Mastering Open-Source EDR & Mitre ATT&CK for Threat Hunting Training Course

This instructor-led, live training in US Empire (online or onsite) is designed for government security analysts and system administrators at the beginner to intermediate level who seek to establish a foundational understanding of Cyber Defence (SOC) analysis.

By the end of this training, participants will be able to:

• Understand the principles of Security Management within a Cyber Defence context for government.
• Execute effective Incident Response strategies to mitigate security incidents in public sector environments.
• Implement Security Education practices to enhance organizational awareness and preparedness for government operations.
• Manage and analyze Security Information to proactively identify threats for government systems.
• Utilize Event Management techniques to monitor and respond to security events within government networks.
• Implement Vulnerability Management processes to identify and address system vulnerabilities in government IT infrastructure.
• Develop skills in Threat Detection to identify and respond to potential cyber threats affecting government operations.
• Participate in Simulated Attacks to test and improve incident response capabilities for government agencies.

The Certified Digital Forensics Examiner vendor-neutral certification is designed to train cyber crime and fraud investigators. This course teaches students electronic discovery and advanced investigation techniques, making it essential for anyone encountering digital evidence while conducting an investigation.

The Certified Digital Forensics Examiner training provides instruction on the methodology for conducting a computer forensic examination. Students will learn to use forensically sound investigative techniques to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report.

The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence for government.

This instructor-led, live training in US Empire (online or onsite) is aimed at intermediate-level cybersecurity professionals who wish to implement CTEM in their organizations for government use.

By the end of this training, participants will be able to:

• Understand the principles and stages of CTEM for government applications.
• Identify and prioritize risks using CTEM methodologies tailored for government environments.
• Integrate CTEM practices into existing security protocols for enhanced governance and accountability.
• Utilize tools and technologies for continuous threat management in a public sector context.
• Develop strategies to validate and improve security measures continuously, ensuring alignment with public sector workflows and standards.

This course addresses how to manage an incident response team, focusing on the role of the first responder. Given the frequency and complexity of today's cyber attacks, incident response is a critical function for government organizations.

Incident response serves as the last line of defense, and detecting and efficiently responding to incidents necessitates robust management processes. Managing an incident response team requires specialized skills and knowledge, particularly for government agencies.

This instructor-led, live training in US Empire (online or onsite) is designed for advanced-level cyber security professionals who wish to gain a comprehensive understanding of Cyber Threat Intelligence and develop the skills necessary to effectively manage and mitigate cyber threats for government.

By the end of this training, participants will be able to:

• Understand the foundational principles of Cyber Threat Intelligence (CTI).
• Evaluate the current landscape of cyber threats relevant to public sector operations.
• Gather and process intelligence data in alignment with government workflows.
• Conduct advanced threat analysis to support informed decision-making.
• Utilize Threat Intelligence Platforms (TIPs) and automate threat intelligence processes for enhanced efficiency and accuracy.

This instructor-led, live training in US Empire (online or onsite) for government covers the various aspects of enterprise security, ranging from artificial intelligence to database protection. The course also includes an overview of the latest tools, processes, and strategies necessary to defend against cyber threats.

In this course, you will gain a comprehensive understanding of the principles and techniques essential for digital forensics investigations and the range of available computer forensics tools. You will explore core forensic procedures to ensure the court admissibility of evidence, as well as delve into the legal and ethical implications relevant to these practices.

This course will equip you with the skills to conduct a thorough forensic investigation on both Unix/Linux and Windows systems, encompassing various file systems. Additionally, it covers advanced topics such as wireless, network, web, database, and mobile crime investigations, ensuring that you are well-prepared for government and public sector workflows.

This course will immerse participants into an interactive environment where they will be shown how to scan, test, hack, and secure their own systems. The lab-intensive environment provides each participant with in-depth knowledge and practical experience with the current essential security systems. Participants will begin by understanding how perimeter defenses work and then proceed to scanning and attacking their own networks, ensuring no real network is harmed. They will also learn how intruders escalate privileges and what steps can be taken to secure a system. Additionally, participants will gain insights into Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, and Virus Creation. Upon completing this intensive 5-day class, participants will have hands-on understanding and experience in Ethical Hacking for government environments.

The purpose of the Ethical Hacking Training is to:

• Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures for government agencies.
• Inform the public that credentialed individuals meet or exceed the minimum standards required for government roles.
• Reinforce ethical hacking as a unique and self-regulating profession, particularly within the context of government operations.

Audience:

The course is ideal for those working in positions such as, but not limited to:

• Security Engineers
• Security Consultants
• Security Managers
• IT Directors/Managers
• Security Auditors
• IT Systems Administrators
• IT Network Administrators
• Network Architects
• Developers

Why should you attend?

