Cyber Security/Hacking
Cybersecurity Training Courses
Our vast cyber security training portfolio can help you and your team build fundamental to advanced cyber security techniques, prepare for top industry-recognized certifications or master product-specific skills.
Data breaches are happening at alarming rates. It’s no longer a question of if a breach will happen but when. Cyber security has changed from an IT only issue to an organisational problem that requires C-suite leadership to work with IT professionals to build a resilient workforce and implement new security policies and strategies.
Prepare to detect and contain system breaches with our broad range of product-specific cyber security training and industry-recognized certification prep courses. Hone your skills in key areas such as security awareness, secure coding, web security development and critical infrastructure risk management. From the start to finished, we have you covered with the training you need to manage critical infrastructure risks and meet Department of Defense security mandates.
COURSE OVERVIEW
A Certified Ethical Hacker (CEH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems. A Ethical Hacker uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. The security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment.
This ethical hacking course puts you in the driver’s seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be taught the five phases of ethical hacking and the ways to approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.
The Certified Ethical Hacker course is regularly updated to ensure you are aware of the latest tools and techniques used by hackers and information security professionals. .
A Pearson Vue exam voucher is included, although you will need to schedule the exam at a Pearson Vue testing faclity. An additional 6 months access to the CEHv8 (iLabs) is provided once you have completed the course.
DEFINITION:
A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in systems and uses the same information and tools as a hacker does. The code for the CEH exam is 312-50 and the certification is in Version 8.
COURSES OFFERED:
- Foot-printing and reconnaissance
- Process of Hacking web servers and wireless networks
- Cryptography
- Penetration testing
- Social engineering
- Trojans, viruses, and worms
- Evading IDS, firewalls, and honeypots
- Enumeration
- Buffer overflows
DETAILS OF CEH:
- CEH exam is a relative to the IT certification industry, more specifically its new version but its significance and influence have grown very quickly.
- The exam was the first certification to bring the dark side of IT industry into the limelight which was provided by the International Council of E-Commerce Consultants( EC-Council),
- Before it, there was no certification that focused on the methods and tools used by hackers to penetrate computer systems & information.
- The CEH exam focuses on how hackers find and exploit vulnerabilities of a system. It provides a glimpse into the underworld of IT network security.
- The subject matter tested in the exam includes everything from the tools of the trade to ethics.
CAREER OPPORTUNITIES:
- CEH certification make you capable of wide range of other jobs in IT in addition to requirement of penetration tester.
- CEH significantly helps IT professionals who are seeking a position in the public sector. Various changes have made to many of government bodies which mandates that employees in specific job roles meet certification requirements of those roles.
- CEH certification fills requirement for Computer Network Defense workers. As well as for civilians and contractors hoping to land IT positions in government, CEH certification is a vital characteristic to have.
- CEH certification covers vivid requirements for Computer Network Defense (CND) Analyst, CND Infrastructure Support, CND Incident Responder etc.
ELIGIBILITY CRITERIA:
In order to be eligible to attempt EC-Council CEH v8or ECSA v4 certification exams, candidate may choose to :-
Attend Official Training:
If any candidate attends an official instructor-led training (ILT), computer-based training (CBT), online live training, or academic learning, candidate is eligible to attempt the relevant EC-Council exam.
Attempt Exam without Official Training:
In order to be considered for the EC-Council certification exam without attending official training, aspirant:
- Must have at least experience of two years in information security.
- Educational Background with specialization in information network & security.
- Submit a completed copy of Exam Eligibility Application Form.
COURSE OVERVIEW
A Certified Ethical Hacker (CEH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems. A Ethical Hacker uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. The security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment.
This ethical hacking course puts you in the driver’s seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be taught the five phases of ethical hacking and the ways to approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.
The Certified Ethical Hacker course is regularly updated to ensure you are aware of the latest tools and techniques used by hackers and information security professionals. .
A Pearson Vue exam voucher is included, although you will need to schedule the exam at a Pearson Vue testing faclity. An additional 6 months access to the CEHv8 (iLabs) is provided once you have completed the course.
4 Hours Daily 3 Times a Week
Total Duration 6 Weeks
SKY610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
If you want to be a serious DFIR expert and look like a wizard, know memeory forensics.
High valuable content that has immediately boosted my skills. The day 6 CTF was awesome.
Learn to turn malware inside out! This popular course explores malware analysis tools and techniques in depth. SKY610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.
Understanding the capabilities of malware is critical to an organization's ability to derive threat intelligence, respond to information security incidents, and fortify defenses. This course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and many other freely available tools.
The course begins by establishing the foundation for analyzing malware in a way that dramatically expands upon the findings of automated analysis tools. You will learn how to set up a flexible laboratory to examine the inner workings of malicious software, and how to use the lab to uncover characteristics of real-world malware samples. You will also learn how to redirect and intercept network traffic in the lab to explore the specimen's capabilities by interacting with the malicious program.
The course continues by discussing essential assembly language concepts relevant to reverse engineering. You will learn to examine malicious code with the help of a disassembler and a debugger in order to understand its key components and execution flow. In addition, you will learn to identify common malware characteristics by looking at suspicious Windows API patterns employed by malicious programs.
Next, you will dive into the world of malware that thrives in the web ecosystem, exploring methods for assessing suspicious websites and de-obfuscating malicious JavaScript to understand the nature of the attack. You will also learn how to analyze malicious Microsoft Office, RTF, and PDF files. Such documents act as a common infection vector as a part of mainstream and targeted attacks. You will also learn how to examine "file-less" malware and malicious PowerShell scripts.
