Blue teamer

Law & compliance module will cover UK laws and some laws from US, Australia and Russia including the problematic CLOUD act from US. NIS directive and GDPR will be covered too.

Networking basics module will cover TCP/IP suites of protocols, including the OSI and TCP/IP models, IPv4 and IPv4, and various protocols that exist on the TCP/IP stack, such as ARP, DNS, DHCP, SNMP, SMTP, FTP, TFTP, SSH, VoIP, etc. Participants will learn about the networking types, network topologies and network technologies. Additionally, cabling used to establish the interconnections between the network nodes, such as twisted pair, optical and coaxial, will be covered. This module concludes with networking devices, such as switches, routers, firewalls, IDS/IPS, etc., and software defined networking.

Securing networks module will emphasize the devices used to protect the network traffic and network itself, providing the participants with opportunity to acquire knowledge for configuring some of these components, such as routers and VLANS, Firewalls and Proxy servers, VPNs, IDS/IPS devices. In this module, the Dos/DDoS attacks will be discussed too, and participants will have the opportunity to try some of the DoS attacks against the infrastructure they will create during the lab part of the lectures.

Securing Windows OS and services module will first cover the basics of Windows command prompt, terminal, and PowerShell, and then the Windows powerful security features will be reviewed, such as core strategies for administrative privileges, like PAM/JEA/JIT (Privileged Access Management/Just Enough Administration/Just in Time Administration), Windows Defender credential guard, LAPS, AppLocker, BitLocker, etc. Participants will also learn about password policies, account lockout policies, baselines and OS hardening by using CIS benchmarks, Windows patch management, Windows file permission basics, passwords and password protection and attacks, MFA and SSO, biometrics, AD basics, AD attacks, and Kerberos. OS and application virtualization on Windows will be covered as well, such as Hyper-V and docker/docker for desktop and remote access RDP. This module concludes by focusing on how to secure the boot process with trusted boot, ELAM (Early Launch Anti-Malware), Measured boot and TPM 2.0 which is the prerequisite for the Windows 11. Labs will cover many of the above-mentioned technologies.

Securing Linux OS and services module covers the Bash basics, Linux boot process, Linux troubleshooting tools and Linux file permission basics including Linux ACLs. After this introduction, participants will learn about the Linux passwords, and Linux security features, such as AppArmor, SELinux, seccomp, cgroups and chroot. Next, Linux kernel firewall iptables will be reviewed, with some examples on how to use it during various troubleshooting steps. Participants will also learn about the Linux patching techniques, and how to harden Linux OS. Besides that, Linux OS and application virtualization will be reviewed, such as KVM, XEN, Citrix hypervisor, QEMU, and VMware ESXi (ESXi is NOT a Linux distribution as per VMware, even though it is using some of the same core commands). Within this module, docker will be further discussed. This module concludes by providing the introduction into the auditing and centralized logging like rsyslog, auditd, and 3rd party tools like ELK and Splunk, since these tools will be reviewed in more details during the 2nd week of the training.

Wi-Fi security module reviews the Wi-Fi protocols and security issues of each of the protocol. Additionally, participants will learn about mostly used attacks on Wi-Fi networks, and available security protections and tools. This module concludes by reviewing the enterprise Wi-Fi supported by RADIUS (Remote Access Dial-in User Service).

Cloud security module discusses the cloud basics. IT is important to understand that the cloud is evolving at the pace that cannot be followed by a normal computer user. Therefore, some “basic” cloud protection tools and services will be covered during this module, followed by the overview of the cloud basics and client/cloud service provider responsibilities. The big three (Amazon AWS, Microsoft Azure, and Google cloud) will be covered from the perspective of available tools and datacenter design, datacenter security, datacenter, and services compliance, on-prem to cloud migration security considerations and migration process itself for VMs, data, databases, and applications. Participants will also learn which tools exist to connect to the cloud securely, tools available to secure access to publicly facing resources, monitoring the cloud security, and additional security services. Theoretical part of this module concludes with the CSA (Cloud Security Alliance) and the options one has on hand to audit CSPs.
Labs are not provided directly in the class lab environment. Participants will use free and publicly available vendor labs during the training.

Network traffic and log analysis module introduces the tools one can use to capture and analyze the network traffic, such as Wireshark, tcpdump, network miner and zeek. It also introduces the various log types and defines the logs and their applicability in various processes including troubleshooting, system monitoring, incident handling, compliance and forensic analysis. Once, differentiation between local and centralized logging types is discussed, Windows, Linux, network devices and web server logs and tools will be covered.

SIEM and threat intelligence module will define the SIEM solutions and market leaders including paid versions like Splunk Enterprise, IBM QRadar, and Rapid7 InsightDR, and open source SIEM tools like OSSIM, ELK, SIEMonster, etc. Threat intelligence lifecycle and use cases and types will be defined in this module, including the IoC (Indicators of Compromise) and IoA (Indicators of Attack).

DFIR module will define both the Digital forensics and incident response, as the name suggests. Participants will have the opportunity to familiarize themselves with the NIST incident handling, ENISA incident management and MITRE ATT&CK frameworks. Participants will learn about the incident handling process, and about adversary TTPs (Tactics, Techniques and Procedures). Computer forensics lesson will cover computer forensics concepts such as the value of the digital evidence, how to create a bit-stream copy, how to approach the digital evidence during the incident and/or investigation, etc., data storage systems and concept, file systems, memory forensics, steganography, and malware forensics.

Self-study modules cover risk management and backup and BCDR. These modules will help participants to complete the 360-view into the world of cyber security and help them understand why it is so important to secure the systems and which systems to secure, how much money it makes sense to invest in the protections, etc. from the risk management point of view, while the backup and BCDR module will define the importance of creating disaster resilient system in order to support the business.

• Polaznicima pripada sertifikat o pohađanju kursa Blue teamer za ostvarenih minimalno 70% prisustva od ukupnog fonda časova.