Training

Alert Analysis

Alert Analysis

​2 Day Course | October 1-2 | $1999 per person
This course introduces learners to FireEye-generated alerts on our Network Security (NX) and Email Security (EX) platforms. It provides a framework on how to interpret callbacks and how to interpret results of malware binary analysis. Hands-on activities include analyzing alert data to determine the significance of the alerts. Learners will be shown how to distinguish between the different FireEye alert types, as well as how to locate and use critical information in a FireEye alert to assess a potential threat and how to use Indicators of Compromise (IOCs) in a FireEye alert to identify the threat on compromised hosts.

Creative Red Teaming

Creative Red Teaming

​2 Day Course | October 1-2 | $1999 per person
The class will focus on lessons learned from conducting hundreds of covert red team operations to teach students an effective advanced methodology to improve prevention, detection, and response in an enterprise network. Students will learn what actions Mandiant observes advanced threat actors perform through incident response investigations, how the Mandiant red team refines advanced attacker tools, tactics, and procedures (TTPs) for use on red teams, and uses them to emulate advanced threat actors. Students will develop the ability to think like an attacker and creatively use these TTPs to accomplish goals while avoiding detection.

This fast-paced technical course teaches the Mandiant red team methodology through instruction and scenario-based labs taught by Mandiant red team leads. Attendees will receive hands-on experience in conducting covert cyber attack simulations that mimic real-world threat actors. They will learn how to bypass advanced network segmentation and multi-factor authentication, application whitelisting, abuse web applications, escalate privileges, and steal data while circumventing detection methods. Mandiant professionals will instruct based on frontline expertise as well as intelligence-based security research.

Who should attend:

This is a fast-paced technical course designed to provide hands-on experience conducting covert no-holds barred cyber-attack simulations to accomplish various objectives within in a corporate environment, similar to how an advanced adversary would perform. This course provides an opportunity to learn how real attackers conduct offensive operations, how we improve upon those operations, and to understand how to be creative with exiting technology to accomplish your goals. The content and pace is intended for students with a background in conducting penetration tests, security assessments, IT administration, and/or incident response.

Course pre-requisites:

  • Students must have working knowledge of the Windows Operating system, file systems, registry and use of the Windows command line.
  • Students should have some experience with the following: Active Directory and basic Windows security controls; Common network protocols; Linux Operating Systems; Scripting languages such as PowerShell, Python, or Perl; Assessing web applications using the OWASP top 10.

What students should bring:

Laptop with a Kali Rolling virtual machine. Students must possess local administrator rights to their host OS and VMs and must be able to install software provided on a USB stick. Students must also have an Ethernet port, for laptops that don’t have one, please bring an adapter.

Digital Forensics and Incident Response for PLCs

Digital Forensics and Incident Response for PLCs

​1 Day Course | October 2 | $999 per person
Attacks against industrial control systems (ICS) are on the rise. To effectively respond to this emerging threat, organizations must be aware of the challenges that come along with performing digital forensics and incident response (DFIR) for ICS. This course is designed to give ICS security personnel the skills needed to identify and understand threats targeting ICS devices that use embedded operating systems such as VxWorks and Windows CE.

This fast-paced technical course offers learners hands-on experience investigating targeted attacks and guides them through the steps required to analyze and triage compromised ICS.

Who should attend:

This is a fast-paced technical course that is designed
to provide hands-on experience with investigating
targeted attacks and the analysis steps required to triage compromised industrial control systems. The content and pace is intended for students with some background in ICS, PLCs and other embedded devices and embedded operating systems. It is also meant for students with backgrounds in conducting forensic analysis, network traffic analysis, log analysis, security assessments & penetration testing or even security architecture and system administration duties.

Course pre-requisites:

  • Prior digital forensics experience is helpful but not required.
  • Familiarity with PLCs and their software tools is suggested.