Malware is often obfuscated to hinder analysis efforts, so the course will equip you with the skills to unpack executable files. You will learn how to dump such programs from memory with the help of a debugger and additional specialized tools, and how to rebuild the files' structure to bypass the packer's protection. You will also learn how to examine malware that exhibits rootkit functionality to conceal its presence on the system, employing code analysis and memory forensics approaches to examining these characteristics.
SKY610 malware analysis training also teaches how to handle malicious software that attempts to safeguard itself from analysis. You will learn how to recognize and bypass common self-defensive measures, including code injection, sandbox evasion, flow misdirection, and other measures.
The course culminates with a series of Capture-the-Flag challenges designed to reinforce the techniques learned in class and provide additional opportunities to learn practical, hands-on malware analysis skills in a fun setting.
Hands-on workshop exercises are a critical aspect of this course. They enable you to apply malware analysis techniques by examining malicious software in a controlled and systemic manner. When performing the exercises, you will study the supplied specimens' behavioral patterns and examine key portions of their code. To support these activities, you will receive pre-built Windows and Linux virtual machines that include tools for examining and interacting with malware.
In summary, SKY610 malware analysis training will teach you how to:
- Build an isolated, controlled laboratory environment for analyzing the code and behavior of malicious programs
- Employ network and system-monitoring tools to examine how malware interacts with the file system, registry, network, and other processes in a Windows environment
- Uncover and analyze malicious JavaScript and other components of web pages, which are often used by exploit kits for drive-by attacks
- Control relevant aspects of the malicious program's behavior through network traffic interception and code patching to perform effective malware analysis
- Use a disassembler and a debugger to examine the inner workings of malicious Windows executables
- Bypass a variety of packers and other defensive mechanisms designed by malware authors to misdirect, confuse, and otherwise slow down the analyst
- Recognize and understand common assembly-level patterns in malicious code, such as code L injection, API hooking, and anti-analysis measures
- Assess the threat associated with malicious documents, such as PDF and Microsoft Office files
- Derive Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts.
Notice:
Please plan to arrive 30 minutes early on Day 2 for lab preparation and set-up.
Course Syllabus
SKY610.1: Malware Analysis Fundamentals
Overview
Section 1 lays the groundwork for malware analysis by presenting the key tools and techniques useful for examining malicious programs. You will learn how to save time by exploring Windows malware in several phases. Static properties analysis examines meta data and other file attributes to perform triage and determine the next course of action. Behavioral analysis focuses on the program's interactions with its environment, such as the registry, file system, and network. Code analysis focuses on the specimen's inner workings and makes use of debugging tools such as x64bg. You will learn how to set up and utilize a flexible laboratory to perform such an analysis in a controlled manner, becoming familiar with the supplied Windows and Linux (REMnux) virtual machines. You will then learn how to use the key analysis tools by examining a malware sample in your lab-with guidance and explanations from the instructor-to reinforce the concepts discussed throughout the day.
The tools introduced in this section include pestr, peframe, PeStudio, Process Hacker, Process Monitor, Regshot, ProcDOT, x64dbg, API Monitor, and INetSim.
CPE/CMU Credits: 6
Topics
- Assembling a toolkit for effective malware analysis
- Examining static properties of suspicious programs
- Performing behavioral analysis of malicious Windows executables
- Performing static and dynamic code analysis of malicious Windows executables
- Interacting with malware in a lab to derive additional behavioral characteristics
SKY610.2: Reversing Malicious Code
Overview
Section 2 focuses on examining malicious Windows executables at the assembly level. You will discover approaches for studying the innards of a specimen by looking at it through a disassembler. The section begins with an overview of key code-reversing concepts and presents a primer on essential x86 Intel assembly concepts, such as instructions, function calls, variables and jumps. You will also learn how to examine common assembly constructs such as functions, loops, and conditional statements. The material will then build on this foundation and expand your understanding to incorporate 64-bit malware, given its growing popularity. Throughout the discussion, you will learn to recognize common characteristics at a code level, including HTTP command and control, keylogging, and command execution.
This section discusses the concepts outlined above while also walking students through the key capabilities of IDA Pro for performing static code analysis.
CPE/CMU Credits: 6
Topics
- Understanding core x86 assembly concepts to perform malicious code analysis
- Identifying key assembly logic structures with a disassembler
- Following program control flow to understand decision points during execution
- Recognizing common malware characteristics at the Windows API level (registry manipulation, keylogging, HTTP communications, droppers)
- Extending assembly knowledge to include x64 code analysis
SKY610.3: Malicious Web and Document Files
Overview
Section 3 focuses on examining malicious web pages and documents, which adversaries can use to directly perform malicious actions on the infected system and launch attacks that lead to the installation of malicious executable files. The section begins by discussing how to examine suspicious websites that might host client-side exploits. Next, you will learn how to de-obfuscate malicious scripts with the help of script debuggers and interpreters, examine Microsoft Office macros, and assess the threats associated with PDF and RTF files using several techniques.
The tools introduced in this section include Fiddler, SpiderMonkey, box-js, base64dump.py, pdf-parser.py, peepdf.py, scdbg, olevba.py, oledump.py, rtfdump.py, and jmp2it.
CPE/CMU Credits: 6
Topics
- Interacting with malicious websites to assess the nature of their threats
- De-obfuscating malicious JavaScript using debuggers and interpreters
- Analyzing suspicious PDF files
- Examining malicious Microsoft Office documents, including files with macros
- Analyzing malicious RTF document files
SKY610.4: In-Depth Malware Analysis
Overview
Section 4 builds on the approaches to behavioral and code analysis introduced earlier in the course, exploring techniques for uncovering additional aspects of the functionality of malicious programs. The section begins by discussing how to handle packed malware. We will examine ways to identify packers and strip away their protection with the help of a debugger and other utilities. We will also walk through the analysis of malware that employs multiple technologies to conceal its true nature, including the use of registry, obfuscated JavaScript and PowerShell scripts, and shellcode. Finally, we will learn how malware implements Usermode rootkit functionality to perform code injection and API hooking, examining this functionality from both code and memory forensics perspectives.
