Détails de la formation
This intensive 2-days course is designed to teach the right way to approach an incident in an enterprise scenario. Nowadays threats and attacks have become more and more complex than years ago, so every company needs to have a dedicated team (CERT/CSIRT) able to rapidly detect and respond these threats. Companies need to understand that hidden threats could already exist into their infrastructures or networks and they should not make the mistake of thinking that their security systems are perfect and inviolable. This course wants to teach the best methodologies and techniques to discover a compromise and, later, to provide the right skills to conduct a deep forensics investigation. We will start speaking about the six phases of an incident response (Preparation, Identification, Containment, Eradication, Recovery and Lesson Learned) and we will continue speaking about differences between Incident Response and Threat Hunting. Students will better understand and learn, with the hand-on labs, different kind of malwareTerme générique désignant un programme malveillant. behaviors, including the latest techniques to perform evasion and persistence as well as discovering how a file-less malware works. People playing the « Blu Team game » should know that every and each attacker actions leaves a trace; for this reason during the course we will analyze the most famous TTPs (Tactics, Techniques, and Procedures) used by malicious actors and the corresponding artifact left on the system such as prefetch files, socket connections, shimcache, amcache, etc. Finally, students will learn how to write a report with all the information discovered during the digital forensics investigation. Common tools the students will practice with during the course include the entire sets of free software developed by Eric Zimmerman, RAM Capture, DumpIt, densityscout, sigcheck, volatility framework (version 2 and version 3), log2timeline, Yara, etc…
Lien vers la description de la formation : https://hackinparis.com/trainings/#training-2020-lets-the-hunt-begin-a-practical-dfir-approach-to-enterprise-scenarios-2-days
Pré-requis éventuel ou connaissances souhaitables ou exigées : Basic forensics and windows knowledge
Niveau souhaité : débutant et confirmé
Conditions
Prix de la formation : 1550 HT
Informations complémentaires
Détail des supports remis au participant : https://hackinparis.com/trainings/#training-2020-lets-the-hunt-begin-a-practical-dfir-approach-to-enterprise-scenarios-2-days
En intra : oui En inter : oui
Conditions repas et hébergement : repas inclus
Organisé par
SYSDREAM
Audit, Conseil
Contact inscription
Nom : KOLTSIDIS
Prénom : Evangélia
Téléphone : 0178765800
Email : e.koltsidis@sysdream.com
Autres formations
- SIEM et Veille Technologique Sécurité
- Analyste des opérations de sécurité Microsoft
- Principes et mise en oeuvre des PKI – Réf : SECUPKI
- Hébergement des données de santé et vie privée – Réf : SECUSANTE
- ISO27005 : Management du risque appliqué à la sécurité de l’information
- Fondamentaux techniques de la cybersécurité – Réf : SECUCYBER
- Black belt pentesting / Bung Hunting Millionaire : Mestering Web attacks with Full-Stack Exploitation
- Microsoft 365 Security Administrator
- Corelan “Advanced”
- CISA: Certified Information Systems Auditor