Thursday, March 25, 2021 5:30 PM-6:30 PM PKT
Thursday, April 22, 2021 3:30 PM-4:30 PM PKT
Thursday, May 27, 2021 5:30 PM-6:30 PM PKT
Thursday, June 24, 2021 5:30 PM-6:30 PM PKT
Thursday, July 29, 2021 5:30 PM-6:30 PM PKT
Thursday, September 2, 2021 5:30 PM-6:30 PM PKT
Thursday, September 30, 2021 5:00 PM-6:00 PM PKT
Thursday, November 4, 2021 4:00 PM-5:00 PM PKT
Thursday, December 2, 2021 3:00 PM-4:00 PM PKT
Thursday, December 30, 2021 3:00 PM-4:00 PM PKT
Wednesday, April 13, 2022 3:00 PM-4:00 PM PKT
Wednesday, June 8, 2022 3:00 PM-4:00 PM PKT
Wednesday, August 10, 2022 3:00 PM-4:00 PM PKT
Setting up a SOC at your University.
Tuesday, April 6, 2021 5:30 PM-6:30 PM PKT
Tuesday, May 4, 2021 4:00 PM-5:00 PM PKT
Tuesday, June 1, 2021 5:30 PM-6:30 PM PKT
Tuesday, July 6, 2021 5:30 PM-6:30 PM PKT
Tuesday, August 3, 2021 5:30 PM-6:30 PM PKT
Content Will Be Available Soon.
Job Title: | Certification Lead-Cybersecurity-IBM Cloud Pak for Security V1.x Administrator | Apply Now |
Education: | BS/MS in Computer Science, Information Technology or similar disciplines | |
Location: | PK | |
Job Description: |
||
|
Job Title: | Certification Lead-Cybersecurity-IBM Certified Associate Analyst - IBM QRadar SIEM V7.3.2 | Apply Now |
Education: | BS/MS in Computer Science, Information Technology or similar disciplines | |
Location: | PK | |
Job Description: |
||
|
Job Title: | Certification Lead-Cybersecurity-IBM Certified SOC Analyst – IBM QRadar SIEM V7.3.2 | Apply Now |
Education: | BS/MS in Computer Science, Information Technology or similar disciplines | |
Location: | PK | |
Job Description: |
||
|
Job Title: | Certification Lead-Cybersecurity-IBM Certified Deployment Professional - IBM QRadar SIEM V7.3.2 | Apply Now |
Education: | BS/MS in Computer Science, Information Technology or similar disciplines | |
Location: | PK | |
Job Description: |
||
|
Job Title: | Certification Lead-Cybersecurity-IBM Certified Associate Administrator - IBM QRadar SIEM V7.3.2 | Apply Now |
Education: | BS/MS in Computer Science, Information Technology or similar disciplines | |
Location: | PK | |
Job Description: |
||
|
Job Title: | Certification Lead-Cybersecurity-IBM Cloud Pak for Security V1.x Administrator | Apply Now |
Education: | BS/MS in Computer Science, Information Technology or similar disciplines | |
Location: | PK | |
Job Description: |
Job Title: | Certification Lead-Cybersecurity-IBM Certified Associate Analyst - IBM QRadar SIEM V7.3.2 | Apply Now |
Education: | BS/MS in Computer Science, Information Technology or similar disciplines | |
Location: | PK | |
Job Description: |
Job Title: | Certification Lead-Cybersecurity-IBM Certified SOC Analyst – IBM QRadar SIEM V7.3.2 | Apply Now |
Education: | BS/MS in Computer Science, Information Technology or similar disciplines | |
Location: | PK | |
Job Description: |
Job Title: | Certification Lead-Cybersecurity-IBM Certified Deployment Professional - IBM QRadar SIEM V7.3.2 | Apply Now |
Education: | BS/MS in Computer Science, Information Technology or similar disciplines | |
Location: | PK | |
Job Description: |
Job Title: | Certification Lead-Cybersecurity-IBM Certified Associate Administrator - IBM QRadar SIEM V7.3.2 | Apply Now |
Education: | BS/MS in Computer Science, Information Technology or similar disciplines | |
Location: | PK | |
Job Description: |
Red Team Tools | Red Team Tools | Blue Team Group 1 | Blue Team Group 2 | Blue Team Group 3 | Blue Team Group 4 | Blue Team Group 5 | Blue Team Group 6 | Blue Team Group 7 | Blue Team Group 8 | |||||||
Lesson | Topic | Type | Module Duration (hours) | Detail description ( purpose, target, detail content) | Kali Linux | Windows | BPS+ NGFW | BPS + NGFW + SIEM + NAC | BPS + NGFW + WAF | BPS + NGFW + Email FW | BPS + NGFW + Vision One + SandBox | BPS + NGFW + Anti DDoS | BPS + TAP + Vision One + NX | NGFW + End Protection HX | ||
1 | 1.1. | Introduction | LEC | 0.5 | Introduction to the ethical hacking and how to navigate this system for lecture and lab exercises | |||||||||||
1.2 | Fundamentals of Networking | LEC | 2 | In this lecture, we will go over the Internet's protocol suite, composed of the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and the Internet Protocol (IP). Understanding these fundamentals will help understand how attacks are being carried. | X | |||||||||||
1.3 | Hacker Methodology and Mindset | LEC | 2 | In this lecture, we explain the mission, the motive behind the hackers. Hackers have a different mindset as they follow paths and will continue to follow until it fails to progress them on their mission. | X | |||||||||||
2 | 2.1 | Windows and Linux Command Line Usage | LEC | 2 | In this lecture, we will go over a little history of the command line, how to access the command line and why it is useful to be proficient in command line. | X | ||||||||||
2.2 | Windows File Structure and Basic Commands | LAB | 1 | A computer running a Microsoft Windows operating system organizes its data like you would organize files in a file cabinet. Understanding the file structure and leveraging command lines will help speed up your tasks. | X | |||||||||||
2.3 | Windows File Permissions and Attributes | LAB | 1 | Windows provides different sets of file permissions so users can have different level of access to it. Understanding these permissions and attributes can help them take control over these files when needed | X | |||||||||||
2.4 | Windows Net Utilities | LAB | 1 | Network utilities are software utilities designed to analyse and configure various aspects of computer networks. Most of them originated on Unix systems, but Windows have its own version to perform the same task. | X | |||||||||||
2.5 | Windows Powershell script | LAB | 2 | Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration. Built on the .NET Framework, Windows PowerShell helps IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows. More and more fileless malwares utilize PowerShell scripts to avoid detection at file download or leaving a digital footprint in the storage device (HDD) | X | |||||||||||
2.6 | Linux Basic Commands | LAB | 2 | Kali Linux is the most widely used tools for ethnical hackers. It is based on a favor of Linux which understanding Linux commands will help carry out different tasks down the road of ethnical hacking. | X | |||||||||||
2.7 | Linux File Permissions | LAB | 1 | Linux is a multi-user operating system, so it has security to prevent people from accessing each other’s confidential files. Although there are already a lot of good security features built into Linux-based systems, one very important potential vulnerability can exist when file permission was set incorrectly. | X | |||||||||||
2.8 | Linux Bash script | LAB | 2 | Bash is a Unix shell, which is a command line interface (CLI) for interacting with the operating system. Any command that you can run from the command line can be used in a bash script. Scripts are then able to run as a series of commands for automation and even based on conditional of the result. | X | |||||||||||
3 | 3.1 | Footprinting and Reconnaissance | LEC | 1 | Footprinting is all about seeking out information that can be used to facilitate an attack. Reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. In this lecture, you'll learn more about these terms, what its uses for, what information is gathered, and the process involved. | X | ||||||||||
3,2 | Basic Port Scanning | LAB | 1 | Network scanner is an important element in the arsenal of the network administrator as well as the penetration tester. It enables them to map the network and its topology without manually searching for devices one by one. It allows a security analyst or penetration tester to find devices on the network that are open for attacks. | X | |||||||||||