The tools introduced in this section include Detect It Easy, Exeinfo Pe, Bytehist, CFF Explorer, Scylla, OllyDumpEx, ands Volatility.
CPE/CMU Credits: 6
Topics
- Recognizing packed malware
- Getting started with unpacking
- Using debuggers for dumping packed malware from memory
- Analyzing multi-technology and file-less malware
- Code injection and API hooking
- Using memory forensics for malware analysis
SKY610.5: Examining Self-Defending Malware
Overview
Section 5 takes a close look at the techniques malware authors commonly employ to protect malicious software from being examined. You will learn how to recognize and bypass anti-analysis measures designed to slow you down or misdirect you. In the process, you will gain more experience performing static and dynamic analysis of malware that is able to unpack or inject itself into other processes. You will also expand your understanding of how malware authors safeguard the data that they embed inside malicious executables. As with the other topics covered throughout the course, you will be able to experiment with such techniques during hands-on exercises.
This section brings together many of the tools covered earlier in the course, including IDA Pro and x64dbg/x32dbg. It also introduces FLOSS, bbcrack.py, ScyllaHide, and pe_unmapper, among others.
CPE/CMU Credits: 6
Topics
- How malware detects debuggers and protects embedded data
- Unpacking malicious software that employs process hollowing
- Bypassing the attempts by malware to detect and evade the analysis toolkit
- Handling code misdirection techniques, including SEH and TLS Callbacks
- Unpacking malicious executable by anticipating the packer's actions
SKY610.6: Malware Analysis Tournament
Overview
Section 6 assigns students to the role of a malware analyst working as a member of an incident response or forensics team. Students are presented with a variety of hands-on challenges involving real-world malware in the context of a fun tournament. These challenges further a student's ability to respond to typical malware analysis tasks in an instructor-led lab environment and offer additional learning opportunities. Moreover, the challenges are designed to reinforce skills covered in the first five sections of the course, making use of the popular SkyWatch NetWars educational platform. By applying the techniques learned earlier in the course, students consolidate their knowledge and shore up skill areas where they feel they need additional practice. Students who score the highest in the malware analysis challenge will be awarded the coveted.
CPE/CMU Credits: 6
Topics
- Behavioral malware analysis
- Dynamic malware analysis (using a debugger)
- Static malware analysis (using a disassembler)
- JavaScript de-obfuscation
- PDF document analysis
- Office document analysis
- Memory analysis
Additional Information
Laptop Required
A properly configured system is required to fully participate in this course. These requirements are the mandatory minimums. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, you must arrive to class with a system meeting all the requirements specified below.
This is common sense, but we will say it anyway: Back up your system before class. Better yet, do not have any sensitive data stored on the system. SANS can't responsible for your system or data.
MANDATORY SKY610 SYSTEM HARDWARE REQUIREMENTS:
- CPU: 64-bit Intel i5/i7 (4th generation+) - x64 bit 2.0+ GHz processor or more recent processor is mandatory for this class. Important - Please Read: a 64-bit system processor is mandatory.
- It is critical that your CPU and operating system support 64-bit so that our 64-bit guest virtual machines will run on your laptop. VMware provides a free tool for Windows that will detect whether or not your host supports 64-bit guest virtual machines. For further troubleshooting, this article also provides good instructions for Windows users to determine more about the CPU and OS capabilities. For Macs, please use this support page from Apple to determine 64-bit capability.
- BIOS settings must be set to enable virtualization technology, such as "Intel-VT". Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary. Test it before class!
- 16 GB (Gigabytes) of RAM or higher is mandatory for this class Important - Please Read: 16 GB of RAM or higher of RAM is mandatory and minimum.
- USB 3.0 Type-A port is required. At least one open and working USB 3.0 Type-A port is required. Therefore, a Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices - test your system with a USB drive before class to ensure you can load the course data.
- 200 Gigabytes of Free Space on your System Hard Drive. Free Space on Hard Drive is critical to host the VMs we distribute.
- Local Administrator access is required. This is absolutely required. Don't let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
- Wi-Fi 802.11 capability is mandatory. You'll need to connect to an in-class Wi-Fi network when participating in this course at a life event. Without working Wi-Fi, you'll be unable to participating in important aspects of the course.
MANDATORY SKY610 HOST CONFIGURATION AND SOFTWARE REQUIREMENTS:
- Host Operating System: Your system must be running either Windows 10 Pro, Linux or macOS 10.14 or later that also can install and run VMware virtualization products described below.
- It is necessary to fully update your host operating system prior to the class to ensure you have the right drivers and patches installed to utilize the latest USB 3.0 devices.
- Those who use a Linux host must also be able to access exFAT partitions using the appropriate kernel or FUSE modules.
- Download and install 7-Zip (for Windows Hosts) or Keka (macOS). Without these extraction tools, you'll be unable to extract large archives we'll supply to you in class.
INSTALL VMWARE "PRO" SOFTWARE:
- Download and install VMware Workstation 15.5 Pro, VMware Fusion 11.5 Pro or higher versions before class. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website.
- You must get the versions of the products that have "Pro" in their name. he free non-Pro versions of these products (e.g., VMware Workstation Player) are not sufficient for this course because they do not support snapshot functionality, which we will need to use.
