#1 2020-09-13 21:53:22

From: France, La Garenne-Colombes
Registered: 2020-09-13
Posts: 1

Module 1 Introduction to Incident Handling

Masterclass:  Forensics  and Incident Handling with Paula Januszkiewicz.
Open  Virtual  Class – Super Intensive Remote Training with Labs.
August 24th – 28th, 2020 (9:00am – 4:00pm C EST Monday  to Friday).
Registration is Closed                                                                                                 Duration                      5 days                                                                                 Status                    Registration is closed                                                                                Format                   Virtual Class                                                                                           Duration        5 days                                                                  Status        Registration is closed                                                                  Format        Virtual Class                                                                                                                                                               OPEN VIRTUAL CLASS.
This is an international Open Virtual Class, which means you will share the learning e xperience  in a group of IT pros from around the world.
The class is taught in English by Paula Januszkiewicz, who is a world-renowned cybersecurity Expert, the founder of CQURE and CQURE Academy, and  Microsoft  Regional Director and MVP.
Remember that this course is limited to 12  participant s total to ensure the highest quality and unique learning experience.
During this course you will have an  opportunity  to interact with the instructor and get Paula’s help with any problems you might encounter, just as if it was a regular class.
Loads of  Knowledge  Forensics and Incident Handling are constantly evolving and crucial topics in the area of cybersecurity.
In order to stay on top of the attackers, the  knowledge  of Individuals and Teams responsible for collecting digital evidences and handling the incidents has to be constantly enhanced and updated.
This advanced training provides skills necessary to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible.
This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, important aspects of Windows internals, memory and storage analysis, detecting indicators of compromise and a proper way of reporting.
The course is limited to 12 participants, so reserve your spot today.
Intense exercises: This course is packed with unique labs exercises.
To get more practice we offer three extra weeks of labs online!After the training concludes, you may practice even more and repeat to consolidate newly gained skills and knowledge.
This course is ideal for: IT professionals, Forensics and Incident Handling Specialists, Security Consultants, Enterprise Administrators, Infrastructure Architects, Security Professionals, Systems Engineers, Network Administrators and other people responsible for implementing network and perimeter security.
Platform and Technical Requirements: To participate in the course you need a Stable internet connection.
For the best learning experience we also need you to have a webcam, headphones and a microphone.
Open RDP port 3391 for the connection to the Lab environment is needed as well.
We will setup a secure Zoom classroom for every day of the course – we will send you a safe link to join the conference by e-mail.
Certification: After finishing the course, you will be granted a CQURE Certificate of Completion.
Please note that after completing the course you will also be eligible to claim CPE points.
Tools, software and examples used during the course:    • Belkasoft RAM Capturer • StuxNet Memory Dump • Registry Explorer/RECmd • The Sleuth Kit® (TSK)   • Autopsy • DumpIt • DC3DD • Arsenal Image Mounter   • Reclaim Me • ReFS Images • SysInternals Toolkit • ShadowCopyView   • RegRipper • Rifiuti2 • Volatility • FullEventLogView   • EVTXtract • Loki IOC Scanner • Yara • LECmd   • LinkParser • PECmd • SkypeLogViewer • SQLiteBrowser   • NetWork Miner • Wireshark                                                                                                                         COURSE SYLLABUS.
Module 1    Introduction to Incident Handling.
a) Types and Examples of Cybersecurity Incidents.
b) Signs of an Incident.
c) Incident Prioritization.
d) Incident Response and Handling Steps.
e) Procedures and Preparation.

Module 2    Module 2: Securing Monitoring Operations

a) Industry Best Practices.
b) Detecting Malware via DNS logs.
c) Configuration Change Management.
d) Leveraging Proxy and Firewall Data.
e) Monitoring Critical Windows Events.

F) Detecting Malware via Windows Event Logs
Module 3    Module 3: Network Forensics and Monitoring

a) Types and approaches to network monitoring.
b) Network evidence acquisition.
c) Network protocols and Logs.
d) LAB: Detecting Data Thievery.
e) LAB: Detecting WebShells.
f) Gathering data from network security appliances.
g) Detecting intrusion patterns and attack indicators.
h) Data correlation.
i) Hunting malware in network traffic.
j) Encoding and Encryption.

Module 4    Module 4: Windows Internals

a) Introduction to Windows Internals b) Fooling Windows Task Manager  c) Processes and threads.
d) PID and TID.
e) Information gathering from the running operating system.
f) Obtaining Volatile Data.
g) A deep dive to Autoruns.
h) Effective permissions auditing.
i) PowerShell get NTFS permissions.
j) Obtaining permissions information with AccessChck.
k) Unnecessary and malicious services.
l) Detecting unnecessary services with PowerShell.

Module 5    Module 5: Memory Dumping and Analysis
A) Introduction to memory dumping and analysis

b) Creating memory dump – Belkasoft RAM Capturer and DumpIt.
c) Utilizing Volatility to analyze Windows memory image.
d) Analyzing Stuxnet memory dump with Volatility.
e) Automatic memory analysis with Volatile.

Module 6    Module 6: Indicators of compromise

a) Yara rules language.
b) Malware detonation.

C) Introduction to reverse engineering
Module 7    Module 7: Storage Acquisition and Analysis
A) Introduction to storage acquisition and analysis

b) Drive Acquisition.
c) Mounting Forensic Disk Images.

D) Introduction to NTFS File System

e) Windows File System Analysis.
f) Autopsy with other filesystems.
g) Building timelines.

Module 8    Module 8: Reporting – Digital Evidence

This module covers the restrictions and important details about digital evidence gathering.
Moreover, a proper structure of digital evidence report will be introduced.
Registration is Closed                               Click here to browse the modules:                                                                                                                                                YOUR TEACHER.
Paula Januszkiewicz.
Founder & CEO of CQURE.
The course is delivered by Paula Januszkiewicz, CEO of CQURE, a world-renowned expert in the cyber security field with practical knowledge from dozens of successful projects, years of real-world experience, great teaching skills, and no mercy for misconfigurations or insecure solutions.


Basketball Star Slot

Board footer

Powered by FluxBB