3.3 | OS Fingerprint | LAB | 1 | OS Fingerprinting is to detect the type and version of the operating system of an end-host by analyzing packets, which originate from that system. It is used by security professionals and hackers for mapping remote networks and determining which vulnerabilities might be present to exploit | X | |||||||||||
3.4 | Banner Grabbing | LAB | 1 | Banner grabbing is a technique used to gain information about a computer system on a network and the services running on its open ports. Security analyst or penetration testers can use this to take inventory or gain more information of the systems | X | |||||||||||
4 | 4.1 | Social Engineering and Insider Threat | LEC | 1 | Social engineering attacks are methods that scammers/hackers use to deceive users to disclose personal and or financial information to help gain access to the network. On the other hand, insider threats come from people within the organization. This lecture will overview how social engineering works and the how it is related to insider threat. | X | ||||||||||
4.2 | Spearphishing | LAB | 1 | Spear phishing is a type of phishing which uses email or electronic communications to scam towards a specific individual, organization or business target. Although often intended to steal data for malicious purposes, cybercriminals may also intend to utilize as point of entry. | X | |||||||||||
5 | 5.1 | Types of Attacks | LEC | 1 | There are a wide variety of attacks that an attacker could choose to perform on its target. In this lesson, we'll look at several of the different types of attacks that can occur. | X | ||||||||||
5.2 | Network Attacks | LAB | 1 | Network attacks are attacks focused on penetrating the corporate network perimeter and gaining access to internal systems. Typically, once inside, attackers will combine other types of attacks to move/spread within the network. | X | |||||||||||
5.3 | DOS Attacks | LAB | 2 | A denial-of-service attack overwhelms a system’s resources so that it cannot respond to service requests. Unlike attacks that are designed to enable the attacker to gain or increase access, denial-of-service doesn’t provide direct benefits for attackers. | X | |||||||||||
6 | 6.1 | Types of Vulnerabilities | LEC | 1 | Vulnerability is a weakness which can be exploited by an attacker to perform unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface and in this lecture, we will cover some of the common types of vulnerabilities. | X | ||||||||||
6.2 | Types of Malware | LEC | 2 | Malware is short for malicious software, meaning software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause harm to the host computer. Malware is a broad term that refers to a variety of malicious programs and this lecture will cover the common types of malware and what it does. | X | |||||||||||
7 | 7.1 | Introduction to Metasploit | LEC | 1 | Metasploit is one of the most popular open source penetration testing frameworks available today. It offers tons of tools that range from scanning utilities to easy to launch exploits that include encoders used to bypass common security defenses. This lecture will cover the history and modules in Metasploit. | X | ||||||||||
7.2 | MSFConsole | LAB | 1 | MSFConsole is probably the most popular interface to the Metasploit Framework (MSF). It provides an “all-in-one” centralized console and allows users efficient access to virtually all of the options available in the MSF. MSFConsole may seem intimidating at first, but once you learn the syntax of the commands you will learn to appreciate the power of utilizing this interface. | X | |||||||||||
7.3 | Metasploit Database | LAB | 1 | An important feature of Metasploit is the presence of databases which you can use to store your penetration testing results. Any penetration test consists of lots of information and can run for several days so it becomes essential to store the intermediate results and findings. | X | |||||||||||
7.4 | Information Gathering With Metasploit | LAB | 1 | Information gathering could be used to gain accurate information about a target without revealing your presence or your intentions. Metasploit is the best console for information gathering, as it is a very comprehensive penetration testing tool. | X | |||||||||||
7.5 | Vulnerability Scanning With Metasploit | LAB | 1 | Apart from penetration testing, Metasploit also performs a very good vulnerability assessment in network and web applications. It has built-in plug-ins for some famous vulnerability scanners, such as Nessus, Nexpose, OpenVAS, and WMAP. | X | |||||||||||
7.6 | Metasploit Attacks | LAB | 2 | After vulnerability scanning and validation, the next phase is to exploit these vulnerabilities in order to gain access to the machine. | X | |||||||||||
7.7 | Metasploit Payloads | LAB | 2 | Payload, in simple terms, are simple scripts that the hackers utilize to interact with a hacked system. Using payloads, they can transfer data to a victim system. | X | |||||||||||
7.8 | Armitage | LAB | 1 | Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for: shared sessions, data, and communication through a single Metasploit instance. | X | |||||||||||
7.9 | Buffer Overflow | LAB | 1.00 | Buffer overflow has been used for many years as an effective mean for system penetration to gain remote access. Buffer overflow exploitation takes advantage of weak software programming such as boundary check for memory usage of declared buffers somewhere in the program to undermine software security and exploit its vulnerability so that attacker can remotely access victim's system. | X | |||||||||||
8 | 8 | Defense Mechanisms - Industry Best Practices | LEC | 2 | In this lecture, we will cover some of the common defensive mechanism in the market and what are the best practice in using them. | X | ||||||||||
9 | 9.1 | Encryption and Cryptography | LEC | 2 | Encryption is the process of taking a readable plain text document or image and scrambling that document or image to an extent that it is no longer readable. The intent of encryption is hide and protect the contents of that file from improper disclosure. Cryptography on the other hand is the techniques for establishing secure communication so data could be transferred without being wiretapped. This lecture will cover both topics and their differences. | X | ||||||||||
9.2 | XOR | LAB | 1 | XOR (Exclusive OR/Exclusive disjunction) is a type of simple additive cipher. XOR is not only used in encryption, it is also used in logical operations in hardware architecture to for data instructions. | X | |||||||||||
9.3 | Base64 | LAB | 1 | Base64 is a group of binary-to-text encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation. The term Base64 originates from a specific MIME content transfer encoding. Each Base64 digit represents exactly 6 bits of data. Three 8-bit bytes (i.e., a total of 24 bits) can therefore be represented by four 6-bit Base64 digits. Some weak authentication will use Base64 encoding as a form of encryption which delivering sensitive information such as credentials over open media. | X | |||||||||||
9.4 | MD5 | LAB | 1 | The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. Most malware analysis and signature leverage MD5 as a method to confirm the identity of the file. | X | |||||||||||
10 | 10.1 | Web Attacks and OWASP Top 10 | LEC | 2 | The web is an indispensable part of many of the business activities a company engages every day. Hackers take advantage of vulnerabilities in these web application coding or software to gain access to a server or database, these types of cyber vandalism threats are known as application layer attacks. OWASP stands for The Open Web Application Security Project which is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the field of web application security. This lecture will go over the background and what are the most common types of web attacks | X | ||||||||||
