Real World Cyber Security Hands On Training #259008

Upon successful completion of this course, participants will be able to:

• Execute a structured penetration test, from reconnaissance and exploitation to post-exploitation and reporting.

• Identify, analyze, and contain live security incidents within a corporate network.

• Apply digital forensics techniques to acquire evidence and perform analysis on disk images and memory dumps.

• Configure and utilize essential security tools including SIEM, EDR, and firewalls for active defense.

• Analyze real-world malware samples to understand their functionality and extract indicators of compromise (IOCs).

• Develop and practice incident response procedures through a full-scale simulation.

This course is designed for individuals who need to develop practical, technical skills in cybersecurity operations.

• Aspiring Security Analysts (SOC Tier 1)

• System Administrators and Network Administrators looking to transition into security roles

• IT Professionals wanting to gain hands-on cybersecurity skills

• Junior Penetration Testers

• Computer Science/IT Students with a focus on security

• IT Managers who want to understand the technical challenges their teams face

Prerequisites: Basic understanding of networking (IP addresses, TCP/UDP, ports) and Windows/Linux operating systems. No prior security experience is required, but a strong technical curiosity is essential.

• Pre-assessment
• Live group instruction
• Use of real-world examples, case studies and exercises
• Interactive participation and discussion
• Power point presentation, LCD and flip chart
• Group activities and tests
• Each participant receives a binder containing a copy of the presentation
• slides and handouts
• Post-assessment

Day 1: The Attacker’s Playbook – Hands-On Penetration Testing

• Module 1: Passive & Active Reconnaissance

  • Hands-On: Using tools like whois, nslookup, and nmap to scout a target network.

• Module 2: Exploitation Fundamentals

  • Hands-On: Exploiting common vulnerabilities (e.g., in web apps, network services) to gain initial access.

• Module 3: Post-Exploitation & Pivoting

  • Hands-On: Maintaining access, escalating privileges, and moving laterally through the network.

• Lab 1: Capture-the-flag style exercise to compromise a target server.

Day 2: Defensive Operations – Monitoring and Detection

• Module 4: Introduction to SIEM & Log Analysis

  • Hands-On: Ingesting logs into a SIEM (e.g., Splunk, Elastic Stack) and writing basic correlation rules.

• Module 5: Endpoint Detection and Response (EDR)

  • Hands-On: Using an EDR tool to monitor processes, network connections, and detect malicious activity.

• Module 6: Network Security Monitoring

  • Hands-On: Analyzing PCAP files with Wireshark to identify malicious traffic and data exfiltration.

• Lab 2: Hunt for malicious activity based on SIEM alerts and PCAP analysis.

Day 3: Digital Forensics Fundamentals

• Module 7: Disk Forensics

  • Hands-On: Acquiring a disk image and analyzing it with Autopsy/FTK to find hidden files, timelining, and artifact recovery.

• Module 8: Memory Forensics

  • Hands-On: Using Volatility to analyze a memory dump for evidence of running malware, rootkits, and network connections.

• Module 9: Live System Triage

  • Hands-On: Using trusted tools to analyze a live, compromised system without altering evidence.

• Lab 3: Solve a forensic mystery by finding how a system was compromised and what data was stolen.

Day 4: Malware Analysis and Incident Response

• Module 10: Malware Analysis in a Sandbox

  • Hands-On: Safely executing malware samples in a contained environment and analyzing behavioral reports.

• Module 11: Static Analysis

  • Hands-On: Extracting strings, examining imports, and identifying basic packers without running the code.

• Module 12: The Incident Response Cycle

  • Lecture & Discussion: Walkthrough of NIST SP 800-61 (Preparation, Detection, Containment, Eradication, Recovery).

• Lab 4: Analyze a provided malware sample and produce a IOC report.

Day 5: Capstone Day – Full-Scale Incident Response Simulation

• The Scenario: A multi-stage attack is in progress. Participants are the emergency response team.

• Phase 1: Detection & Triage: Receive the initial alert and begin investigation using SIEM, EDR, and network tools.

• Phase 2: Containment & Eradication: Isolate affected systems, kill malicious processes, and remove attacker persistence.

• Phase 3: Recovery & Lessons Learned: Secure the environment, restore systems from clean backups, and write an incident report.

• Final Debrief: Teams present their findings, actions taken, and lessons learned from the simulation.