What students should bring:

Students must bring their own laptops with a version of Microsoft Windows 7 or newer installed, Administrator access, a minimum of 25GB free space, wireless capabilities, and Microsoft Office or Open Office installed.

Enterprise Incident Response

Enterprise Incident Response

​2 Day Course | October 1-2 | $1999 per person
This intensive course is designed to teach the fundamental investigative techniques needed to respond to today’s cyber threats. The fast-paced course is built upon a series of hands-on labs that highlight the phases of a targeted attack, sources of evidence and principles of analysis. Examples of skills taught include how to conduct rapid triage on a system to determine whether it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms and investigate an incident throughout an enterprise.

Although the course is focused on analyzing Windows-based systems and servers, the techniques and investigative processes are applicable to all systems and applications. The course includes detailed discussions of common forms of endpoint, network and file-based forensic evidence collection and their limitations as well as how attackers move around in a compromised Windows environment.

The course also explores information management that enriches the investigative process and bolsters an enterprise security program. Discussion topics include the containment and remediation of a security incident, and the connection of short-term actions to longer-term strategies that improve organizational resiliency.

Who should attend:

This is a fast-paced technical course that is designed to provide hands-on experience with investigating targeted attacks and the analysis steps required to triage compromised systems. The content and pace is intended for students with some background in conducting forensic analysis, network traffic analysis, log analysis, security assessments, and penetration testing, or even security architecture and system administration duties. It is also well suited for those managing CIRT / incident response teams or in roles that require oversight of forensic analysis and other investigative tasks.

Course pre-requisites:

  • A working understanding of the Windows operating system, file system, registry, and use of the command-line.
  • Familiarity with Active Directory, basic Windows security controls, and common network protocols.

What students should bring:

Students must bring their own laptop or virtual machine with a version of Microsoft Windows 7 or newer installed, Administrator access, a minimum of 25GB free space, wireless capabilities, Microsoft Office or Open Office installed, and must be able to install software provided on a USB device.

Essentials of Malware Analysis

Essentials of Malware Analysis

​2 Day Course | October 1-2 | $1999 per person
This course provides a beginner-level introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, hands-on approach. The course introduces learners to disassembly, preparing them for topics covered in more advanced courses. This content is taught by FLARE malware analysts who are experienced in analyzing a diverse set of malware.

Who should attend:

Information technology staff, information security staff, corporate investigators or others requiring an understanding of how malware functions and the steps and processes involved in Malware Analysis.

Course pre-requisites:

  • Students should have a general knowledge of computer and operating system fundamentals.
  • Some exposure to computer programming fundamentals and Windows Internals experience is recommended.

What students should bring:

Students must bring their own laptop computer with VMware Workstation 12.5+ or VMWare Fusion 7+ installed. Laptops should have at least 30GB of free space.

FireEye Threat Analytics

FireEye Threat Analytics

​2 Day Course | October 1-2 | $1999 per person
This course covers the features, benefits, deployment options, basic administration and core functionality for Threat Analytics. Learners will discover the unique strengths of Threat Analytics and understand how it enables real-time situational awareness of both known and unknown network security threats. Hands-on activities include triaging Threat Analytics alerts, investigating security incidents and hunting for unknown attackers.

Endpoint Investigations with HX

Investigations using Endpoint Security (HX)

​2 Day Course | October 1-2 | $1999 per person
This course covers the fundamentals of live analysis forensics and investigation for endpoints. Hands-on activities span the entire forensics process, beginning with a FireEye-generated alert leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Analysis of computer systems will be performed using FireEye products and freely available tools. Activities focus on investigative techniques that use Endpoint Security (HX) features such as the Triage Summary and Audit Viewer. Optionally, learners can work with the Endpoint Security API to automate actions and explore integration of Endpoint Security with other systems.

This course includes access to Endpoint Security Deployment web-based training which must be completed prior to attendance.

Cyber Defense Summit 2019, don't miss out!

Thank you for attending Cyber Defense Summit 2018.

#FireEyeSummit