10.2 | Cross-site Scripting | LAB | 1.00 | Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy | X | |||||||||||
10.3 | Command injection | LAB | 1.00 | Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. | X | |||||||||||
10.4 | SQL Injection | LAB | 1.00 | In this lesson we will learn about SQL injection and how it is used by hackers to retrieve secure data. We will also discuss real life example and ways SQL injection can be prevented. | X | |||||||||||
11 | 11.1 | Exfiltration | LEC | 1 | Data exfiltration occurs when hackers and/or insider carries out an unauthorized data transfer from a computer. It is also commonly called data extrusion or data exportation. Data exfiltration is also considered a form of data theft. This lecture will explain some the motive and techniques used in data exfiltration | X | ||||||||||
11.2 | Steganography | LAB | 1.00 | Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The art of steganography is that the intended secret message does not attract attention to itself as an object of scrutiny through hiding in plain sight. | X | |||||||||||
11.3 | Data Manipulation | LAB | 1.00 | One of the main data exfiltration methods is to leverage communication channels that are most likely allowed such as HTTP/HTTPS/Email/etc. Hackers can disguise their exfiltration as a legitimate web request to bypass detection. | X | |||||||||||
11.4 | DNS Tunneling | LAB | 1.00 | Tunneling is a more concealed methods of data exfiltration as the technique leverage DNS (another common standard protocol) for illegitimate action to bypass detection | X | |||||||||||
56.5 |
Red Team Tools | Red Team Tools | Blue Team Group 1 | Blue Team Group 2 | Blue Team Group 3 | Blue Team Group 4 | Blue Team Group 5 | Blue Team Group 6 | Blue Team Group 7 | Blue Team Group 8 | PS team Feasibility | Effort Needed | Estimated Effort | |||||
Lesson | Module Topic | Content Type | Module Duration (hours) | Detail description ( purpose, target, detail content) | Kali Linux | Windows | BPS+ NGFW | BPS + NGFW + SIEM + NAC | BPS + NGFW + WAF | BPS + NGFW + Email FW | BPS + NGFW + Vision One + SandBox | BPS + NGFW + Anti DDoS | BPS + TAP + Vision One + NX | NGFW + End Protection HX | |||
1 | Security and Responsibilities | LEC | 2 | This lesson covers the basics of the incident response process, the structure, escalation order, service level agreement [SLA] | NO | No | |||||||||||
2 | Roles and Responsibilities | LEC | 1 | Understand the process of incident response team activity, and learn to focus on minimizing damage, and recovering quickly. Understand how to collect and analyze all evidence, determines root cause, directs the other security analysts, and implements rapid system and service recovery |
NO | No | |||||||||||
3 | Incident Handling | LEC | 2 | Learning the 5 steps of Incident Handling a. Preparation b. Identification c. Containment d. Eradication e. Recovery and Lesions learned [RCA] |
NO | No | |||||||||||
4 | Hacker Methodology | LEC | 2 | In this lesson, understand the techniques and motive leading to an attack by hacker. To identify, defend and deal with different attacks and zero day attacks in particular, and understand the various method in order to prevent it. | NO | No | |||||||||||
5 | Security Logs | LEC/LAB | 1 | Understand the different kinds of security logs in a security device which helps enable understand the different attacks passing through or being attempted on the network | X | NO | No | ||||||||||
6 | Networking and Packet Analysis | LEC/LAB | 2 | This topic covers how to enable the right packet captures in the network, where the need be and perform deep dive on the same. Looking at different capture files and understanding the traffic and attack flows, help discover network issues and resolve them. | X | NO | No | ||||||||||
7 | Basic Malware Analysis | LEC/LAB | 1 | Performing analysis on the captured flow of traffic to understand the piece of code [malware] in order to assess the damage and find the point of compromise and whether a vulnerability exploitation occurred. | NO | No | |||||||||||
8 | Honeypots | LEC/LAB | 2 | Honeypot is a trap that a network defender lays for a hacker, and the expectation is to have a flow of communication or exchange of packets/traffic flow which can be used to gain useful information about the attacker. | Yes | Yes | 2 | ||||||||||
9 | Basic Forensics | LEC/LAB | 1 | In this lesson, understand the basics of what forensics means learn identification, collection, analysis and reporting the findings. | X | NO | No | ||||||||||
10 | Hashing Algorithms | LEC/LAB | 2 | Learn the need to use the hashing algorithm as it is one of 3 key aspects of CIA [Confidentiality, Integrity and Availability] and work with different hash functions and configure and see the difference | X | NO | No | ||||||||||
11 | Parsing and Correlating Security Logs | LEC/LAB | 2 | Learning how the parsing works, tools used must be easy to extract the data elements values from the raw log data. Different incidents happening across the entire network must be correlated in a way to help analyze what is occurring and use that information to learn to solve the issue at hand | X | NO | No | ||||||||||
12 | Back up and Restoration | LEC/LAB | 1 | Being part of the Incident Response team, daily tasks include to do various backups of different systems and machines across the network and being able to restore them in case of any failures/bugs/issues and timely backups safely stored helps enable the same. | X | NO | No | ||||||||||
13 | Insider Threat - DLP | LEC/LAB | 2 | Understand how the attacker works and targets the employees or the people 'inside' the network, so to install a malicious code on the machine or open a backdoor and that gives the attacker access to the system and resources which they shouldn’t have and it can be just a simple click from the inside user side and unknowingly they would have allowed for the hacker to get it. | X | NO | No | ||||||||||
14 | APT - Case Study | LEC/LAB | 2 | In this lesson will explain all the different steps taken by an attacker to be able to get inside a network and access the resources and steal just by exploiting human/machine vulnerability with a Realtime example | X | Yes | No | ||||||||||
23 | 2 |
Red Team Tools | Red Team Tools | Blue Team Group 1 | Blue Team Group 2 | Blue Team Group 3 | Blue Team Group 4 | Blue Team Group 5 | Blue Team Group 6 | Blue Team Group 7 | Blue Team Group 8 | PS team Feasibility | Effort Needed | Estimated Effort | |||||
Lesson | Module Topic | Content Type | Module Duration (hours) | Detail description ( purpose, target, detail content) | Kali Linux | Windows | BPS+ NGFW | BPS + NGFW + SIEM + NAC | BPS + NGFW + WAF | BPS + NGFW + Email FW | BPS + NGFW + Vision One + SandBox | BPS + NGFW + Anti DDoS | BPS + TAP + Vision One + NX | NGFW + End Protection HX | |||
1 | Essential Tools | LEC/LAB | 3 | Ethical hacking tools allow you to scan, search and find the flaws and vulnerabilities within any company to help make their systems and applications more secure. In this lesson, we will go over some of the essential tools that most ethnical hackers use. | X | Yes | No | ||||||||||
2 | Passive Information Gathering | LEC/LAB | 3 | In passive information gathering, we are collecting information about the targets using publicly available information(resources). We can use Search engine results, who-is information, etc. The goal is to find many information as possible about the target without establishing contact. | X | Yes | Yes | 3 | |||||||||
