Mastering Open-Source EDR & Mitre ATT&CK for Threat Hunting Training Course

This instructor-led, live training (available online or onsite) is designed for government security analysts and system administrators at the beginner to intermediate level who wish to gain a foundational understanding of Cyber Defence analysis. By the end of this training, participants will be able to: - Understand the principles of Security Management within the context of Cyber Defence. - Execute effective Incident Response strategies to mitigate security incidents. - Implement Security Education practices to enhance organizational awareness and preparedness for government operations. - Manage and analyze Security Information to proactively identify threats. - Utilize Event Management techniques to monitor and respond to security events. - Implement Vulnerability Management processes to identify and address system vulnerabilities. - Develop skills in Threat Detection to identify and respond to potential cyber threats. - Participate in Simulated Attacks to test and improve incident response capabilities.

The Certified Digital Forensics Examiner (CDFE) vendor-neutral certification is designed to equip Cyber Crime and Fraud Investigators with the skills necessary for electronic discovery and advanced investigation techniques. This training is essential for anyone who encounters digital evidence during an investigation. The CDFE training program instructs participants on the methodology for conducting a computer forensic examination. Students will learn to employ forensically sound investigative methods, including evaluating the scene, collecting and documenting relevant information, interviewing key personnel, maintaining chain of custody, and preparing detailed findings reports. The CDFE course is beneficial for organizations, individuals, government offices, and law enforcement agencies that are interested in pursuing litigation, proving guilt, or taking corrective action based on digital evidence. This certification supports the need for rigorous and reliable forensic practices for government and other sectors.

This instructor-led, live training (conducted online or onsite) is designed for intermediate-level cybersecurity professionals who aim to implement CTEM in their organizations. By the end of this training, participants will be able to: - Understand the principles and stages of CTEM. - Identify and prioritize risks using CTEM methodologies. - Integrate CTEM practices into existing security protocols. - Utilize tools and technologies for continuous threat management. - Develop strategies to validate and improve security measures continuously, ensuring alignment with public sector workflows and governance for government.

This course addresses the management of an incident response team, emphasizing the role of the first responder. Given the frequency and complexity of today's cyber attacks, incident response is a critical function for organizations, including those in the public sector. Incident response serves as the last line of defense, and detecting and efficiently responding to incidents necessitates robust management processes. Managing an incident response team requires specialized skills and knowledge, particularly for government agencies where governance and accountability are paramount.

This instructor-led, live training in US (online or onsite) is designed for advanced-level cybersecurity professionals who seek to deepen their understanding of Cyber Threat Intelligence and develop the skills necessary to effectively manage and mitigate cyber threats for government. By the end of this training, participants will be able to: - Understand the foundational principles of Cyber Threat Intelligence (CTI). - Analyze the current landscape of cyber threats. - Collect and process intelligence data efficiently. - Conduct advanced threat analysis. - Utilize Threat Intelligence Platforms (TIPs) and automate threat intelligence processes for government.

This instructor-led, live training in US (online or onsite) for government covers the various aspects of enterprise security, ranging from artificial intelligence to database protection. The course also includes an overview of the latest tools, processes, and strategies necessary to defend against cyber threats.

In this course, you will gain an understanding of the principles and techniques essential for digital forensics investigations and the range of available computer forensics tools. The curriculum covers core forensic procedures to ensure that evidence is admissible in court, as well as the legal and ethical considerations relevant to these processes. You will also learn how to conduct a forensic investigation on both Unix/Linux and Windows systems, including various file systems. Advanced topics such as wireless, network, web, database, and mobile crime investigations are thoroughly addressed, ensuring comprehensive preparation for government and private sector roles.

This course will immerse participants into an interactive environment where they will learn how to scan, test, hack, and secure their own systems. The lab-intensive format provides each participant with in-depth knowledge and practical experience with essential security systems currently in use. Participants will start by understanding the mechanics of perimeter defenses before progressing to scanning and attacking their own networks, ensuring no real network is compromised. They will then learn how intruders escalate privileges and the steps necessary to secure a system. The curriculum also covers Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, and Virus Creation. Upon completion of this intensive five-day course, participants will have hands-on understanding and experience in ethical hacking, specifically tailored for government applications. ### Purpose of the Ethical Hacking Training The primary objectives of the Ethical Hacking Training are to: - Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures. - Inform the public that credentialed individuals meet or exceed these minimum standards. - Reinforce ethical hacking as a unique and self-regulating profession. ### Audience This course is ideal for professionals working in positions such as, but not limited to: - Security Engineers - Security Consultants - Security Managers - IT Directors/Managers - Security Auditors - IT Systems Administrators - IT Network Administrators - Network Architects - Developers

Why Should You Attend?

