Appropriate Reactions and Answers to External and Internal Threats

Accueil » Formations » Data » Appropriate Reactions and Answers to External and Internal Threats

Pour comprendre les menaces cybernétiques actuelles, savoir comment se préparer et apprendre à réagir adéquatement !

1100 € HT 2 jours ARAEIT

Programme

Threat LandScape

  • Overview of current threats, Dropping, Exploit, communication tricks ; DGA, FastFlux

Reactions Preparation ( detection, reaction, lessons learn et on recommence)

  • Reaction preparation
  • Logs preparation, Time setup
  • Security preparation
  • What is needed, How to be ready to mitigate (Ids, Honey, RPZ Dns)
  • Communications setup
  • Why, How, External communication, Public communication)

How to face External Threat

  • Vpn Abuse : Detections tricks
  • Phishing : Detections tricks, response, take down
  • DDos : Detection basics, Mitigation
  • Data Thief : Detections basics

How to face Internal threat

  • Understand Threats installation

Windows Internals

  • Review of MS Windows architecture
  • UserLand/Kerneland séparation
  • Threads/process/fibers
  • Process migration/Injection

Exploitations

  • Current Vulnerability Buffer overflow/UAF
  • Common exploitation technics ROP/Heapspray
  • Exploit packs
  • Forensic possibilities

Detect and find threats

  • Office files and script droppers
  • How office documents are used
  • VBA Document analyse

JS analysis

  • Obfuscations
  • Tools for unobfuscation

Evidences collection

  • How to take evidences (Art of memory and Disk dump)
  • Sandbox (usage, beneficts and restrictions)
  • Tooling (Volatility, Sysinternals, Detection tools)

Appropriate actions to appropriate threads

  • Ransomwares (Detection, Reaction )
  • Common Malwares (Detection, Reaction)
  • Rats (Detection, Reaction)
  • Website breaches (Detection Reaction)