Cyber Warfare: CYBER WARFARE – DEFENSE & ATTACK – ADVANCED

This post is also available in: English

CYBER WARFARE – DEFENSE & ATTACK – ADVANCED

Duration : 404 Hours

The Cyber Warfare Advanced course is probably one of the broadest cyber warfare courses worldwide. Designed especially for MOD industries, the program is both broad and thorough, covering issues such as the construction of knowledge and the structure of a defensive cyber unit in a particularly threatened environment.

The Cyber Warfare Advanced course is a preliminary program for a later specialization in one of the following subjects: Defense Strategy, Attacking Techniques, Proactive Intelligence, Investigations, Malware Analysis, Reverse Engineering, Exploit Writing, SCADA Attack & Defense.

Target Audience

Information Security experts, looking for an in-depth glance into organizations threatened by Advanced Persistent Threats. Intelligence and security practitioners.

Objectives

The program delves deep into various aspects of Cyber Warfare on the defensive side, enabling participants to expand their knowledge in both methodologies and required techniques.

Pre- requisites

Background in IT as well as software development or intelligence.

Course Outline

Module 1: Introduction – 8 hours

Module 2: Cyber Defense Strategies – 32 hours

  • Fundamental defense concepts
    • Conceptual framework for cyber defense
    • Strategic Vs. Operational Cyberwar
    • The goals of cyber defense
    • Defense Architecture
    • Defense Policy
    • Defense Strategy
    • Cyber Operations
  • Cyber Deterrence
    • Defining Cyber Deterrence
    • The unique nature of Cyber Deterrence
    • A strategy of Response
    • Cyber Retaliation
  • Cyber Resilience
    • Principles for cyber Resilience
    • Cyber Resilience Goals and Requirements
    • Cyber Resiliency Engineering
    • Mission Assurance
    • Cyber Resiliency Framework
    • Cyber Resiliency Objectives
    • Cyber Resiliency Practices
    • Cyber Risk management
    • Cyber Governance
    • Cyber Defense program
    • Maturity measurement
    • Security Metrics

Module 3: Cyber Operations – 32 hours

  • Organization and functionalities
    • People, Processes, and Technologies
  • Identity and Access Management
    • Goals, motivations, and guiding principles
    • Access Controls mechanism
    • AAA concepts
    • IAM processes
    • IAM technologies
    • IAM best practices
  • Threat and Vulnerability Management
    • Goals, motivations, and guiding principles
    • TVM processes
    • TVM technologies
    • Cyber TVM
  • Security Configuration Management, audit and Compliance
    • Goals, motivations, and guiding principles
    • CM processes and technologies
    • Management platforms
  • Cyber Training and Simulation
    • Goals, motivations, and guiding principles
    • Types of Cyber simulations
    • Building a Cyber Range
    • Challenges
    • Technologies
    • Best Practices

Module 4: Deep delve into Cyber Threats – 32 hours

  • Attacker Techniques
    • Covering Identity
    • Tunneling Techniques
    • Fraud Techniques
    • Social Engineering Tactics, Techniques and Procedures
  • Threat Infrastructure
    • Botnets
    • DNS and Fast-flux
  • Exploitation
    • Techniques to gain a foothold
    • Disruption Methods
  • Malware essentials
    • Types of malicious code
    • Anti-Forensics Techniques
    • Persistence Techniques
    • BIOS\CMOS\MBR
    • Hypervisors
    • Registry Entries and auto-startups
    • Rootkits
    • Spywares
    • Privilege Escalation
  • Stealing Information

Module 5: Monitoring & Detection – 32 hours

  • Log Management and Information Sources
    • Sources of Information
    • Quality of Information
  • Attack Indicators
  • Automated Attack Detection Tools and Methods
  • SIEM’s
    • Overview of the Functionality
    • Presentation Layer
    • Alarms and Thresholds
    • Priorities
    • Correlation
  • Writing SIEM rules
    • Best Practices
    • Avoiding False Positives and Noise
    • Case-studies
  • Intrusion Attribution Framework
    • Introduction and objectives of attribution
    • Trace-back techniques
    • Intrusion analysis
    • Counter attack

