Course

Objective:

Learning Outcomes:

• Implement Sigma rules in Splunk by converting them into SPL, configuring real-time alerts, and validating detections through attack simulation
• Analyze a real-world breach report for a CVE to extract actionable threat intelligence
• Validate exposure in your environment using command-line tools and apply remediation techniques for identified indicators of compromise
• Analyze captured network traffic in Wireshark to uncover device activity and identify search, media, and system details
• Analyze packet captures in Wireshark to identify scanning techniques and uncover targeted systems during a network intrusion
• Extract and analyze files transmitted over a network using Wireshark and NetworkMiner to validate file structures and identify artifacts
• Implement SNMPv2 on a Cisco router in Packet Tracer to manage and verify device settings
• Analyze network traffic with Zeek and zeek-cut to extract data from logs and interpret traffic patterns
• Configure Nagios XI with SNMP to monitor Windows Server services, processes, and operational status
• Deploy Zabbix agents on Windows systems to configure and tune security monitoring alerts for detecting anomalous behavior
• Configure Suricata on a pfSense firewall to apply custom IDS rules and analyze alerts from network traffic
• Configure NAT port forwarding and custom Suricata rules in pfSense to detect non-standard FTP activity and verify alerts
• Write and test custom Suricata detection rules against PCAP files and live traffic to validate accurate detection of port scanning activity
• Refine a SIEM correlation rule in Splunk to reduce false positives and prioritize attacker alerts using Windows security logs
• Analyze SIEM alerts, LDAP traffic, and PowerShell scripts to determine attack methodologies
• Identify compromised user accounts and domain components during a simulated domain breach
• Detect and investigate security events in Splunk by analyzing failed login attempts, suspicious file downloads, and event data to identify attack patterns
• Analyze SQL injection attacks using SIEM dashboards and Splunk to identify attack types and attacker IPs
• Investigate SQL payloads and detection gaps to understand attacker methods and false negatives
• Analyze command injection attacks in Splunk by investigating alerts, attacker IPs, redirect destinations, and attack patterns in log data
• Implement a VirusTotal threat intelligence playbook in Splunk SOAR to automate analysis of suspicious files and URLs
• Analyze recovered Windows event logs in Splunk to reconstruct an attack timeline
• Correlate logon events, process executions, and service installations to validate timeline conclusions on a compromised Windows machine
• Create forensic images of a logical drive in E01 and RAW formats with FTK Imager to validate integrity and preserve digital evidence
• Analyze a memory dump with Volatility to identify hidden processes and enumerate running tasks
• Extract URLs from memory and assess them with VirusTotal to evaluate malicious behavior
• Analyze a Windows memory dump with Volatility to identify suspicious processes, loaded DLLs, and network connections
• Detect code injection and validate findings with VirusTotal
• Capture and analyze system memory with FTK Imager and forensic tools to search for artifacts, validate integrity, and compare acquisitions
• Analyze a forensic disk image with Autopsy to identify digital artifacts, trace user activity, and document evidence of a system breach
• Analyze an email and HTML attachment using static and dynamic techniques to identify payloads, execution behavior, and persistence mechanisms
• Correlate identified indicators of compromise with MITRE ATT&CK techniques
• Evaluate the roles of AI agents in security operations, including threat hunting, incident response, threat intelligence analysis, and compliance monitoring
• Explain how continuous operation, scalability, and adaptability enhance the effectiveness of AI-driven security functions

General Topics: