ＨｉｄｅＺｅｒｏＯｎｅ

FOR585 is continuously updated to keep up with the latest malware, smartphone operating systems, third-party applications, acquisition shortfalls, extraction techniques (jailbreaks and roots) and encryption. It offers the most unique and current instruction to arm you with mobile device forensic knowledge you can immediately apply to cases you’re working on the day you get back to work.

FOR585.1: Smartphone Overview, Fundamentals of Analysis, SQLite Introduction, Android Forensics Overview, and Android Backups
FOR585.2: Android Forensics
FOR585.3: iOS Device Forensics
FOR585.4: iOS Backups, Malware and Spyware Forensics, and Detecting Evidence Destruction
FOR585.5: Third-Party Application Analysis
FOR585.6: Smartphone Forensic Capstone Exercise

FOR585: Smartphone Forensic Analysis In-Depth

SEC504 helps you develop the skills to conduct incident response investigations. You will learn how to apply a dynamic incident response process to evolving cyber threats, and how to develop threat intelligence to mount effective defense strategies for cloud and on-premises platforms. You’ll examine the latest threats to organizations, from watering hole attacks to business email compromise, getting you into the mindset of attackers and anticipating their moves. SEC504 gives you the skills you need to understand how attackers scan, exploit, pivot, and establish persistence in cloud and conventional systems. To reinforce these skills, and to help you retain the course material, 50% of class time is spent on hands-on exercises, using visual association tools to break down complex topics. This course prepares you to conduct cyber investigations and will boost your career by helping you develop these in-demand skills. 33 full labs, 18 Lightning Labs, and an immersive capture the flag event.

Whether you are new to information security or a seasoned practitioner with a specialized focus, SEC401 will provide the essential information security skills and techniques you need to protect and secure your critical information and technology assets, whether on-premise or in the cloud. SEC401 will also show you how to directly apply the concept learned into a winning defensive strategy, all in the terms of the modern adversary. This is how we fight; this is how we win! 18 Hands-On Labs

SANS Foundations is the best course available to learn the core knowledge and develop practical skills in computers, technology, and security foundations that are needed to kickstart a career in cybersecurity. The course features a comprehensive variety of innovative, hands-on labs, and practical exercises that go far beyond what is offered in any other foundational course in cybersecurity. These labs are developed by leading subject-matter experts, drawing on the latest technology, techniques, and concepts in cybersecurity.

In Adversary Tactics: Vulnerability Research for Operators, you will learn an operator-focused approach to find the vulnerabilities needed to escalate privileges, execute arbitrary code, or facilitate lateral movement in Windows environments. We will give you the methodology and identify tools to find these weaknesses during active operations, when costly lead time and dedicated lab environments are unavailable. This course covers the vulnerability classes that SpecterOps routinely finds on engagements and dives into their root causes, identification techniques, and exploitation methods.

The Mandiant – Hunt Mission Workshop, also known as the Practical Threat Hunting course, is a comprehensive three-day training program designed to equip threat hunters and incident responders with the core concepts of developing and executing threat hunts.

The course aims to enable students to:

• Apply cyber threat intelligence concepts to hunt for adversary activity in their environment.
• Establish a repeatable hunt methodology and develop hunt use cases.
• Leverage endpoint data to hunt.
• Establish measures of effectiveness for a hunt program.

Mandiat – Hunt Mission Workshop

Mandiant red teams have conducted hundreds of covert red team operations. This course draws on that knowledge to help learners improve their ability to prevent, detect, and respond to threats in an enterprise network.

Learners will better understand advanced threat actor behavior that Mandiant experts have observed through incident response investigations. Learners will also see how Mandiant red teams refine advanced attacker tactics, techniques and procedures (TTPs) for use by red teams in their attempts to emulate advanced threat actors. Learners will develop the ability to think like an attacker and creatively use these TTPs to accomplish response goals while avoiding detection.

Mandiant red team leads conduct this fast-paced technical course with presentations and scenario-based labs based on frontline expertise and intelligence-based security research. Learners receive hands-on experience conducting covert cyber attack simulations that mimic real-world threat actors. They will learn how to bypass advanced network segmentation, multi-factor authentication and application whitelisting, abuse web applications, escalate privileges and steal data while circumventing detection methods.

Incident response to live cyberattacks requires silent navigation through compromised assets, sometimes in large distributed networks. The popular approach relies on EDR or other live agent-based solutions. However, the activation of security agents and obvious activities on live compromised systems may trigger alerts of advanced threat actors. Once alerted, a cleanup operation and destruction of evidence can happen. Moreover, offline system analysis may not be easy due to the physical distance to the compromised system or scale of the network. This is where remote stealthy threat discovery with “scoutware”, software for threat hunting and instant system analysis, becomes incredibly useful.

In our training you will be introduced to the free, open-source scoutware tool Bitscout developed by Vitaly Kamluk from Kaspersky GReAT in collaboration with INTERPOL, that has been successfully used by Kaspersky researchers for years. The cases demonstrated in the training were developed by Vitaly Kamluk and Nicolas Collery, Executive Director at DBS Bank, primary incident responder. During the training you will create your own remote analysis tool and practice it right away in the provided virtual lab!

The Offensive Tool Development is the first course which is dedicated to Windows API exploitation to build your own tools for Red Team Engagements. If you have completed the Malware On Steroids course, then you can merge the capabilities you build during this course with the Command & Control built during the MOS course. This helps you to build your own CnC modules, all of which can be run in memory for detection evasion. There are a lot of courses which focus on exploitation, reversing and other offensive stuff, but none of them focus on writing your own tools and brining your own toolkit during an engagement.

This course is highly technical in nature, involving a lot of coding and all the tools will be written in either C or C++, sometimes PowerShell (maybe 5%) to make sure the user has capabilitiy to load every tool in memory and evade memory artefacts or detections. During the course, you will build your own reflective tools and shellcode for Host Enumeration, Lateral Movement, Domain Enumeration and Domain Privilege Escalation. You will learn to build different types of remote access tools running over different protocols including RPC, SMB, and HTTP and use exploit Windows Security Tokens for lateral movement within a Domain Environment.

Dark Vortex: Offensive Tool Development