| Cyber Security Training |
|
Cyber Security Analysis Our internally developed Cyber Security Analysis course is designed to prepare Cyber Security professionals to be able to react appropriately to network intrusions. The three part course will provide live analysis and instructor-led training to teach our students Live Memory Analysis, Digital Media Analysis, Network Intrusion Analysis and Malicious Code Analysis. Throughout this course, students will be instructed on the proper use of our Cyber Security methodology as well as learn through hands-on application of those tools, techniques and procedure. We believe that this combined approach to instruction and live analysis is required for students to receive the maximum knowledge and experience from course. With this in mind, our course is designed on a pass or repeat basis. There is no fail option, as all of the practical imaging, analysis and reporting must be completed for the student to continue to the next module. We feel this is important for both the student and employer, allowing the student to return to work with the skills and knowledge to handle incidents independently. The entire course is three weeks in length and is taught several times per calendar year. Students have the option of completing it in one complete block or breaking out the courses over the course of the year. While this course may be considered long, we have designed the course to maximize the students’ time and commitment to ensure every student receives the maximum amount of knowledge from this course. For students that spread out the courses, they must be taken in order, as the course materials and principals are designed as building blocks.
Cyber Security Analysis (CSA1) - This course is designed to teach the students Live Memory and Digital Media fundamentals from initial response to data acquisition to complete analysis. This course was designed to take necessary computer forensics investigation tools and techniques and apply them to the incident responder. The student will learn how to use, identify and capture Live Memory using licensed and open source tools. Additionally, the students will be instructed in how to acquire several types of digital media, to include: SATA drives, Solid States Drives, Cell and Smart phones, USB devices and memory cards. Once all media has been collected, the students will learn how to conduct searches for crucial intrusion information, identify logs, build a timeline, identify malicious code and create an incident report. Full analysis techniques will be taught using current versions of licensed Computer Forensics software, such as hashing, file analysis, data parsing, data recovery, signature analysis and scripting. Cyber Security Analysis 2 (CSA2) - Our Network Intrusion Analysis course is designed to apply the knowledge gained through the Live Memory and Digital Media analysis phases to network logs and pcap data. By using network security logs collected through IDPS, SIMs, Firewalls, etc., and correlating it with the information collect during the forensic analysis phase, you will be able to build a complete situation report of how the compromise occurred. This course will deal with analyzing many types of network security logs, enterprise OS server logs and pcap data. The student will be able to write a complete network intrusion report based on the network intrusion investigation and to include reporting on previously identified compromised systems. Cyber Security Analysis 3 (CSA3) - Any unknown binaries discovered during the network intrusion investigation will need to be analyzed completely in order to identify the capabilities, intent and methods of the malicious code as well as any attribution information. This course is designed provide extensive, deep analysis instruction on Malicious Code Analysis. Our curriculum will teach the students how to conduct immediate analysis of malcode samples using common unpacking, disassembly and decompiling tools. The focus of this course is to be able to identify, categorize and summarize Win32, PE and ELF binaries and then unpack, deobfuscate, decrypt the code samples for complete analysis. Techniques will be taught on how to quickly analyze code in order to remove strings, IP addresses and back channel communications in order to create immediate and actionable network defense signatures. |