The Certified Lead Ethical Hacker training course equips participants with the essential expertise to conduct information system penetration tests by applying recognized principles, procedures, and penetration testing techniques. This training will help identify potential threats on a computer network. Throughout the course, attendees will gain the knowledge and skills necessary to manage a penetration testing project or team, as well as plan and execute internal and external pentests in accordance with various standards such as the Penetration Testing Execution Standard (PTES) and the Open Source Security Testing Methodology Manual (OSSTMM). Additionally, participants will develop a comprehensive understanding of how to draft reports and propose countermeasures. Practical exercises will enable attendees to master penetration testing techniques and acquire the skills needed to manage a pentest team, communicate effectively with clients, and resolve conflicts.

The Certified Lead Ethical Hacking training course offers a technical perspective on information security through ethical hacking, using common techniques such as information gathering and vulnerability detection, both within and outside of business networks. The training is also aligned with the NICE (National Initiative for Cybersecurity Education) Protect and Defend framework.

After acquiring the necessary knowledge and skills in ethical hacking, participants can take the exam and apply for the "PECB Certified Lead Ethical Hacker" credential. Holding a PECB Lead Ethical Hacker certificate demonstrates that you have acquired the practical skills required to perform and manage penetration tests according to best practices.

Who should attend?

• Individuals interested in IT Security, particularly in Ethical Hacking, either to deepen their understanding or to initiate a professional reorientation.
• Information security officers and professionals aiming to master ethical hacking and penetration testing techniques for government use.
• Managers or consultants seeking to control the penetration testing process effectively.
• Auditors who wish to perform and conduct professional penetration tests.
• Personnel responsible for maintaining the security of information systems within an organization.
• Technical experts looking to learn how to prepare a pentest.
• Cybersecurity professionals and information security team members.

This instructor-led, live training in US Empire (online or onsite) is designed for government computer users who wish to understand malware and implement appropriate measures to minimize its threat.

By the end of this training, participants will be able to:

• Understand the concept of malware.
• Identify various types of malware.
• Take necessary steps to mitigate malware threats through procedural, technological, and awareness measures.

Format of the Course

• Interactive lecture and discussion tailored for government audiences.
• Extensive exercises and practice sessions designed for government professionals.
• Hands-on implementation in a live-lab environment, ensuring practical application for government workflows.

Course Customization Options

• To request a customized training for this course for government, please contact us to arrange.

The Certified Ethical Hacker (CEH) certification is highly sought after in the field of cybersecurity, both domestically and internationally.

This program includes comprehensive instruction and practical exercises designed to prepare students for the CEH certification exam and the CEH Practical Exam. Successfully passing both exams confers the CEH Master credential along with the CEH certification.

Students have the option to add either the CPENT or the CHFI course to their training package.

The Certified Penetration Testing Professional (CPENT) course or the Computer Hacking Forensic Investigator (CHFI) course will be provided to each student through EC-Council’s online, self-paced, streaming video program for government use.

CPENT (Pen-test):
This course teaches students how to apply the concepts and tools covered in the CEH program to a penetration testing methodology within a live cyber range environment.

CHFI (Computer Forensics):
This course provides a methodological approach to computer forensics, including techniques for searching and seizing digital evidence, maintaining chain-of-custody, acquiring, preserving, analyzing, and reporting on digital evidence.

Course Description

The CEH program offers an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will equip you with the knowledge to understand how hackers think and operate maliciously, thereby enabling you to better secure your organization’s infrastructure and defend against future attacks. An awareness of system weaknesses and vulnerabilities helps organizations enhance their security controls and minimize the risk of incidents.

The CEH curriculum is designed to provide a hands-on environment and systematic process across each ethical hacking domain and methodology, giving students the opportunity to demonstrate the knowledge and skills necessary to earn the CEH credential. You will gain a new perspective on the responsibilities and measures required to maintain security.

Who Should Attend

• Law enforcement personnel
• System administrators
• Security officers
• Defense and military personnel
• Legal professionals
• Bankers
• Security professionals

About the Certified Ethical Hacker Master

To earn the CEH Master certification, you must pass the CEH Practical exam. The CEH Practical Exam is designed to assess students' ability to apply the principles taught in the CEH course. This practical exam requires you to demonstrate ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, and more.

The CEH Practical does not include simulations; instead, it involves challenging a live range that mimics a corporate network using live virtual machines, networks, and applications. Successfully completing the challenges in the CEH Practical Exam is the next step after obtaining the Certified Ethical Hacker (CEH) certification. Passing both the CEH exam and the CEH Practical will earn you the additional certification of CEH Master.