3 | Active Information Gathering | LEC/LAB | 3 | In active Information Gathering, we can gather more information about these targets by actively interacting with them. However, unlike passive information gathering, doing this without authorization can be illegal (in some countries). Methods include DNS Enumeration, Port Scanning, OS Fingerprinting,etc. | X | Yes | No | ||||||||||
4 | Metasploit framework | LEC/LAB | 5 | Metasploit is one of the most popular open source penetration testing frameworks available today. It offers tons of tools that range from scanning utilities to easy to launch exploits that include encoders used to bypass common security defenses. This lesson will cover the history, modules and usage of Metasploit. | X | Yes | No | ||||||||||
5 | Vulnerability Scanning | LEC/LAB | 2 | Vulnerability scanning is the act of identifying potential vulnerabilities in network devices and applications. It is automated and focuses on finding potential and known vulnerabilities on the network or an application level. This lesson will cover different vulnerability scanners and their usage | X | Yes | Yes | 2 | |||||||||
6 | Password Attacks | LEC/LAB | 3 | Password attacks are a critical arsenal of a pen test in which preparation can make a major impact on the success (or failure) of a pen test. In this lesson, we will look at both local and remote password attacks and their prospective advantages and disadvantages for each. | X | Yes | No | ||||||||||
7 | Spoofing Attacks | LEC/LAB | 5 | Many of the protocols in the TCP/IP suite do not provide mechanisms for authenticating the source or destination of a message, and are thus vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host. IP spoofing and ARP spoofing in particular may be used to leverage man-in-the-middle attacks against hosts on a computer network. | X | Yes | No | ||||||||||
8 | Buffer Overflow Exploitation | LEC/LAB | 2 | Buffer overflow has been used for many years as an effective mean for system penetration to gain remote access. Buffer overflow exploitation takes advantage of weak software programming such as boundary check for memory usage of declared buffers somewhere in the program to undermine software security and exploit its vulnerability so that attacker can remotely access victim's system. | X | Yes | Yes | 2 | |||||||||
9 | Privilege Escalation | LEC/LAB | 2 | Privilege escalation is the act of exploiting a bug, design flaw, misconfiguration in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions. In this lesson, we will explain how that is archived. | X | Yes | No | ||||||||||
10 | Web Application Attacks | LEC/LAB | 5 | The web is an indispensable part of many of the business activities a company engages every day. Hackers take advantage of vulnerabilities in these web application coding or software to gain access to a server or database, these types of cyber vandalism threats are known as web application attacks. In this lesson, we will look into different types of web application attacks, how they leverage coding or software errors/vulnerabilities. | X | Yes | No | ||||||||||
11 | Exfiltration | LEC/LAB | 3 | Data exfiltration occurs when hackers and/or insider carries out an unauthorized data transfer from a computer. It is also commonly called data extrusion or data exportation. Data exfiltration is also considered a form of data theft. This lesson will explain some the motive and techniques used in data exfiltration with lab exercise | X | Yes | No | ||||||||||
36 | 7 |
Red Team Tools | Red Team Tools | Blue Team Group 1 | Blue Team Group 2 | Blue Team Group 3 | Blue Team Group 4 | Blue Team Group 5 | Blue Team Group 6 | Blue Team Group 7 | Blue Team Group 8 | PS team Feasibility | Effort Needed | Estimated Effort | ||||||
Lesson | Module Topic | Content Type | Module Duration (hours) | Detail description ( purpose, target, detail content) | Kali Linux | Windows | BPS+ NGFW | BPS + NGFW + SIEM + NAC | BPS + NGFW + WAF | BPS + NGFW + Email FW | BPS + NGFW + Vision One + SandBox | BPS + NGFW + Anti DDoS | BPS + TAP + Vision One + NX | NGFW + End Protection HX | ||||
1 | 1.1 | Attack Evolution and Trend | LEC | 1 | Learn how the attacks are evolving and becoming smarter and sophisticated with minimal efforts or ongoing effort required by the hackers and a simple code released can do the job. And the existing known attacks can be tweaked in a way they become new [zero-day] attacks which is not detected by the security systems. | NO | ||||||||||||
1.2 | Attack Detection Method | LEC | 1 | In the lesson the various methods to detect and attack are taught which can be used by the defenders depending on the different security systems in place, using captures to detect new attack patterns, identify different traffic types and detecting and using methods to prevent it | NO | |||||||||||||
2 | 2.1 | Advanced persistent threat (APT) | LEC | 2 | This lesson explains the working of the advanced persistent threat (APT), as it uses multiple phases to break into a network, avoid detection, and harvest valuable information over the long term. This infographic details the attack phases, methods, and motivations that differentiate APTs from other targeted attacks. | Yes | Yes | 2 | ||||||||||
2.2 | Step 1. Reconnaissance Attacks | LEC/LAB | 2 | Students will learn the methodology followed behind the attack, do the same type of research that an attacker uses and learn to use the same by doing various labs on [whois lookups, web based recon, DNS analysis etc.] | X | NO | ||||||||||||
2.3 | Step 2: Malicious URL access | Point of Entry | LEC/LAB | 2 | Understand and perform lab exercises to understand how the attacker uses this step to gain access or to delivery malicious code as an entry point. Attacks use various approaches, social engineering, spamming etc. to ensure the link is clicked or an attachment is downloaded by the user | X | Yes | ||||||||||||
2.4 | Step 3: Using Exploits and Malware to gain access | LEC/LAB | 2 | The delivery method can be any as used by the attacker to pass the exploits or the malwares inside the system to the user. As this exploits/malwares depending on their nature and the code performs various tasks such as granting root access to the attacker on the system, opening a backdoor, moving laterally in the system and advance techniques such as code rewriting to cover the tracks. | X | NO | ||||||||||||
2.5 | Step 4: Callback C&C traffic. | LEC/LAB | 2 | A C&C [Command and Control] server is a system controlled by the attacker. The purpose for it to exist is to be able to receive the connections from the targeted org. internal network and be able to exploit it by getting in. C&C server maintains communications with the compromised host inside the network [computers, smartphones, IoT]. This session will cover the understanding and working in real-time of the same. | X | NO | ||||||||||||
2.6 | Step 5: Data Leakage | LEC/LAB | 2 | This lessons will teach what does data leakage means and looks like in real life. The malware/exploit will steal the intended data on one machine then exfiltrates the data off the network to the external place of storage controlled by the attacker. Data stolen has many purposes, such as attacker wants to just sell it back to the org and make money, sell it on the dark web to the highest bidder and in some cases the whole motive of the entire APT is personal or being paid by the competition. | X | Yes | Yes | 2 | ||||||||||