- Other virtualization software, such as VirtualBox and Hyper-V, are not appropriate because of compatibility and troubleshooting problems you might encounter during class.
- VMware Workstation Pro on Windows 10 is not compatible with Windows 10 Credential Guard and Device Guard technologies. Please disable these capabilities for the duration of the class, if they're enabled on your system, by following instructions from VMware.
If you have additional questions about the laptop specifications, please contact us.
Who Should Attend
SKY610 acts as a practical on-ramp into the world of malware analysis. It is useful both for individuals looking to enter this exciting field, as well as for those who seek to formalize and expand their skills in this area. Attendees who have found this course especially useful often have responsibilities in the areas of incident response, forensic investigation, information security, threat intelligence, and threat hunting. Course participants have included:
- Individuals who have dealt with incidents involving malware and wanted to learn how to understand key aspects of malicious programs.
- Technologists who have informally experimented with aspects of malware analysis prior to the course and were looking to formalize and expand their expertise in this area.
- Forensic investigators and security practitioners looking to expand their skillsets and learn how to play a pivotal role in the incident response process.
- Security Analyst
- Security Architect
- Security Engineer
- Security Consultant
- Security Systems Administrator
- Network Security Engineer/ Analyst
- Risk/ Vulnerability Analyst
- Computer Forensic Analyst
- Computer Network Defender
- Computer Network Defense Analyst
- Web Application Security Engineer
- Forensic Analyst
- Digital Forensic Examiner
The course begins by covering malware analysis at an introductory level, then quickly progresses to discussing tools and techniques of intermediate complexity. Neither programming experience nor knowledge of assembly is required to benefit from the course. However, you should have a general idea about core programming concepts such as variables, loops, and functions, so you can quickly grasp the relevant concepts in this area. The course spends some time discussing essential aspects of the assembly language, allowing malware analysts to navigate through malicious executables using a disassembler and a debugger.
Prerequisites
SKY610 attendees should:
- Have a computer system that matches the stated laptop requirements; some software needs to be installed before students come to class.
- Be familiar with using Windows and Linux operating environments and be able to troubleshoot general OS connectivity and setup issues.
- Be familiar with VMware and be able to import and configure virtual machines.
- Have a general idea about core programming concepts such as variables, loops, and functions in order to quickly grasp the relevant concepts in this area; however, no programming experience is necessary.
Why Take This Course?
Why Choose Our Course?
The malware analysis process taught in SKY610 helps incident responders and other security professionals assess the severity and repercussions of a situation that involves malicious software so that they can plan recovery steps. Forensics investigators also learn about the key characteristics of malware discovered during the examination, including how to establish Indicators of Compromise and obtain other threat intelligence details for analyzing, scoping, and containing the incident.
What threat does the malicious or suspicious program pose? What do its mechanics reveal about the adversary's goals and capabilities? How effective are the company's security controls against such infections? What security measures can strengthen the organization's infrastructure from future attacks of this nature? This course teaches the skills necessary to answer these and other questions critical to an organization's ability to handle malware threats and related incidents.
What You Will Receive
When attending SKY610, you will receive a USB key-based toolkit packed with helpful malware analysis tools. You will use them to perform exercises in class, and you can also use them later to interrogate suspicious files when you return to your job. The tools have been preinstalled and configured for your convenience into two virtual machines that you will receive in the course toolkit:
- A Windows REM Workstation virtual machine with preinstalled analysis tools, along with the corresponding Microsoft Windows license.
- A REMnux virtual machine set up to run the lightweight Linux distribution used by many malware analysts world-wide.
The toolkit also includes many real-world malware samples that you will examine during the course when performing hands-on lab exercises, as well as MP3 audio files of the complete course lectures.
You will also receive printed training materials with detailed explanations and illustrations of the concepts, tools, and techniques covered in the course. The materials include a workbook that provides detailed, step-by-step instructions for all the hands-on lab exercises performed in the course to facilitate the learning experience.
Program Summary
DURATION
5 Days
On Demand
Certified Network Defender Certification
The Certified Network Defender (CND) certification program focuses on creating Network Administrators who are trained on protecting, detecting and responding to the threats on the network. Network administrators are usually familiar with network components, traffic, performance and utilization, network topology, location of each system, security policy, etc. A CND will get the fundamental understanding of the true construct of data transfer, network technologies, software technologies so that the they understand how networks operate, understand what software is automating and how to analyze the subject material. In addition, network defense fundamentals, the application of network security controls, protocols, perimeter appliances, secure IDS, VPN and firewall configuration, intricacies of network traffic signature, analysis and vulnerability scanning are also covered which will help the Network Administrator design greater network security policies and successful incident response plans..
CND is a skills-based, lab intensive program based on a job-task analysis and cybersecurity education framework presented by the SkyWatch Technology Institute.
TARGET AUDIENCE
- Network Administrators
- Network security Administrators
- Network Security Engineer
- Network Defense Technicians
- CND Analyst
- Security Analyst
- Security Operator
- Anyone who involves in network operations
The purpose of the CND credential is to:
Validate the skills that will help the Network Administrators foster resiliency and continuity of operations during attacks.
About the Exam
- Number of Questions: 100
- Test Duration: 4 Hours
- Test Format: Multiple Choice
- Test Delivery: ECC EXAM
- Exam Prefix: 312-38 (ECC EXAM)
Passing Score
In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 85%.
CERTIFIED NETWORK DEFENDER PROGRAM
Organizational focus on cyber defense is more important than ever as cyber breaches have a far greater financial impact and can cause broad reputational damage.
Despite best efforts to prevent breaches, many organizations are still being compromised. Therefore organizations must have, as part of their defense mechanisms, trained network engineers who are focused on protecting, detecting, and responding to the threats on their networks.
