SANS SEC503: Network Monitoring and Threat Detection In-Depth PDF v2021


SANS SEC503: Network Monitoring and Threat Detection In-Depth PDF v2021
English | Size: 84.6 MB
Genre: eLearning

SEC503: Network Monitoring and Threat Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to confidently defend your network, whether traditional or cloud-based. You will learn about the underlying theory of TCP/IP and the most used application protocols so that you can intelligently examine network traffic to identify emerging threats, perform large-scale correlation for threat hunting, and reconstruct network attacks. 37 Hands-on Labs + Capstone Challenge

What You Will Learn
SEC503 is the most important course that you will take in your information security career. Past students describe it as the most difficult but most rewarding course they’ve ever taken. If you want to be able to perform effective threat hunting to find zero-day activities on your network before public disclosure, this is definitely the course for you. SEC503 is not for people looking to understand alerts generated by an out-of-the-box network monitoring tool; rather, it is for those who want to deeply understand what is happening on their network today, and who suspect that there are very serious things happening right now that none of their tools are telling them about. Check out the extensive course description below for a detailed run down of course content and don’t miss the free demo available by clicking the “Course Demo” button above!

What sets SEC503 apart from any other course in this space is that we take a bottom-up approach to teaching network monitoring and network forensics, which leads naturally to effective threat hunting. Rather than starting with a tool and teaching you how to use it in different situations, this course teaches you how and why TCP/IP protocols work the way they do. The first two sections present what we call “Packets as a Second Language”, then we move to presenting common application protocols and a general approach to researching and understanding new protocols. Throughout the discussion, direct application of this knowledge is made to identify both zero-day and known threats.

With this deep understanding of how network protocols work, we turn our attention to the most important and widely used automated threat detection and mitigation tools in the industry. You will you learn how to develop efficient detection capabilities with these tools, and you’ll come to understand what existing rules are doing and identify whether they are useful. The result is that you will leave this course with a clear understanding of how to instrument your network and perform detailed threat hunting, incident analysis, network forensics, and reconstruction.

What makes SEC503 as important as we believe it is (and students tell us it is) is that we force you to develop your critical thinking skills and apply them to these deep fundamentals. This results in a much deeper understanding of practically every security technology used today. Preserving the security of your network in today’s threat environment is more challenging than ever, especially as you migrate more and more services into the cloud. The security landscape is continually changing from what was once only perimeter protection to protecting exposed and mobile systems that are almost always connected and sometimes vulnerable.

Some of the specific technical knowledge and hands-on training in SEC503 covers the underlying theory of TCP/IP and the most used application protocols, such as DNS and HTTP, enabling you to intelligently examine network traffic for signs of compromise or zero-day threat. You will get plenty of practice learning to master a variety of tools, including tcpdump, Wireshark, Snort, Suricata, Zeek, tshark, SiLK, and NetFlow/IPFIX. Daily hands-on exercises suitable for all experience levels reinforce the course book material so that you can transfer knowledge to execution, and evening Bootcamp sessions force you to apply the theory learned during the day to real-world problems immediately. Basic exercises include assistive hints while advanced options provide a more challenging experience for students who may already know the material or who have quickly mastered new material.

SEC503 is most appropriate for students who monitor, defend, and conduct threat hunting on their network, including security analysts and those who work in Security Operations Centers, although red team members often tell us that the course also ups their game, especially when it comes to avoiding detection.

BUSINESS TAKEAWAYS:

This course will help your organization:

Avoid your organization becoming another front page headline
Augment detection in traditional, hybrid, and cloud network environments
Increase efficiency in threat modeling for network activities
Decrease attacker dwell time
You Will Learn:

How to analyze traffic traversing your site to avoid becoming another headline
How to identify zero-day threats for which no network monitoring tool has published signatures
How to place, customize, and tune your network monitoring for maximum detection
How to triage network alerts, especially during an incident
How to reconstruct events to determine what happened, when, and who did it
Hands-on detection, analysis, and network forensic investigation with a variety of tools
TCP/IP and common application protocols to gain insight about your network traffic, enabling you to distinguish normal from abnormal traffic
The benefits and problems inherent in using signature-based network monitoring tools
The power of behavioral network monitoring tools for enterprise-wide automated correlation, and how to use them effectively
How to perform effective threat modeling for network activities
How to translate threat modeling into detection capabilities for zero-day threats
How to use flow and hybrid traffic analysis frameworks to augment detection in traditional, hybrid, and cloud network environments
You Will Be Able To:

Configure and run Snort and Suricata
Create and write effective and efficient Snort, Suricata and FirePOWER rules
Configure and run open-source Zeek to provide a hybrid traffic analysis framework
Create automated threat hunting correlation scripts in Zeek
Understand TCP/IP component layers to identify normal and abnormal traffic for threat identification
Use traffic analysis tools to identify signs of a compromise or active threat
Perform network forensics to investigate traffic to identify TTPs and find active threats
Carve out files and other types of content from network traffic to reconstruct events
Create BPF filters to selectively examine a particular traffic trait at scale
Craft packets with Scapy
Use NetFlow/IPFIX tools to find network behavior anomalies and potential threats
Use your knowledge of network architecture and hardware to customize placement of network monitoring sensors and sniff traffic off the wire
The hands-on training in SEC503 is intended to be both approachable and challenging for beginners and seasoned veterans. There are two different approaches for each exercise. The first contains guidance and hints for those with less experience, and the second contains no guidance and is directed toward those with more experience. In addition, an optional extra credit question is available for each exercise for advanced students who want a particularly challenging brain teaser. A sampling of hands-on exercises includes the following:

Section 1: Hands-On: Introduction to Wireshark
Section 2: Hands-On: Writing tcpdump Filters
Section 3: Hands-On: Snort Rules
Section 4: Hands-On: IDS/IPS Evasion Theory
Section 5: Hands-On: Analysis of Three Separate Incident Scenarios

You Will Receive:

Electronic courseware with each course section’s material
Electronic workbook with hands-on exercises and questions
TCP/IP electronic cheat sheet
MP3 audio files of the complete course lecture

rapidgator.net/file/6dd7ae5131feec443b33718a4d41dd5e/SEC503_G01_01-2021.8.7.rar.html

nitroflare.com/view/49B427B9534E06A/SEC503_G01_01-2021.8.7.rar

Leave a Comment