3 | 3.1 | Perimeter Defense | LEC | 1 | Learn the different defense mechanisms used by the companies to protect the perimeter. Everyone has unique network design and some have more perimeter devices to protect the network such as financial or health orgs. The defense used on the perimeter is very crucial as is the first line of defense and is prone to many attacks and unrequired traffic. It is crucial for it to be monitored, updated and handled on daily basis. | X | NO | |||||||||||
3.2 | Geolocation | LAB | 1 | Geolocation databases are part of the security or network devices used these days. Understand the importance of having a geolocation feature. It is quite crucial and handy method to block unwanted traffic reaching your network and to prevent the devices from being overloaded with traffic not important for the network. | X | NO | ||||||||||||
3.3 | Application awareness and control | LAB | 1 | The traditional devices didn’t have this option - so this lesson covers the need for this feature and how to use it. It lets you see which applications are being used on your network and provides you with a means to control this application usage. By identifying the applications and enforcing network security policy at the application layer - independently of port and protocol | X | NO | ||||||||||||
3.4 | IPS | LAB | 2 | Intrusion Prevention Systems are one of the most important in the line of defense for any network and it works on signature concept which gets triggered based on the traffic/attacks seen. Live in the same area of the network as a firewall or part of it [NGFW], between the outside world and the internal network. IPS proactively deny network traffic based on a security profile if that packet represents a known security threat. | X | NO | ||||||||||||
3.5 | URL Filtering | LAB | 2 | Understand different categories of URLs and the mechanisms to filter the same based on the needs defined by the architecture design and user requirement in an organization. It allows to control Internet access by allowing or blocking access to sites based on the categories that a URL belongs to. By blocking various categories which are not required or the domains or creating personal black-list one can truly reduce the number of threats affecting the network. | X | NO | ||||||||||||
3.6 | Anti-Virus/Anti-Malware | LAB | 2 | Learn the need for having anti-virus/malware feature available on various security tools and practice to configure it. The ability to inspect the http/https traffic on the go for any infected file or any traffic flow and to ensure it doesn’t pass through the device. This ability lets you scan the incoming files for any virus or malware which a user might not be aware of but is hidden as part of the file and thus can be prevented. | X | NO | ||||||||||||
4 | 4.1 | SIEM | LEC | 1 | Security information and event management (SIEM) software gives enterprise security professionals both insight into and a track record of the activities within their IT environment. | X | NO | |||||||||||
4.2 | Introduction to SIEM | LAB | 2 | SIEM collects and aggregates log data generated throughout the organization’s technology infrastructure, from host systems and applications to network and security devices such as firewalls and antivirus filters. This lesson will cover the usage of the SIEM to understand the basics and to use various search filters. | X | NO | ||||||||||||
4.3 | Planning and Sizing | LAB | 1 | As part of the defense team for any team of an org. it will be the responsibility of some team members to do the right sizing of the SIEM needed for their network. As this tools parse data and licensing works based on how much traffic is parsed by it and the ability to give that data in a way user understand. It would depend on the users and the bandwidth of the traffic passing through. | X | NO | ||||||||||||
4.4 | Log Collection and Correlation | LAB | 2 | The SIEM identifies and categorizes incidents and events, as well as analyzes them. The software delivers on two main objectives, which are to provide reports on security-related incidents and events, such as successful and failed logins, malware activity and other possible malicious activities and send alerts if analysis shows that an activity runs against predetermined rulesets and thus indicates a potential security issue. | X | NO | ||||||||||||
4.5 | Monitoring and Tuning | LAB | 2 | The final SIEM lesson covers how to monitor it efficiently and fine tune it. It can become overwhelming without spending time to understand the context and value from each of the log sources and leverage configuration with the SIEM to control the amount of data presented to you. | X | NO | ||||||||||||
5 | 5.1 | Introduction to Network and Packet Analysis | LEC | 2 | This lesson will cover the understanding required to analyze the packet or protocol. This methodology is used to capture and intercept different chunks of data as it traverses through the network in order to be able to understanding what is happening inside the network, or debugging actual issue where the connections or traffic is not passing through or to understand the failure of a device or a system which led to downtime. | NO | ||||||||||||
5.2 | Network visibility | LAB | 2 | Network visibility solutions provide real-time, end-to-end visibility, insight and security into physical, virtual networks, delivering the control, coverage and performance in a seamless fashion to protect and improve crucial networking, data center and cloud business assets. | X | NO | ||||||||||||
5.3 | Packet analysis 1 | LAB | 2 | Learn to capture packets in real time and display in human readable format is done by the tools and to be able to make sense of the flow. Intercept, log traffic that passes through the network and perform right interpretation. | X | NO | ||||||||||||
5.4 | Packet analysis 2 | LAB | 2 | Learn to decode the raw data showing the values of the various fields of the packets and analyze the content according to appropriate RFC or the standards. Do a deep analysis of the protocols or packets and extract any payload or attachment and to perform deeper forensic techniques. | X | NO | ||||||||||||
39 | 4 |
Red Team Tools | Red Team Tools | Blue Team Group 1 | Blue Team Group 2 | Blue Team Group 3 | Blue Team Group 4 | Blue Team Group 5 | Blue Team Group 6 | Blue Team Group 7 | Blue Team Group 8 | PS team Feasibility | Effort Needed | Estimated Effort | ||||||
Lesson | Module Topic | Content Type | Module Duration (hours) | Detail description ( purpose, target, detail content) | Kali Linux | Windows | BPS+ NGFW | BPS + NGFW + SIEM + NAC | BPS + NGFW + WAF | BPS + NGFW + Email FW | BPS + NGFW + Vision One + SandBox | BPS + NGFW + Anti DDoS | BPS + TAP + Vision One + NX | NGFW + End Protection HX | ||||
1 | 1.1 | SQL Injection | LEC/LAB | 1.5 | In this scenario, the attackers injects malicious SQL code in the form of requests or queries in user input fields on web applications such as submission forms, contact forms, etc. Doing so, they get access to the application’s backend database where they sneak in to extract sensitive and confidential information of the customers or the business itself, get unauthorized administrative access, modify or delete data, etc. or even gain full control of the web application. | X | Yes | No | ||||||||||
1.2 | Cross-Site Scripting | LEC/LAB | 1 | XSS attacks are aimed at users of vulnerable web applications/ websites in order to gain access to and control their browsers. Here, the attackers use vulnerabilities and gaps in the application to inject malicious scripts/ codes that get executed when the unsuspecting user loads the application/ website. | X | Yes | No | |||||||||||
1.3 | Remote File Inclusion | LEC/LAB | 1 | Remote file inclusion (RFI) is an attack targeting vulnerabilities in web applications that dynamically reference external scripts. Attacker’s goal is to exploit the referencing function in an application to upload malware (e.g., backdoor shells) from a remote URL located within a different domain. | X | Yes | Yes | 1 | ||||||||||
