخ به حملات سايبري
راه اندازي قابليت تشخيص اساسي با استفاده از ELK، OSQuery و Suricata
استفاده از قوانين YARA براي شناسايي بارهاي مخرب روي ديسک و حافظه
توسعه سياست‌هاي گروهي براي توقف اجراي کدهاي مخرب و اجراي کنترل اسکريپت
توقف اکسپلويت‌ با استفاده از تکنيک‌هاي کاهش بهره‌برداري
جلوگيري از تداوم بدافزار
تشخيص پايداري بدافزار با استفاده از OSQuery
جلوگيري از حرکت جانبي با سخت‌کردن محيط‌هاي اکتيو دايرکتوري ويندوز
تشخيص حرکت جانبي از طريق مانيتورينگ رويداد Sysmon و Windows
مسدود کردن و تشخيص فرمان و کنترل از طريق تجزيه و تحليل ترافيک شبکه
مديريت، به اشتراک گذاري و عملياتي کردن اطلاعات با استفاده از MISP

 

براي مشاهده تمامي کتاب هاي زبان اصلي بر روي لينک کليک کنيد .

 با ما همراه باشید.

Course Syllabus
SEC599.1: Knowing the Adversary, Knowing Yourself
SEC599.2: Averting Payload Delivery
SEC599.3: Preventing Exploitation
SEC599.4: Avoiding Installation, Foiling Command and Control, and Thwarting Lateral Movement
SEC599.5: Thwarting Exfiltration, Cyber Deception, and Incident Response
SEC599.6: Advanced Persistent Threat Defender Capstone

You just got hired to help our virtual organization “SyncTechLabs” build out a cyber security capability. On your first day, your manager tells you: “We looked at some recent cyber security trend reports and we feel like we’ve lost the plot. Advanced persistent threats, ransomware, denial of service…We’re not even sure where to start!”

Cyber threats are on the rise: ransomware is affecting small, medium and large enterprises alike, while state-sponsored adversaries are attempting to obtain access to your most precious crown jewels. SEC599: Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses will provide an in-depth understanding of how current adversaries operate and arm you with the knowledge and expertise you need to detect and respond to today’s threats.

SEC599 aims to leverage the purple team concept by bringing together red and blue teams for maximum effect. Recognizing that a prevent-only strategy is not sufficient, the course focuses on current attack strategies and how they can be effectively mitigated and detected using a Kill Chain structure. Throughout the course, the purple team principle will be maintained, where attack techniques are first explained in-depth, after which effective security controls are introduced and implemented.

SANS SEC599: Defeating Advanced Adversaries

Course authors Erik Van Buggenhout & Stephen Sims (both certified as GIAC Security Experts) are hands-on practitioners who have achieved a deep understanding of how cyber attacks work through penetration testing and incident response. While teaching penetration testing courses, they were often asked “But how do I prevent this type of attack?” With more than 20 labs plus a full-day “Defend-The-Flag” exercise during which students attempt to defend our virtual organization from different waves of attacks against its environment, SEC599 gives students real world examples of how to prevent attacks.

Our six-day journey will start with an analysis of recent attacks through in-depth case studies. We will explain what types of attacks are occurring and introduce the Advanced Persistent Threat (APT) Attack Cycle as a structured approach to describing attacks. In order to understand how attacks work, you will also compromise our virtual organization “SyncTechLabs” in our Day 1 exercises.

Throughout days 2 through 5 we will discuss how effective security controls can be implemented to prevent, detect, and respond to cyber attacks. Some of the topics we will address include:

  • How red and blue teams can improve collaboration, forming a true purple team;
  • How current advanced adversaries are breaching our defenses;
  • Security controls structured around the Kill Chain, including:
    • Setting up a fundamental detection capability using ELK, OSQuery, and Suricata
    • Building your own mail sandbox solution to stop spear phishing using Suricata and Cuckoo
    • Leveraging YARA rules to detect malicious payloads on disk and in memory
    • Developing effective group policies to stop malicious code execution and implement script control (AppLocker, Software Restriction Policies, Script hardening, etc.)
    • Stopping 0-day exploits using exploit mitigation techniques (leveraging EMET and ExploitGuard)
    • Preventing malware persistence using least-privilege (UAC, Just-Enough-Admin, privileged account management, etc.)
    • Detecting malware persistence using OSQuery
    • Preventing lateral movement by hardening Windows Active Directory environments (e.g. CredentialGuard, Privileged Access Workstations, Protected Processes, etc.)
    • Detecting lateral movement through Sysmon and Windows event monitoring
    • Blocking and detecting command and control through network traffic analysis
    • Managing, sharing and operationalizing threat intelligence using MISP
    • Hunting for compromise in the network by leveraging Loki

In designing the course and its exercises, the authors went the extra mile to ensure that attendees “build” something that can be used later on. For this reason, the different technologies illustrated throughout the course (e.g., IDS systems, web proxies, sandboxes, visualization dashboards, etc.) will be provided as usable virtual machines on the course USB.

SEC599 will finish with a bang. During the “Defend-the-Flag” challenge on the final course day you will be pitted against advanced adversaries in an attempt to keep your network secure. Can you protect the environment against the different waves of attacks? The adversaries aren’t slowing down, so what are you waiting for?