The Certified Lead Ethical Hacker training course equips you with the essential expertise to conduct information system penetration tests by applying recognized principles, procedures, and techniques. This course will help you identify potential threats on computer networks and manage a penetration testing project or team effectively. During the training, you will learn how to plan and perform both internal and external penetration tests in compliance with standards such as the Penetration Testing Execution Standard (PTES) and the Open Source Security Testing Methodology Manual (OSSTMM). Additionally, you will gain a comprehensive understanding of drafting reports and proposing countermeasures. Through practical exercises, you will master penetration testing techniques and develop skills in managing a pentest team, customer communication, and conflict resolution.

This training provides a technical overview of information security through ethical hacking, using common methods like information gathering and vulnerability detection within and outside business networks. The course is aligned with the NICE (National Initiative for Cybersecurity Education) Protect and Defend framework, ensuring that it meets industry standards and best practices.

After acquiring the necessary knowledge and skills in ethical hacking, you can take the exam to earn the "PECB Certified Lead Ethical Hacker" credential. Holding this certificate demonstrates your proficiency in performing and managing penetration tests according to established best practices, which is crucial for government and private sector roles alike.

Who Should Attend?

• Individuals interested in IT security and ethical hacking, whether to deepen their knowledge or explore a career change.
• Information security officers and professionals seeking to master ethical hacking and penetration testing techniques.
• Managers and consultants who want to learn how to oversee the penetration testing process effectively.
• Auditors aiming to conduct professional penetration tests.
• Personnel responsible for maintaining the security of information systems in an organization.
• Technical experts looking to prepare for and execute pentests.
• Cybersecurity professionals and members of information security teams who need advanced skills for their roles.

This instructor-led, live training in US (online or onsite) is aimed at computer users who wish to understand malware and take appropriate measures to minimize its threat for government systems. By the end of this training, participants will be able to: - Understand the concept of malware. - Identify the different types of malware. - Implement necessary steps to mitigate malware threats through procedural, technological, and awareness initiatives.

Format of the Course

• Interactive lecture and discussion sessions.
• Comprehensive exercises and practical activities.
• Hands-on implementation in a live-lab environment.

Course Customization Options for Government

• To request a customized training program tailored to specific agency needs, please contact us to arrange.

The Certified Ethical Hacker (CEH) certification is highly sought after in the field of cybersecurity, both domestically and internationally.

This program includes comprehensive instruction and practical exercises designed to prepare students for the CEH certification exam and the CEH Practical Exam. Successfully passing both exams confers the CEH Master credential along with the CEH certification.

Students have the option to add either the CPENT or the CHFI course to their training package.

The Certified Penetration Testing Professional (CPENT) course or the Computer Hacking Forensic Investigator (CHFI) course will be provided to each student through EC-Council’s online, self-paced, streaming video program for government use.

CPENT (Pen-test):
This course teaches students how to apply the concepts and tools covered in the CEH program to a penetration testing methodology within a live cyber range environment.

CHFI (Computer Forensics):
This course provides a methodological approach to computer forensics, including techniques for searching and seizing digital evidence, maintaining chain-of-custody, acquiring, preserving, analyzing, and reporting on digital evidence.

Course Description

The CEH program offers an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will equip you with the knowledge to understand how hackers think and operate maliciously, thereby enabling you to better secure your organization’s infrastructure and defend against future attacks. An awareness of system weaknesses and vulnerabilities helps organizations enhance their security controls and minimize the risk of incidents.

The CEH curriculum is designed to provide a hands-on environment and systematic process across each ethical hacking domain and methodology, giving students the opportunity to demonstrate the knowledge and skills necessary to earn the CEH credential. You will gain a new perspective on the responsibilities and measures required to maintain security.

Who Should Attend

• Law enforcement personnel
• System administrators
• Security officers
• Defense and military personnel
• Legal professionals
• Bankers
• Security professionals

About the Certified Ethical Hacker Master

To earn the CEH Master certification, you must pass the CEH Practical exam. The CEH Practical Exam is designed to assess students' ability to apply the principles taught in the CEH course. This practical exam requires you to demonstrate ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, and more.

The CEH Practical does not include simulations; instead, it involves challenging a live range that mimics a corporate network using live virtual machines, networks, and applications. Successfully completing the challenges in the CEH Practical Exam is the next step after obtaining the Certified Ethical Hacker (CEH) certification. Passing both the CEH exam and the CEH Practical will earn you the additional certification of CEH Master.