1.4 | Local File Inclusion | LEC/LAB | 1 | Local file inclusion (LFI) is a vector that involves uploading malicious files to servers via web browsers. LFI assaults aim to exploit insecure local file upload functions that fail to validate user-supplied/controlled input. | X | Yes | Yes | 1 | ||||||||||
1.5 | OS Command Injection | LEC/LAB | 1.5 | OS Command Injection is a critical class of vulnerability. It allows an attacker to remotely execute code or command on a vulnerable server, which often leads to complete compromise of the server. | X | Yes | Yes | 1.5 | ||||||||||
1.6 | Cross-Site Request Forgery | LEC/LAB | 1 | Cross-Site Request Forgery or CSRF attacks occur when users are tricked into clicking a link or downloading compromised files that execute unwanted or unknown actions on an authenticated user session. | X | Yes | Yes | 1 | ||||||||||
2 | 2.1 | ICMP Flood | LEC/LAB | 1 | In this scenario, we will look at a common Denial of Service (DoS) attack in which an attacker takes down a victim's computer by overwhelming it with ICMP echo requests, also known as pings. | X | Yes | Yes | 1 | |||||||||
2.2 | SYN Flood | LEC/LAB | 1 | In this scenario, we will exploits the TCP handshake by sending a target a large number of TCP “Initial Connection Request” SYN packets with spoofed source IP addresses | X | Yes | Yes | 1 | ||||||||||
2.3 | UDP Flood | LEC/LAB | 1 | In this scenario, we will look at a volumetric denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a connectionless computer networking protocol. | X | Yes | Yes | 1 | ||||||||||
2.4 | SlowLoris | LEC/LAB | 1 | In this scenario, we will look DoS from a different approach. Instead of volumetric based attack for DoS, overwhelm a targeted server by opening and maintaining many simultaneous HTTP connections to the target doesn't utilize a lot of bandwidth. | X | Yes | No | |||||||||||
2.5 | DNS Amplification | LEC/LAB | 1 | In this scenario, we will leverage the DNS server to carry out the attack. DNS server responds to the target with a large amount of data. As a result, the target receives an amplification of the attacker’s initial query | X | Yes | Yes | 1 | ||||||||||
2.6 | Network Meltdown | LEC/LAB | 1.5 | In this scenario, a combination of volumetric attacks such as UDP flooding and TCP SYN flooding attacks & critical malware attacks flooded to measure the mitigation capabilities of an anti-DDoS & IPS solution | X | Yes | No | |||||||||||
3 | 3.1 | Spammers and Anti-spam | LEC/LAB | 1.5 | In this scenario, we look at what is a spammer and their objectives. How secure email gateway solution prevent users from receiveing spam emails or how spam emails are handled | X | Yes | No | ||||||||||
3.2 | Antivirus in Email | LEC/LAB | 1 | In this scenario, we look at how secure email gateway protect users from malicious attachements using antivirus engines and what are some common or best practice approach | X | Yes | No | |||||||||||
3.3 | Phishing Email | LEC/LAB | 1 | Phishing email is the most common entry point on a cyber security attack. In this scenario, we examine what is a phishing email, the motives behind it and its objectives. Then we will look at ways we could prevent phishing emails. | X | Yes | Yes | 1 | ||||||||||
3.4 | Content Disarm and Reconstruction | LEC/LAB | 1 | In this scenario, we examine how some HTML contents in email body and attachments may contain potentially malicious tags and attributes (such as hyperlinks and scripts). Also, MS Office and PDF attachments may contain malicious macros, active scripts, and other active contents which is harmful to users. content disarm and reconstruction could remove or neutralize the potentially hazardous contents and reconstruct the email messages and attachment files. | X | Yes | Yes | 1 | ||||||||||
3.5 | Bounce Verification | LEC/LAB | 1 | In this scenario, we examine how spammers fraudulently use others’ email addresses as the sender email address in the message envelope (MAIL FROM:) when delivering spam. When an email cannot be delivered, email servers often return a a delivery status notification (DSN) message (also known as a bounce message) to the sender email address located in the message envelope who never actually sent the original message. | X | NO | ||||||||||||
3.6 | Adult Image Analysis | LEC/LAB | 1.5 | In this scenario, we examine law to prohibit anyone sending or in possession of nude images of minors. One method of identifying and or preventing anyone breaking this law especially in work environment is to detect users sending/receiving adult images via email | X | Yes | Yes | 1.5 | ||||||||||
3.7 | DLP in Email | LEC/LAB | 1.5 | In this scenario, we looked at how users accidentally or intentionally send confidential or sensitive information out of the organization via email. Data Loss Prevention on email allows you to prevent sensitive data from leaving your network | X | Yes | Yes | 1.5 | ||||||||||
3.8 | Directory Harvest Attack | LEC/LAB | 1.5 | In this scenario, we look at one common method used by spammers to determine an email server’s valid email addresses so that they can be added to a spam database. We will look at how we could prevent directory harvest attack. | X | NO | ||||||||||||
1 | 1.1 | Network Traffic Access (TAP vs SPAN) | LEC/LAB | 1.5 | In this scenario, we will examine how to gain access to network traffic at packet level. What is the pros and cons of using SPAN ports and network Taps | X | NO | |||||||||||
1.2 | Role of Network Packet Broker | LEC/LAB | 1 | In this scenario, we look at network security with visibility layer. What is a Network Packet Broker and how it enable security tools to the correct data | X | NO | ||||||||||||
1.3 | Application Processing in NPB | LEC/LAB | 1 | In this scenario, we dig deeper into some of the features in Network Packet Broker and how it could enhance security by providing visibility in encrypted traffic with passive SSL decryption | X | NO | ||||||||||||
1.4 | Active/Inline SSL Interception | LEC/LAB | 1 | In this scenario, we look at how SSL/TLS evolved with PFS, why it is a double edged sword and organizations' approach to detect malicious traffic inside encrypted traffic with TLS 1.3 | X | NO | ||||||||||||
2 | 2.1 | Endpoint Protection | LEC/LAB | 1.5 | In this exercise, we look at how endpoint protection evolved from Antivirus software(AV) to Endpoint Detection and Response (EDR). What is the differences between the two and how EDR works. | X | Yes | No | ||||||||||
2.2 | Indicator of Compromise (IOC) on Endpoint | LEC/LAB | 1 | In this exercise, we will examine how EDR defines or determine an indicator of compromise (IOC) on an endpoint device. What will trigger an IOC and how to confirm an IOC. | X | NO | ||||||||||||
2.3 | Endpoint Triage Summary and Report | LEC/LAB | 1 | In this exercise, we will look at the triage summary and triage report in EDR. We will go through the information and investigation techniques in these triage summary and reports. | X | NO | ||||||||||||
2.4 | Compromised Endpoint Containment | LEC/LAB | 1 | In this scenario, we will take action on containing a compromised endpoint with EDR. Containment should be done immediately to prevent other endpoints being infected by compromised endpoint. It could also help to further investigate and finding root cause of compromise with containment. | X | NO | ||||||||||||
2.5 | Data Acquisition on Endpoint | LEC/LAB | 1 | In this scenario, after an endpoint had been contained, data acquistion or live forensic could be performed on the compromised endpoint without affecting other endpoints. This is an essential step in understanding the extent and potential impact of the intrusion | X | NO | ||||||||||||