Network administrators spends a lot of time with network environments, and are familiar with network components, traffic, performance and utilization, network topology, location of each system, security policy, etc.
So, organizations can be much better in defending themselves from vicious attacks if the IT and network administrators equipped with adequate network security skills .Thus Network administrator can play a significant role in network defense and become first line of defense for any organizations.
There is no proper tactical network security training that is made available for network administrators which provides them core network security skills.
Students enrolled in the Certified Network Defender course, will gain a detailed understanding and hands on ability to function in real life situations involving network defense. They will gain the technical depth required to actively design a secure network in your organization. This program will be akin to learning math instead of just using a calculator. This course gives you the fundamental understanding of the true construct of data transfer, network technologies, software technologies so that you understand how networks operate, understand what software is automating and how to analyze the subject material.
You will learn how to protect, detect and respond to the network attacks. You will learn network defense fundamentals, the application of network security controls, protocols, perimeter appliances, secure IDS, VPN and firewall configuration. You will then learn the intricacies of network traffic signature, analysis and vulnerability scanning which will help you when you design greater network security policies and successful incident response plans. These skills will help you foster resiliency and continuity of operations during attacks.
Price Includes International Curriculum Courseware And Very Active Real-Time Labs.
2 Hours Daily 3 Times a Week
Total Duration 4 Months
Prerequisites
- CompTIA N+ certification knowledge
- CompTIA A+ certification knowledge
- Linux Administrator certification knowledge
- MCSA: Windows Server 2012 R2 Certification
- CCNA V3
COURSE OVERVIEW
As organisations scramble to protect themselves and their customers against privacy or security breaches, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organisations seeking protection, and ever more lucrative for those who possess these skills. In this course, you will be introduced to general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company.
The CompTIA PenTest+ certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers.
CompTIA PenTest+ joins CompTIA Cybersecurity Analyst (CySA+) at the intermediate-skills level of the cybersecurity career pathway as shown below. Depending on your course of study, PenTest+ and CySA+ can be taken in any order but typically follows the skills learned in Security+. While CySA+ focuses on defense through incident detection and response, PenTest+ focuses on offense through penetration testing and vulnerability assessment.
Although the two exams teach opposing skills, they are dependent on one another. The most qualified cybersecurity professionals have both offensive and defensive skills. Earn the PenTest+ certification to grow your career within the CompTIA recommended cybersecurity career pathway.
Recommended Courses and Certification:
- Career Enabler™ - Linux Administrator
- Career Enabler™ : CISCO (Network & Security)
- CompTIA Security+
- Linux+
- RHCE
- Server+
COURSE OVERVIEW
A Certified Ethical Hacker (CEH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems. A Ethical Hacker uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. The security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment.
This ethical hacking course puts you in the driver’s seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be taught the five phases of ethical hacking and the ways to approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.
The Certified Ethical Hacker course is regularly updated to ensure you are aware of the latest tools and techniques used by hackers and information security professionals. .
A Pearson Vue exam voucher is included, although you will need to schedule the exam at a Pearson Vue testing faclity. An additional 6 months access to the CEHv10 (iLabs) is provided once you have completed the course.
3 Hours Daily 3 Times a Week
Total Duration 4 Months
TARGET AUDIENCE
The CompTIA Cybersecurity Analyst (CySA+) examination is designed for IT security analysts, vulnerability analysts, or threat intelligence analysts. The exam will certify that the successful candidate has the knowledge and skills required to configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organization with the end goal of securing and protecting applications and systems within an organization.
COURSE OBJECTIVES
The CompTIA CySA+ certification is a vendor-neutral credential. The CompTIA CySA+ exam (Exam CS0-001) is an internationally targeted validation of intermediate-level security skills and knowledge. The course has a technical, “hands-on” focus on IT security analytics.
The CompTIA CySA+ exam is based on these objectives:
Threat Management
Vulnerability Management
- Cyber Incident Response
- Security Architecture and Tool Sets
COURSE CONTENT
- 1. Threat Management
- Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes
- Procedures/common tasks:
- Topology discovery
- OS fingerprinting
- Service discovery
- Packet capture
- Log review
- Router/firewall ACLs review
- Email harvesting
- Social media profiling
- Social engineering
- DNS harvesting
- Phishing
- Variables:
- Wireless vs. wired
- Virtual vs. physical
- Internal vs. external
- On-premises vs. cloud
- Tools:
- NMAP
- Host scanning
- Network mapping
- NETSTAT
- Packet analyzer
- IDS/IPS
- HIDS/NIDS
- Firewall rule-based and logs
- Syslog
- Vulnerability scanner
- Given a scenario, analyze the results of a network reconnaissance
- Point-in-time data analysis:
- Packet analysis
- Protocol analysis
- Traffic analysis
- Netflow analysis
- Wireless analysis
- Data correlation and analytics:
- Anomaly analysis
- Trend analysis
- Availability analysis
- Heuristic analysis
- Behavioral analysis
- Data output:
- Firewall logs
- Packet captures
- NMAP scan results
- Event logs
- Syslogs
- IDS report
- Tools:
- SIEM
- Packet analyzer
- IDS
- Resource monitoring tool
- Netflow analyzer
- Given a network-based threat, implement or recommend the appropriate response and countermeasure
- Network segmentation:
- System isolation
- Jump box
- Honeypot
- Endpoint security
- Group policies
- ACLs:
- Sinkhole
- Hardening:
- Mandatory Access Control (MAC)
- Compensating controls
- Blocking unused ports/services
- Patching
- Network Access Control (NAC):
- Time-based
- Rule-based
- Role-based
- Location-based
- Explain the purpose of practices used to secure a corporate environment
- Penetration testing:
- Rules of engagement
- Reverse engineering:
- Isolation/sandboxing
- Hardware
- Software/malware
- Training and exercises:
- Red team
- Blue team
- White team
- Risk evaluation:
- Technical control review
- Operational control review
- Technical impact and likelihood