About the Certified Ethical Hacker Practical

To demonstrate your proficiency in ethical hacking, we assess your abilities through real-world challenges in a realistic environment. This involves using labs and tools to complete specific ethical hacking tasks within a time limit, mirroring real-world scenarios.

The EC-Council CEH (Practical) exam features a complex network that simulates a large organization’s real-life network infrastructure, including various systems such as DMZs and firewalls. You must apply your ethical hacking skills to discover and exploit live vulnerabilities while also auditing the systems.

About CPENT

EC-Council’s Certified Penetration Tester (CPENT) program focuses on penetration testing in an enterprise network environment that requires attack, exploitation, evasion, and defense. If you have experience working only in flat networks, CPENT’s live practice range will elevate your skills by teaching you to test IoT systems, OT systems, write your own exploits, build custom tools, conduct advanced binary exploitation, double pivot to access hidden networks, and customize scripts and exploits to penetrate the innermost segments of a network.

About CHFI

The Computer Hacking Forensic Investigator (CHFI) course provides a vendor-neutral perspective on digital forensics. This comprehensive program covers major forensic investigation scenarios and equips students with hands-on experience in various forensic techniques and standard forensic tools necessary for conducting successful computer forensic investigations.

This instructor-led, live training (online or onsite) is designed for information system analysts who wish to utilize MITRE ATT&CK to reduce the risk of security compromises for government operations. By the end of this training, participants will be able to: - Establish the required development environment to begin implementing MITRE ATT&CK. - Categorize how attackers interact with systems. - Document adversary behaviors within systems. - Monitor attacks, identify patterns, and evaluate existing defense tools.

Learn how to investigate, respond to, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. This course is designed to help you mitigate cyberthreats using these technologies, specifically by configuring and utilizing Azure Sentinel and Kusto Query Language (KQL) for detection, analysis, and reporting. It is tailored for individuals in Security Operations roles and helps prepare learners for the exam SC-200: Microsoft Security Operations Analyst.

Audience Profile

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for government and private organizations. Their primary goal is to reduce risk by rapidly remediating active attacks, advising on improvements to threat protection practices, and referring policy violations to appropriate stakeholders. Responsibilities include threat management, monitoring, and response using a variety of security solutions across the environment. The role primarily involves investigating, responding to, and hunting for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. As these tools are critical for operational output, Security Operations Analysts are also key stakeholders in their configuration and deployment.

Job Role: Security Engineer

Preparation for Exam: SC-200

Features: None

Skills Gained

• Explain how Microsoft Defender for Endpoint can mitigate risks in your environment
• Create a Microsoft Defender for Endpoint environment
• Configure Attack Surface Reduction rules on Windows 10 devices
• Perform actions on a device using Microsoft Defender for Endpoint
• Investigate domains and IP addresses in Microsoft Defender for Endpoint
• Investigate user accounts in Microsoft Defender for Endpoint
• Configure alert settings in Microsoft Defender for Endpoint
• Explain the evolving threat landscape
• Conduct advanced hunting in Microsoft 365 Defender
• Manage incidents in Microsoft 365 Defender
• Explain how Microsoft Defender for Identity can mitigate risks in your environment
• Investigate DLP alerts in Microsoft Cloud App Security
• Explain the types of actions you can take on an insider risk management case
• Configure auto-provisioning in Azure Defender
• Remediate alerts in Azure Defender
• Construct KQL statements
• Filter searches based on event time, severity, domain, and other relevant data using KQL
• Extract data from unstructured string fields using KQL
• Manage an Azure Sentinel workspace
• Use KQL to access the watchlist in Azure Sentinel
• Manage threat indicators in Azure Sentinel
• Explain the differences between Common Event Format and Syslog connectors in Azure Sentinel
• Connect Azure Windows Virtual Machines to Azure Sentinel
• Configure Log Analytics agent to collect Sysmon events
• Create new analytics rules and queries using the analytics rule wizard
• Create a playbook to automate incident response
• Use queries to hunt for threats
• Observe threats over time with livestream

This instructor-led, live training in [location] (online or onsite) is aimed at information analysts who wish to learn the techniques and processes behind social engineering to better protect sensitive information for government and other organizations. By the end of this training, participants will be able to: - Set up the necessary development environment to start creating custom security tools. - Implement strategies to covertly backdoor legitimate web applications. - Deliver malicious files disguised as common file types. - Utilize social engineering techniques to guide targets into visiting deceptive websites.