Let’s the hunt begin : a practical DFIR approach to entreprise scenarios

Catégorie : Autres, Gestion des risques, Technique et réseau

Durée : 2 jours

Lieu de la formation : Maison de la Chimie

Détails de la formation

These intensive 2-days course is designed to teach the right way to approach an incident in an enterprise scenario. Nowadays threats and attacks have become more and more complex than years ago, so every company needs to have a dedicated team (CERT/CSIRT) able to rapidly detect and respond these threats. Companies need to understand that hidden threats could already exist into their infrastructures or networks and they should not make the mistake of thinking that their security systems are perfect and inviolable. This course wants to teach the best methodologies and techniques to discover a compromise and, later, to provide the right skills to conduct a deep forensics investigation. We will start speaking about the six phases of an incident response (Preparation, Identification, Containment, Eradication, Recovery and Lesson Learned) and we will continue speaking about differences between Incident Response and Threat Hunting. Students will better understand and learn, with the hand-on labs, different kind of malware behaviors, including the latest techniques to perform evasion and persistence as well as discovering how a file-less malware works. People playing the “Blu Team game” should know that every and each attacker actions leaves a trace; for this reason during the course we will analyze the most famous TTPs (Tactics, Techniques, and Procedures) used by malicious actors and the corresponding artifact left on the system such as prefetch files, socket connections, shimcache, amcache, etc. Finally, students will learn how to write a report with all the information discovered during the digital forensics investigation. Common tools the students will practice with during the course include the entire sets of free software developed by Eric Zimmerman, RAM Capture, DumpIt, densityscout, sigcheck, volatility framework (version 2 and version 3), log2timeline, Yara, etc…

Lien vers la description de la formation : https://hackinparis.com/trainings/#training-2020-lets-the-hunt-begin-a-practical-dfir-approach-to-enterprise-scenarios-2-days

Pré-requis éventuel ou connaissances souhaitables ou exigées : https://hackinparis.com/trainings/#training-2020-lets-the-hunt-begin-a-practical-dfir-approach-to-enterprise-scenarios-2-days

Niveau souhaité : débutant et confirmé

Conditions

Prix de la formation : 1550 HT

Informations complémentaires

Détail des supports remis au participant : https://hackinparis.com/trainings/#training-2020-lets-the-hunt-begin-a-practical-dfir-approach-to-enterprise-scenarios-2-days

En intra interim : non En inter interim : non

Conditions repas et hébergement : repas inclus