- 2. Vulnerability Management
- Given a scenario, implement an information security vulnerability management process
- Identification of requirements:
- Regulatory environments
- Corporate policy
- Data classification
- Asset inventory
- Establish scanning frequency:
- Risk appetite
- Regulatory requirements
- Technical constraints
- Workflow
- Configure tools to perform scans according to specification:
- Determine scanning criteria
- Tool updates/plug-ins
- Permissions and access
- Execute scanning
- Generate reports:
- Automated vs. manual distribution
- Remediation:
- Prioritizing
- Communication/change control
- Sandboxing/testing
- Inhibitors to remediation
- Ongoing scanning and continuous monitoring
- Given a scenario, analyze the output resulting from a vulnerability scan
- Analyze reports from a vulnerability scan:
- Review and interpret scan results
- Validate results and correlate other data points
- Compare to best practices or compliance
- Reconcile results
- Review related logs and/or other data sources
- Determine trends
- Compare and contrast common vulnerabilities found in the following targets within an organization
- Servers
- Endpoints
- Network infrastructure
- Network appliances
- Virtual infrastructure:
- Virtual hosts
- Virtual networks
- Management interface
- Mobile devices
- Interconnected networks
- Virtual private networks (VPNs)
- Industrial Control Systems (ICSs)
- SCADA devices
- 3. Cyber Incident Response
- Given a scenario, distinguish threat data or behavior to determine the impact of an incident
- Threat classification:
- Known threats vs. unknown threats
- Zero day
- Advanced persistent threat
- Factors contributing to incident severity and prioritization:
- Scope of impact
- Types of data
- Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation
- Forensics kit:
- Digital forensics workstation
- Write blockers
- Cables
- Drive adapters
- Wiped removable media
- Cameras
- Crime tape
- Tamper-proof seals
- Documentation/forms
- Forensic investigation suite:
- Imaging utilities
- Analysis utilities
- Chain of custody
- Hashing utilities
- OS and process analysis
- Mobile device forensics
- Password crackers
- Cryptography tools
- Log viewers
- Explain the importance of communication during the incident response process
- Stakeholders:
- HR
- Legal
- Marketing
- Management
- Purpose of communication processes:
- Limit communication to trusted parties
- Disclosure based on regulatory/legislative requirements
- Prevent inadvertent release of information
- Secure method of communication
- Role-based responsibilities:
- Technical
- Management
- Law enforcement
- Retain incident response provider
- Given a scenario, analyze common symptoms to select the best course of action to support incident response
- Common network-related symptoms:
- Bandwidth consumption
- Beaconing
- Irregular peer-to-peer communication
- Rogue devices on the network
- Scan sweeps
- Unusual traffic spikes
- Common host-related symptoms:
- Processor consumption
- Memory consumption
- Drive capacity consumption
- Unauthorized software
- Malicious processes
- Unauthorized changes
- Unauthorized privileges
- Data exfiltration
- Common application-related symptoms:
- Anomalous activity
- Introduction of new accounts
- Unexpected output
- Unexpected outbound communication
- Service interruption
- Memory overflows
- Summarize the incident recovery and post-incident response process
- Containment techniques:
- Segmentation
- Isolation
- Removal
- Reverse engineering
- Eradication techniques:
- Sanitization
- Reconstruction/reimage
- Secure disposal
- Validation:
- Patching
- Permissions
- Scanning
- Verify logging/communication to security monitoring
- Corrective actions:
- Lessons learned report
- Change control process
- Update incident response plan
- Incident summary report
- 4. Security Architecture and Tool Sets
- Explain the relationship between frameworks, common policies, controls, and procedures
- Regulatory compliance
- Frameworks:
- NIST
- ISO
- COBIT
- SABSA
- TOGAF
- ITIL
- Policies:
- Password policy
- Acceptable use policy
- Data ownership policy
- Data retention policy
- Account management policy
- Data classification policy
- Controls:
- Control selection based on criteria
- Organizationally defined parameters
- Physical controls
- Logical controls
- Administrative controls
- Procedures:
- Continuous monitoring
- Evidence production
- Patching
- Compensating control development
- Control testing procedures
- Manage exceptions
- Remediation plans
- Verifications and quality control:
- Audits
- Evaluations
- Assessments
- Maturity model
- Certification
- Given a scenario, use data to recommend remediation of security issues related to identity and access management
- Security issues associated with context-based authentication:
- Time
- Location
- Frequency
- Behavioral
- Security issues associated with identities:
- Personnel
- Endpoints
- Servers
- Services
- Roles
- Applications
- Security issues associated with identity repositories:
- Directory services
- TACACS+
- RADIUS
- Security issues associated with federation and single sign-on:
- Manual vs. automatic provisioning/deprovisioning
- Self-service password reset
- Exploits:
- Impersonation
- Man-in-the-middle
- Session hijack
- Cross-site scripting
- Privilege escalation
- Rootkit
- Given ascenario, review security architecture and make recommendations to implement compensating controls
- Security data analytics:
- Data aggregation and correlation
- Trend analysis
- Historical analysis
- Manual review:
- Firewall log
- Syslogs
- Authentication logs
- Event logs
- Defense in depth:
- Personnel
- Processes
- Technologies
- Other security concepts
- Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC)
- Best practices during software development:
- Security requirements definition
- Security testing phases
- Manual peer reviews
- User acceptance testing
- Stress test application
- Security regression testing
- Input validation
- Secure coding best practices:
- OWASP
- SANS
- Center for Internet Security
- Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies
- Preventative:
- IPS
- HIPS
- Firewall
- Antivirus
- Anti-malware
- EMET
- Web proxy
- Web Application Firewall (WAF)
- Collective:
- SIEM
- Network scanning
- Vulnerability scanning
- Packet capture
- Command line/IP utilities
- IDS/HIDS
- Analytical:
- Vulnerability scanning
- Monitoring tools
- Interception proxy
- Exploit:
- Interception proxy
- Exploit framework
- Fuzzers
- Forensics:
- Forensic suites
- Hashing
- Password cracking
- Imaging
COURSE PREREQUISITES
While there is no required prerequisite, the CompTIA CySA+ certification is intended to follow CompTIA Security+ or equivalent experience. It is recommended for CompTIA CySA+ certification candidates to have the following:
- 3-4 years of hands-on information security or related experience
- Network+, Security+, or equivalent knowledge
2 Hours Daily 3 Times a Week
Total Duration 4 Months
CERTIFIED INFORMATION SECURITY MANAGER(CISM)
Course Overview
In this course, students will establish processes to ensure that information security measures align with established business needs.