2.6 | Automated rule creation from Network Security Alerts | LEC/LAB | 1.5 | In this scenario, we will look at how network security (NX) could integrate and create custom IOC rules for EDR (HX). Network security will be able to identify new threat then create a new rule for all endpoints to protect themselves. | X | X | NO | |||||||||||
3 | 3.1 | Sandboxing technique | LEC/LAB | 3 | In this exercise, we will go over sandboxing technique. How it is different from traditional detection method and what are the ways/mode of operations in using sandboxing | X | Yes | Yes | 3 | |||||||||
3.2 | Suspicious characteristics of a file | LEC/LAB | 2 | In this scenario, we look at what kind of behavior would be consider suspicious or malicious when a file is being executed in a sandboxing environment. | X | Yes | Yes | 2 | ||||||||||
3.3 | Yara rules | LEC/LAB | 1 | In this scenario, we look at what is a yara rule, how to create one and how it is used to identify malware families. | X | NO | ||||||||||||
3.4 | Custom VM for Sandboxing | LEC/LAB | 1 | In this scenario, we examine the VM used for sandboxing. Each organization uses different combination of OS version, applications and configuration which should be used in the sandboxing environment in order to simulate file execution in realistic set up. | X | NO | ||||||||||||
3.5 | Indicator of Compromise (IOC) and STIX | LEC/LAB | 1 | In this exercise, we will look at what information is collected when there is an indicator of compromise. These information Typically includes virus signatures, IP addresses, malware files or URLs MD5 hashes, or domain names of botnet command and control servers. It is common in the industry to store these data in STIX format. | X | NO | ||||||||||||
43 | 13.5 |
Red Team Tools | Red Team Tools | Blue Team Group 1 | Blue Team Group 2 | Blue Team Group 3 | Blue Team Group 4 | Blue Team Group 5 | Blue Team Group 6 | Blue Team Group 7 | Blue Team Group 8 | PS team Feasibility | ||||||
Lesson | Module Topic | Content Type | Module Duration (hours) | Detail description ( purpose, target, detail content) | Kali Linux | Windows | BPS + NGFW | BPS + NGFW + SIEM + NAC | BPS + NGFW + WAF | BPS + NGFW + Email FW | BPS + NGFW + Vision One + SandBox | BPS + NGFW + Anti DDoS | BPS + TAP + Vision One + NX | NGFW + End Protection HX | ||
1 | 1.1 | Network Traffic Access (TAP vs SPAN) | LEC/LAB | 1.5 | In this scenario, we will examine how to gain access to network traffic at packet level. What is the pros and cons of using SPAN ports and network Taps | X | NO | |||||||||
1.2 | Role of Network Packet Broker | LEC/LAB | 1 | In this scenario, we look at network security with visibility layer. What is a Network Packet Broker and how it enable security tools to the correct data | X | NO | ||||||||||
1.3 | Application Processing in NPB | LEC/LAB | 1 | In this scenario, we dig deeper into some of the features in Network Packet Broker and how it could enhance security by providing visibility in encrypted traffic with passive SSL decryption | X | NO | ||||||||||
1.4 | Active/Inline SSL Interception | LEC/LAB | 1 | In this scenario, we look at how SSL/TLS evolved with PFS, why it is a double edged sword and organizations' approach to detect malicious traffic inside encrypted traffic with TLS 1.3 | X | NO | ||||||||||
2 | 2.1 | Endpoint Protection | LEC/LAB | 1.5 | In this exercise, we look at how endpoint protection evolved from Antivirus software(AV) to Endpoint Detection and Response (EDR). What is the differences between the two and how EDR works. | X | NO | |||||||||
2.2 | Indicator of Compromise (IOC) on Endpoint | LEC/LAB | 1 | In this exercise, we will examine how EDR defines or determine an indicator of compromise (IOC) on an endpoint device. What will trigger an IOC and how to confirm an IOC. | X | NO | ||||||||||
2.3 | Endpoint Triage Summary and Report | LEC/LAB | 1 | In this exercise, we will look at the triage summary and triage report in EDR. We will go through the information and investigation techniques in these triage summary and reports. | X | NO | ||||||||||
2.4 | Compromised Endpoint Containment | LEC/LAB | 1 | In this scenario, we will take action on containing a compromised endpoint with EDR. Containment should be done immediately to prevent other endpoints being infected by compromised endpoint. It could also help to further investigate and finding root cause of compromise with containment. | X | NO | ||||||||||
2.5 | Data Acquisition on Endpoint | LEC/LAB | 1 | In this scenario, after an endpoint had been contained, data acquistion or live forensic could be performed on the compromised endpoint without affecting other endpoints. This is an essential step in understanding the extent and potential impact of the intrusion | X | NO | ||||||||||
2.6 | Automated rule creation from Network Security Alerts | LEC/LAB | 1.5 | In this scenario, we will look at how network security (NX) could integrate and create custom IOC rules for EDR (HX). Network security will be able to identify new threat then create a new rule for all endpoints to protect themselves. | X | X | NO | |||||||||
3 | 3.1 | Sandboxing technique | LEC/LAB | 3 | In this exercise, we will go over sandboxing technique. How it is different from traditional detection method and what are the ways/mode of operations in using sandboxing | X | NO | |||||||||
3.2 | Suspicious characteristics of a file | LEC/LAB | 2 | In this scenario, we look at what kind of behavior would be consider suspicious or malicious when a file is being executed in a sandboxing environment. | X | NO | ||||||||||
3.3 | Yara rules | LEC/LAB | 1 | In this scenario, we look at what is a yara rule, how to create one and how it is used to identify malware families. | X | NO | ||||||||||
3.4 | Custom VM for Sandboxing | LEC/LAB | 1 | In this scenario, we examine the VM used for sandboxing. Each organization uses different combination of OS version, applications and configuration which should be used in the sandboxing environment in order to simulate file execution in realistic set up. | X | NO | ||||||||||
3.5 | Indicator of Compromise (IOC) and STIX | LEC/LAB | 1 | In this exercise, we will look at what information is collected when there is an indicator of compromise. These information Typically includes virus signatures, IP addresses, malware files or URLs MD5 hashes, or domain names of botnet command and control servers. It is common in the industry to store these data in STIX format. | X | NO | ||||||||||
19.5 |
Red Team | Red Team | PS team Feasibility | ||||||
Lesson | Module Topic | Content Type | Module Duration (hours) | Detail description ( purpose, target, detail content) | FortiAP | UXM | ||
1 | 1.1 | Wi-Fi Introduction | LEC/LAB | 5 | Wi-Fi (IEEE 802.11 based WLANs) allows networking of computers and digital devices without the need for wires. Data is transferred over radio frequencies, allowing Wi-Fi capable devices to receive and transmit data when they are in range of a Wi-Fi network. In this lecture, we will go through the history and technology used in Wi-Fi | NO | ||
1.2 | Beacon Frames | LAB | 1 | Beacon frame is one of the management frames in IEEE 802.11 based WLANs. It contains all the information about the network. Beacon frames are transmitted periodically, they serve to announce the presence of a wireless LAN and to synchronize the members of the service set. Beacon frames are transmitted by the access point (AP) in an infrastructure basic service set (BSS). | X | NO | ||