Module 6: Advanced Detection Techniques – 20 hours

  • Part I: anomalies, information, categories, types and evaluation
    • Introduction & Real-world Scenarios Anomalies Examples
    • Types of information
    • Pre-processing of information
    • Categories of identifying anomalies
    • Types of anomalies
    • Anomaly detection products
    • Evaluation of anomalies detection
    • Accuracy
    • F — value
    • Detection rate
    • Rate of false alerts
    • ROC
    • Curve
    • AUC
  • Part II: Techniques for identifying anomalies
    • Classification-based methods
    • Close neighbors based methods
    • Distance-based techniques
    • Clusters-based methods
    • Statistics-based methods
    • Information theory-based methods

Module 7: Incident Response – 32 hours

  • SOC functionalities
  • Events vs. Incidents
  • SOC operation principles
    • Roles & Responsibility
    • Framework
    • Communication
    • Incident Tickets
    • Handing Incidents over to other departments
    • Awareness and Communication
  • Analysis of Incidents
    • Role of the Analyst
    • Incident Varieties
    • The forensic approach
  • Legal aspects
    • Court proof and evidence
    • Communication
    • Involving the authorities
    • Do’s and don’ts
  • Building SOC
  • Case Studies

Module 8: Cyber Forensics and Investigations – 40 hours

  • Principles of computer & Network forensics
  • Tools of the trade
  • Live-system Forensics
  • Investigation Process
  • Files and Logs
  • Investigating
    • Web attacks
    • Router attacks
    • DoS attacks
    • Email related intrusions
    • Mobile Devices
    • External Espionage
    • Anti-forensics techniques

Module 9: Cyber Intelligence & Collaboration – 40 hours

  • Introduction
    • Open Source Intelligence by Organization
    • Important Internet backgrounds and services
    • Safe searching
    • Validation of information
    • Search engines & search tools
    • Browsers
    • Case studies
  • Searching & Finding
    • The OSINT process
    • Question analysis
    • Sources : the Information Landscape
    • Smart queries
    • Search Strategies
  • Sources
    • Printed Sources
    • Commercial information vendors
    • Multimedia Assets
    • Country Information
    • News
    • RSS feeds
    • UseNet
    • ListServ’s
    • Citation Analyses
  • Technical
    • Organizing information
    • Book of Sources
    • Internet document formats and reformatting
    • Smart download processes
    • Designing HTML websites
    • PERL
    • XML / XSLT
  • OSINT Applied
    • Searching commercial information providers
    • Improving search results
    • Closing down, wrap-up, evaluation

Module 10: Emerging Cyber Technologies and Focus Areas – 32 hours

  • Mobile Devices
    • Security Challenges
    • Mobile Device vulnerabilities
    • Mobile devise defense tools and techniques
    • Mobile devise forensics
  • Virtualization
    • Virtualization explained
    • Attacks against virtual machines
    • Using virtual machines for security
    • Building a Sandbox
    • Honeypots
    • Malware analysis
    • Current Solutions
  • Cloud Security
    • Cloud Terminology and Architecture
    • Cloud Risk assessment
    • Policy and Organizational risks
    • Technical risks
    • Legal risks
    • General risks
    • Cloud Vulnerabilities
    • Recommendations and best practices:
    • IA framework
    • IA requirements
    • Cloud Forensics
  • Data Protection Technologies
    • Data access monitoring
    • File access
    • Database monitoring
    • Application\Middleware control
    • Digital Rights Management
    • Data leak prevention technologies and techniques
    • Data Encryption tools
  • Massive Data Processing
  • Cyber Taxonomies

Module 11: Application and System Security Engineering – 20 hours

  • Security Development Lifecycle
  • Secure Coding
  • Web Application security

Module 12: Reverse Engineering – 32 hours

  • Principles
  • Tools and techniques
  • IDA
  • Windows Kernel
  • Kernel API
  • Rootkit technologies
  • WinDBG and Kernel Debugging
  • Reversing a Rootkit
  • PECOFF
  • PE Anti-reversing techniques
  • Physical memory
  • Binary protocols

Module 13: Critical Infrastructure Protection – 32 hours

  • CIP Challenges
  • SCADA security
  • Introduction to SCADA
  • Management of SCADA DMZ’s
  • The AAA’s of SCADA
  • Protocols
  • Protection by software
  • Penetration test for SCADA
  • Exploits and Vulnerabilities

Module 14: Cyberspace Challengers – 20 hours