Who Should Attend
The intended audience for this course is information security and IT professionals, such as network administrators and engineers, IT managers, and IT auditors, and other individuals who want to learn more about information security, who are interested in learning in-depth information about information security management, who are looking for career advancement in IT security, or who are interested in earning the CISM certification.
Course Objectives
Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Identify and manage information security risks to achieve business objectives. Create a program to implement the information security strategy. Implement an information security program. Oversee and direct information security activities to execute the information security program. Plan, develop, and manage capabilities to detect, respond to, and recover from information security incidents.
Course Outline
1 - Information Security Governance
- Develop an Information Security Strategy
- Align Information Security Strategy with Corporate Governance
- Identify Legal and Regulatory Requirements
- Justify Investment in Information Security
- Identify Drivers Affecting the Organization
- Obtain Senior Management Commitment to Information Security
- Define Roles and Responsibilities for Information Security
- Establish Reporting and Communication Channels
2 - Information Risk Management
- Implement an Information Risk Assessment Process
- Determine Information Asset Classification and Ownership
- Conduct Ongoing Threat and Vulnerability Evaluations
- Conduct Periodic BIAs
- Identify and Evaluate Risk Mitigation Strategies
- Integrate Risk Management into Business Life Cycle Processes
- Report Changes in Information Risk
3 - Information Security Program Development
- Develop Plans to Implement an Information Security Strategy
- Security Technologies and Controls
- Specify Information Security Program Activities
- Coordinate Information Security Programs with Business Assurance Functions
- Identify Resources Needed for Information Security Program Implementation
- Develop Information Security Architectures
- Develop Information Security Policies
- Develop Information Security Awareness, Training, and Education Programs
- Develop Supporting Documentation for Information Security Policies
4 - Information Security Program Implementation
- Integrate Information Security Requirements into Organizational Processes
- Integrate Information Security Controls into Contracts
- Create Information Security Program Evaluation Metrics
5 - Information Security Program Management
- Manage Information Security Program Resources
- Enforce Policy and Standards Compliance
- Enforce Contractual Information Security Controls
- Enforce Information Security During Systems Development
- Maintain Information Security Within an Organization
- Provide Information Security Advice and Guidance
- Provide Information Security Awareness and Training
- Analyze the Effectiveness of Information Security Controls
- Resolve Noncompliance Issues
6 - Incident Management and Response
- Develop an Information Security Incident Response Plan
- Establish an Escalation Process
- Develop a Communication Process
- Integrate an IRP
- Develop IRTs
- Test an IRP
- Manage Responses to Information Security Incidents
- Perform an Information Security Incident Investigation
- Conduct Post-Incident Reviews
NB Class in consultation with management may be allowed to modify training time
Price Includes International Curriculum Courseware And Very Active Real-Time Labs.
4 Hours Daily 3 Times a Week
Total Duration 4 Months
Certified Ethical Hacker V7 (CEH)
The course on Certified Ethical Hacker V7 (CEH) is planned to offer essential skills required to examine the external and internal security threats against a network. This course will help you in constructing security policies that will defend important information of organizations. Participants will learn how to estimate Internet and network security issues, and how to employ successful firewall strategies and security policies. Participants will also learn how to depict network and system vulnerabilities and shield against them.
The participants will be able to
- Analyze the internal and external security threats against a network.
- Develop security policies that will protect an organization’s information.
- Evaluate network and Internet security issues and design.
- Implement successful security policies and firewall strategies.
- Expose system and network vulnerabilities and defend against them.
Prerequisite
Linux System Administration, Computer Security Fundamentals, Networking Fundamentals.
Price Includes International Curriculum Courseware And Very Active Real-Time Labs.
Recommended Courses and Certification:
- ECSA V8/LPT
- Web Security Testing With Backtrack & Kali
- MCSA: Windows Server 2012 R2
- MCSE: Server Infrastructure On server 2012 R2
CISA
Enhance your career by earning CISA—world-renowned as the standard of achievement for those who audit, control, monitor and assess information technology and business systems. With 140,000 constituents in 200 countries, ISACA is internationally recognized as a high-performing organization that addresses global, national and local information systems and business issues.
Participants will learn the techniques and gain the knowledge necessary to complete the task. They will also learn how to decode the technical situation and report on compliance using accurate, non-technical facts.