1.3 | Wlan Authentication | LAB | 1 | Before a wireless client device can communicate on a network through the access point, it must first authenticate to the access point. There are different types of authentication supported and some are more vulnerable for sniffing than others | X | NO | ||
1.4 | Hotspot Attacks | LAB | 1 | A rogue WiFi access point that appears to be a legitimate one, but actually has been set up by a hacker to eavesdrop on wireless communications. An evil twin is the wireless version of the “phishing” scam: an attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. | X | NO | ||
1.5 | Cracking WPA2 | LAB | 2 | Cracking WPA2 has been known for quite a long time and involves momentarily disconnecting a connected device from the access point we want to try to crack. However, a lot of public Wi-Fi networks still rely on this authentication method. | X | NO | ||
1.6 | Hacking WPA3 | LAB | 2 | WPA3 is the next generation authentication technique in 802.11 for security measure. However, it had been proven that WPA3 has a serious flaw which can trick the technology to effectively leak the password to a Wi-Fi network. | X | NO | ||
2 | 2.1 | Pen testing mobile devices | LEC | 1 | Mobile devices and applications are everywhere. Mobile application penetration testing allows organizations the ability to weed out any imperfections in their network that require immediate patching and/or protection. In this lecture, we will cover how pen test works for mobile devices and some of the tools required. | NO | ||
2.2 | Jailbreaking iOS | LAB | 2 | To jailbreak your iPhone means you are freeing it from the limitations imposed by Apple. Freeing a device means that it can install applications from outside Apple’s iTunes App Store and you can fiddle with previously restricted aspects of an iOS device. | X | NO | ||
2.3 | Android root access | LAB | 2 | Android phone uses Linux permissions and file-system ownership. Users are allowed to do certain things based on their permissions and having root access means it have permission to do it all | X | NO | ||
2.4 | Man in the Middle Attack | LAB | 1 | The man in the middle attack is not something new. They have been around for years but have been mostly restricted to computers and laptops. With mobile growing at a fast pace, there has been a shift in emphasis to hacking mobile devices and apps to gather personal information | X | NO | ||
2.5 | SSL/TLS Attack | LAB | 1 | SSL/TLS protocol is designed for enhanced security, however, a lot of app developers doesn't have the security background or experiences to design the app with proper security measure. Incorrect use of the Android platform’s SSL libraries can expose applications and or the device to MITM attacks. | X | NO | ||
2.6 | Malicious payload download | LAB | 2 | An attacker may hide a malicious payload as an executable apk/jar inside the APK resources. After installing the app, it opens the malware payload and executes the code. The malware may persuade the user to install the embedded apk by pretending to be a significant update to gain permission or control. | X | NO | ||
2.7 | Mobile Device Remote Access Trojans | LAB | 1 | A RAT is a type of malware that’s very similar to legitimate remote access programs. The main difference, of course, is that RATs are installed on a device without a user’s knowledge. | X | NO | ||
2.8 | Mobile App Attacks | LEC/LAB | 1 | Mobile apps are often the cause of unintentional data leakage due to coding error or inproper security practice. Moreover, more and more hackers are focusing on leverage vulnerabilities in these mobile apps to personal information and access to a network. | X | NO | ||
3 | 3.1 | 4G Network Architecture | LEC/LAB | 2 | LTE, an abbreviation for Long-Term Evolution, commonly marketed as 4G LTE, is a standard for wireless communication of high-speed data for mobile phones and data terminals. It is based on the GSM/EDGE and UMTS/HSPA network technologies, increasing the capacity and speed using a different radio interface together with core network improvements. In this lecture, we will cover the technologies and architecture of a 4G network. | X | NO | |
3.2 | 5G Network Architecture | LEC/LAB | 2 | 5G is the next generation mobile network that promises to be a game changer when it comes to how we live our lives – and also challenges how business will be conducted in just about every industry. In this lecture, we will cover the technologies and architecture of a 5G network. | X | NO | ||
3.3 | 4/5G vulnerabilities | LEC/LAB | 3 | In this lecture, we will cover some of the known vulnerabilities in 4 and 5G technologies such as aLTEr attack and IMP4GT. | NO | |||
30 | NO | |||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO |
Blue Team Group 1 | Blue Team Group 9 | PS team Feasibility | ||||||
Lesson | Module Topic | Content Type | Module Duration (hours) | Detail description ( purpose, target, detail content) | BPS+ NGFW | BPS | ||
1 | 1.1 | Introduction to Industrial Control Systems | LEC | 1.5 | In this lecture, we will go over the high level overview of what is Industrial Control System. The history of ICS and how it is evolving. | NO | ||
1.2 | Increasing Relevance of ICS Protection | LEC | 1 | In this lecture, we will look at how industry 4.0 is making a big push in protecting ICS as they are no longer running in an isolated environment | NO | |||
1.3 | ICS Architecture | LEC | 2 | In this lecture, we will examine the architecture in ICS environment in previous days and in modern day. | X | NO | ||
1.4 | HMI Role in ICS Environment | LEC | 1 | In this lecture, we will go over the role of HMI in the ICS environment. | NO | |||
1.5 | Protocol Vulnerabilities | LEC/LAB | 2 | In this lesson, we will look at the history of some of the common SCADA protocols, what it is for and why they are vulnerable to security attacks. | X | NO | ||
1.6 | Introduction to Security Practices in ICS | LEC | 1 | In this lesson, we will examine some security best practice in ICS and SCADA protocol. How security can be implemented in ICS environment | NO | |||
2 | 2.1 | Introduction to ICS Security Threats and consequences | LEC | 2 | In this lecture, we will look at some of the security threats in ICS environment and the consequences of it | NO | ||
2.2 | Source of ICS Vulnerabilities | LEC | 2 | In this lecture, we will cover where to get the latest vulnerability information on ICS environment. How organization such as ICS-CERT is taking part in enhancing security in ICS. | NO | |||
2.3 | Attack Vectors in ICS Environment | LEC | 1.5 | In this lecture, we will look at the different attack vectors that exist in ICS environment. These attack vectors could be very different from typical network environment as their deployement nature is vastly different. | NO | |||
2.4 | Cyber Threats- SCADA HMI - Historian Vulnerabilities | LEC | 2 | In this lecture, we will take one example vulnerability case (Historian) and examine the cause and effect of it | NO | |||
2.5 | Additional Steps in Securing ICS Networks | LEC | 1.5 | In this lecture, we will go over additional security measures in securing ICS networks that was not consider as best practice | X | NO | ||
2.6 | Incident Response Plans | LEC | 2 | In this lecture, we will go through the incident response plans in ICS security and how it coud be different with incident response in typical network | NO | |||
3 | 3.1 | StuxNet | LAB | 2 | In this exercise, we will look at one famous ICS breach (StuxNet), how the attack was carried, the damage it cost and what is the end result | X | NO | |
3.2 | BlackEnergy | LAB | 2 | In this exercise, we will look at one famous ICS breach(BlackEnergy), how the attack was carried, the damage it cost and what is the end result | X | NO | ||
23.5 | NO | |||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO | ||||||||
NO |