Cybersecurity Essentials Bootcamp is a 5-day instructor-led course packed full of hands-on labs and practical exercies, which teach the effective steps to prevent, detect and respond to a cyber incident. With actionable techniques acquired within the course that can directly apply, making a genuine difference in the workplace. Each module is packed with extensive hands-on exercises that covers leading edge skills, applied knolwedge of best practice preventative tooling, in addition to the existing threat landscape of emerging technologies such as: Internet of Things, Cloud, Smart Cities, Connected and Autonomous Vehicles and Cryptocurrency and blockchain.
This course is designed for IT and Security Professionals and Managers who want to understand the essentails of cybersecurity and current threat landscape. Perfect for those whishing to build and or pivot to a defensive security posture, for those charged with maintaining and defending against cyber attacks. This course will be of benefit to junior and mid level cyber roles, who are interested in Security Operations, Forensic Analysis, GRC Officers, Security Auditors and Secure Developers, all with a passion to be as effective as possible in thier security discipline.
- Basic knowledge of networking is desirable but not essential, particularly awareness of protocols and internet services.
- Basic knowledge of Windows and Linux operating systems is desirable but not essential.
- QACISMP and or QAFCCS are ideal prerequisite courses for those completely new to applied technical security concepts, tools and services.
- Understand the threats faced by modern networks, systems and application platforms
- Understand the techniques used to detect, prevent and respond to these threats
- Build enablement solutions for detection and situational awareness
- Respond, contain and start hunting out known and unknown threats
- Use leading ‘open source’ security tools to serve active and passive defence techniques
- Discover and analyse ‘high risk’ weakness within systems
- Create an actionable and auditable policies
- Understand cryptography and its applications in a digital world
- Begin to analyse, attribute and predict the threats and create an active defence posture
Module 1: Defensible Network Architecture, Virtualisation and Cloud Security
Defensible Network Architecture, Network Security Tools, Wireless Networks, Virtualisation and Cloud Security, Internet of Things and Smart Cities
- Lab 1.1 - Use CLI for diagnostic purposes
- Learners will go over the Windows command ‘ping’ to test network connectivity to a machine and ‘arp’ to retrieve information about devices on a network.
- Lab 1.2 - Create and alter packets with hping
- Learners will understand how to use the hping utility on Linux to create and send different types of packets to a host to perform different purposes.
- Lab 1.3 - Breaking WAP
- Learners will use aircrack-ng to crack a Wireless Application Protocol key.
- Lab 1.4 - p0f Network Monitoring
- Learners will use p0f to monitor network traffic and determine what OS and application created it.
- Lab 1.5 - Wireshark and TCPdump
- Learners will use Wireshark and TCPdump to capture network traffic.
- Lab 1.6 - Setting up your own virtual machine
- Learners will use virtual machine images and create their own Virtual Machine using a software-based hypervisor. (Stretch Exercise)
- Lab 1.7 - Car hacking with Can-utils
- Learners will use can-utils to get information from a virtual can device, understand the security risks associated with the ease of connecting a machine to a CAN network and use metasploit to run an exploit to flood a CAN interface with dummy traffic.
- Lab 1.8 – Shodan
- Learners will use specialised search engines to search for vulnerable machines using extended QA education learner access.
Module 2: Defence-in-Depth
Defense-in-Depth, Access Control and Password Management, Security Policies and Frameworks, Critical Security Controls, Malware and Exploit Mitigations, Advanced Persistent Threat
- Lab 2.1 - Using Social Engineering Toolkit
- Learners will use the Social Engineering Toolkit to generate a fake website and harvest credentials from it.
- Lab 2.2 - Using chkrootkit to detect a rootkit
- Learners will use chkrootkit to scan a Linux machine for rootkits.
- Lab 2.3 - Malicious URL Checking
- Learners will use online tools to test URLs to see if a page contains malicious content.
- Lab 2.4 - Payload Evaluation
- Learners will use the Social Engineering-Toolkit to generate a meterpreter payload and evaluate a file that contains malware using an online evaluation tool.