The training will focus on preparing students through a combination of lectures, review, drill sessions, extensive mentoring, practice question and answer sessions. It would also provide the right amount of training for participants to pass with confidence.
This course is ideal for
- Auditors
- Chartered Accountants
- Information Security Professionals
- Management Consultants
- System Administrators
- or other individuals considering the CISA examination
The job practice domains and task and knowledge statements are as follows
- Domain 1—The Process of Auditing Information Systems (21%)
- Domain 2—Governance and Management of IT (16%)
- Domain 3—Information Systems Acquisition, Development and Implementation (18%)
- Domain 4—Information Systems Operations, Maintenance and Service Management (20%)
- Domain 5—Protection of Information Assets (25%)
Price Includes International Curriculum Courseware And Very Active Real-Time Labs.
2 Hours Daily 3 Times a Week
Total Duration 4 Months
Prerequisites
COURSE OVERVIEW
EC-Council released the most advanced computer forensic investigation program in the world. This course covers major forensic investigation scenarios that enable you to acquire hands-on experience on various forensic investigation techniques and standard tools necessary to successfully carry-out a computer forensic investigation.
Battles between corporations, governments, and countries are no longer fought using physical force. Cyber war has begun and the consequences can be seen in everyday life. With the onset of sophisticated cyber attacks, the need for advanced cybersecurity and investigation training is critical. If you or your organization requires the knowledge or skills to identify, track, and prosecute cyber criminals, then this is the course for you. You will learn how to excel in digital evidence acquisition, handling, and forensically sound analysis. These skills will lead to successful prosecutions in various types of security incidents such as data breaches, corporate espionage, insider threats, and other intricate cases involving computer systems.
2 Hours Daily 3 Times a Week
Total Duration 4 Months
Our Services
EC Council Certified Security Analys
Overview
The ECSA program offers a seamless learning progress continuing where the CEH program left off.
The new ECSAv10 includes updated curricula and an industry recognized comprehensive step-bystep penetration testing methodology. This allows a learner to elevate their ability in applying new skills learned through intensive practical labs and challenges.
Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different
pentesting requirements across different verticals.
It is a highly interactive, comprehensive, standards based, intensive training program that teaches information security professionals how professional real-life penetration testing are conducted.
Building on the knowledge, skills and abilities covered in the new CEH v10 program, we have simultaneously re-engineered the ECSA program as a progression from the former.
Organizations today demand a professional level pentesting program and not just pentesting programs that provide training on how to hack through applications and networks.
Such professional level programs can only be achieved when the core of the curricula maps with and is compliant to government and/or industry published pentesting frameworks.
This course is a part of the VAPT Track of EC-Council. This is a “Professional” level course, with the Certified Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level
certification.
In the new ECSAv10 course, students that passes the knowledge exam are given an option to pursue a fully practical exam that provides an avenue for them to test their skills, earning them the ECSA (Practical) credential. This new credential allows employers to validate easily the skills of the student.
Who Should Attend
Ethical Hackers, Penetration Testers, Security Analysts, Security Engineers, Network Server Administrators, Firewall Administrators, Security Testers, System Administrators, and Risk Assessment Professionals.
ECSA Exam
The ECSA exam aims to test a candidate’s knowledge and application of critical penetration testing methodologies.
Candidates that successfully pass the multiple-choice exam will be awarded the ECSA credential.
As a powerful addition to the ECSA exam, the new ECSA (Practical) exam is now available adding even more value to the ECSA certification.
At the end of SKYWATCH TECHNOLOGY INSTITUTE class, students receive the practice test and a voucher for the proctored online ECSA Certification Exam.
Eligibility Criteria for ECSA Exam
• Attend offical training via an EC-Council accedited training channel
Or
• Possess a minimum of 2 years of working experience in a related InfoSec domain
Course Outline
1. Introduction to Penetration Testing and
Methodologies
2. Penetration Testing Scoping and Engagement
Methodology
3. Open Source Intelligence (OSINT) Methodology
4. Social Engineering Penetration Testing
Methodology
5. Network Penetration Testing Methodology -
External
6. Network Penetration Testing Methodology -
Internal
7. Network Penetration Testing Methodology -
Perimeter Devices
8. Web Application Penetration Testing
Methodology
9. Database Penetration Testing Methodology
10. Wireless Penetration Testing Methodology
11. Cloud Penetration Testing Methodology
12. Report Writing and Post Testing Actions
Self Study Modules
1. Penetration Testing Essential Concepts
This is an Essential Prerequisite as it helps you to
prepares you the ECSA courseware. Serves as a
base to build Advanced Pen Testing Concepts
2. Password Cracking Penetration Testing
3. Denial-of-Service Penetration Testing
4. Stolen Laptop, PDAs and Cell Phones Penetration Testing
5. Source Code Penetration Testing
6. Physical Security Penetration Testing
7. Surveillance Camera Penetration Testing
8. VoIP Penetration Testing
9. VPN Penetration Testing
10. Virtual Machine Penetration Testing
11. War Dialing
12. Virus and Trojan Detection
13. Log Management Penetration Testing
14. File Integrity Checking
15. Telecommunication and Broadband Communication Penetration Testing
16. Email Security Penetration Testing
17. Security Patches Penetration Testing
18. Data Leakage Penetration Testing
19. SAP Penetration Testing
20. Standards and Compliance
21. Information System Security Principles
22. Information System Incident Handling and Response
23. Information System Auditing and CertificationConfigure Authentication for EIGRP Routes
Challenge 12: Configure BGP Authentication
Price Includes International Curriculum Courseware And Very Active Real-Time Labs.
4 Hours Daily 3 Times a Week
Total Duration 4 Months
- 1