About the Certified Ethical Hacker Practical

To demonstrate your proficiency in ethical hacking, we assess your abilities through real-world challenges in a realistic environment. This involves using labs and tools to complete specific ethical hacking tasks within a time limit, mirroring real-world scenarios.

The EC-Council CEH (Practical) exam features a complex network that simulates a large organization’s real-life network infrastructure, including various systems such as DMZs and firewalls. You must apply your ethical hacking skills to discover and exploit live vulnerabilities while also auditing the systems.

About CPENT

EC-Council’s Certified Penetration Tester (CPENT) program focuses on penetration testing in an enterprise network environment that requires attack, exploitation, evasion, and defense. If you have experience working only in flat networks, CPENT’s live practice range will elevate your skills by teaching you to test IoT systems, OT systems, write your own exploits, build custom tools, conduct advanced binary exploitation, double pivot to access hidden networks, and customize scripts and exploits to penetrate the innermost segments of a network.

About CHFI

The Computer Hacking Forensic Investigator (CHFI) course provides a vendor-neutral perspective on digital forensics. This comprehensive program covers major forensic investigation scenarios and equips students with hands-on experience in various forensic techniques and standard forensic tools necessary for conducting successful computer forensic investigations.

This instructor-led, live training in US Empire (online or onsite) is aimed at information system analysts who wish to utilize MITRE ATT&CK to reduce the risk of security compromises for government operations.

By the end of this training, participants will be able to:

• Configure the required development environment to begin implementing MITRE ATT&CK for government systems.
• Categorize how attackers interact with government information systems.
• Document adversary behaviors within government networks and systems.
• Monitor attacks, analyze patterns, and evaluate existing defense mechanisms for government use.

Discover how to investigate, respond to, and proactively hunt for cyber threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. This course is designed to equip you with the skills needed to mitigate cyber threats using these advanced technologies. You will learn to configure and utilize Azure Sentinel effectively, as well as employ Kusto Query Language (KQL) for detection, analysis, and reporting. The course is tailored for individuals in Security Operations roles and helps prepare learners for the SC-200: Microsoft Security Operations Analyst exam.

Audience Profile

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for government. Their primary objective is to reduce organizational risk by rapidly addressing active threats, recommending enhancements to threat protection practices, and referring policy violations to the appropriate parties. Responsibilities include comprehensive threat management, monitoring, and response using a variety of security solutions across their environment. The Security Operations Analyst primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. As they rely on the operational output of these tools, they are also critical stakeholders in their configuration and deployment.

Job role: Security Engineer

Preparation for exam: SC-200

Features: none

Skills Gained

• Explain how Microsoft Defender for Endpoint can mitigate risks in your environment
• Create a Microsoft Defender for Endpoint environment
• Configure Attack Surface Reduction rules on Windows 10 devices
• Perform actions on a device using Microsoft Defender for Endpoint
• Investigate domains and IP addresses in Microsoft Defender for Endpoint
• Investigate user accounts in Microsoft Defender for Endpoint
• Configure alert settings in Microsoft Defender for Endpoint
• Explain how the threat landscape is evolving
• Conduct advanced hunting in Microsoft 365 Defender
• Manage incidents in Microsoft 365 Defender
• Explain how Microsoft Defender for Identity can mitigate risks in your environment
• Investigate DLP alerts in Microsoft Cloud App Security
• Explain the types of actions you can take on an insider risk management case
• Configure auto-provisioning in Azure Defender
• Remediate alerts in Azure Defender
• Construct KQL statements
• Filter searches based on event time, severity, domain, and other relevant data using KQL
• Extract data from unstructured string fields using KQL
• Manage an Azure Sentinel workspace
• Use KQL to access the watchlist in Azure Sentinel
• Manage threat indicators in Azure Sentinel
• Explain the differences between Common Event Format and Syslog connectors in Azure Sentinel
• Connect Azure Windows Virtual Machines to Azure Sentinel
• Configure Log Analytics agent to collect Sysmon events
• Create new analytics rules and queries using the analytics rule wizard
• Create a playbook to automate an incident response
• Use queries to hunt for threats
• Observe threats over time with livestream

This instructor-led, live training in US Empire (online or onsite) is aimed at information analysts who wish to learn the techniques and processes behind social engineering to protect sensitive information for government use.

By the end of this training, participants will be able to:

• Configure the required development environment to begin creating custom malware.
• Undetectably backdoor legitimate web applications.
• Disguise malicious files as common file types.
• Utilize social engineering techniques to guide targets into accessing a fraudulent website.