- Lab 2.5 - Advanced Persistent Threat (APT) Analysis
- Learners will classify the typical behaviours of APT groups sponsored by different nation states.
Module 3: Vulnerability Scanning, Risk Response and Threat Management
Vulnerability Scanning and Penetration Testing, Network Security Devices, Endpoint Security, Log Analysis, Tools and Techniques for Active Defense, Contingency Planning
- Lab 3.1 - Nmap and Zenmap
- Learners will use nmap to perform scans of the most common ports on a server and Zenmap to perform more comprehensive scans easily with a graphical interface.
- Lab 3.2 - Vulnerability Scanning with Nikto
- Learners will use nikto to perform a vulnerability scan against a web server and analyse the results.
- Lab 3.3 - Advanced Network Scanning with SPARTA
- Learners will Use SPARTA to perform multiple vulnerability scans against a host and analysis the results.
- Lab 3.4 - Windows Defender Firewall
- Learners will create custom Windows Defender Firewall Rules and enable/disable Windows Defender Firewall Rules.
- Lab 3.5 - Linux Firewalls
- Learners will use iptables to create custom firewall rules and use firewalld as an alternative to iptables.
- Lab 3.6 - Setting Up a Proxy
- Learners will use the tool Squid to turn a Linux machine into a proxy.
- Lab 3.7 - Windows Defender AV
- Learners will use Windows Defender to perform a virus scan of a computer and Task Scheduler to schedule Windows Defender scans to be more regular and defensive.
- Lab 3.8 – Honeypots
- Learners will use pentbox to set up a honeypot for attacker attraction and defensive mitigation purposes.
Module 4: Operating System and Application Security
Security Infrastructure, Enforcing Security Policies, Network Services, Windows Forensics, Security Utilities and Patching, Linux Forensics, Web Vulnerabilities
- Lab 4.1 – SQLi
- Learners will use networking scanning tools to discover a web server and what services it has running from the ports it has open, explore the services a machine has open to find a vulnerability to exploit with SQLmap and use Meterpreter and Metasploit to create and use a back-door to a machine.
- Lab 4.2 - Windows Log Analysis
- Learners will use Event Viewer to view and find logs on Windows and understand the different categories of logs on Windows.
- Lab 4.3 - Linux Log Analysis
- Learners will use command line tools to find entries in Linux logs for attack detection.
- Lab 4.4 - Email headers
- Learners will use tools to grab an email header and analyse email headers to aid threat hunting.
Module 5: Applied Cryptography and Cryptocurrency
Fundamental Concepts of Cryptography, Applied Cryptography, Cryptocurrencies
- Lab 5.1 - Digital Certificates
- Learners will analyse the digital certificate of a HTTPS website.
- Lab 5.2 - Hashing Scenario
- Learners will use an online tool to generate hashes of files, understand the use of hashing a file and the risk of hash collisions.
- Lab 5.3 - Eavesdropping with Wireshark
- Learners will use Wireshark to listen to network traffic to help identify anomalies.
- Lab 5.4 - Password Cracking
- Learners will use a command line tool to crack a password hash using a wordlist and a command line tool to crack a Linux password from the /etc/shadow file.
- Lab 5.5 - Password Management
- Learners will learn how to enforce password ageing through Command Line on a windows environment and apply password ageing through Group Policy Editor on Windows.
- Lab 5.6 - Bitcoin in crime
- Learners will use search engines to determine whether a bitcoin address has been used in relation to any malicious activities.
- Lab 5.7 - Auditing a bitcoin transaction
- Learners will analyse the transactions associated with a Bitcoin address in order to audit the transactions for nefarious purposes.
- Lab A.1 - FTK Imaging
- Learners will use FTK Imager to perform a live acquisition of a Windows drive.
- Lab A.2 - Designing and building a network architecture using Packet Tracer
- Learners will use Packet Tracer to model a physical network and configure a VLAN.