Training path

Blue Teaming Training 2020

This is a collection of some of my Blue teaming articles.

www.chiheb-chebbi.com

Incident Response

Responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.

niccs.us-cert.gov

Digital Forensics

Below are the roles for this Specialty Area. Click each role to see the KSAs (Knowledge, Skills, and Abilities) and Tasks. (IN-FOR-002) Work Role Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation. A0005: Ability to decrypt digital data collections.

niccs.us-cert.gov

Getting started in DFIR

Introduction to DFIR

One of my favorite things is talking to students and people new to the security field. It feels like yesterday I was wandering around the first Shmoocon as a student in awe of the people I met and the work they were doing.

medium.com

Building your lab or a test environment

Summit Route - Iterative Defense Architecture

I recently discussed Iterative Defense and the Intruder's Dilemma to introduce the concept of the benefits of a feedback loop in defense. This post describes at a high-level what that architecture looks like and provides an example that we'll work towards in future posts. My goal is to move from the theoretical to an actual implementation.

summitroute.com

Learning DFIR common tools and techniques

13Cubed

13Cubed is a side project maintained by me, Richard Davis. This channel covers information security-related topics including Digital Forensics and Incident R...

www.youtube.com

Episode 1: Let's learn in bite sized chunks - 3MinMax Series is born!

The SANS 3MinMax series with Kevin Ripa is designed around short, three-minute presentations on a variety of topics from within Digital Forensics, Incident R...

www.youtube.com

Episode 1: Let's learn in bite sized chunks - 3MinMax Series is born!

Learning adversary tactics

specterops/at-ps

SpecterOps recently decommissioned our PowerShell course and rather than letting it collect dust, we wanted to offer it up to the community for free in the spirit of our commitment to transparency. We are extremely grateful for all of our students who were able to attend the course in person.

github.com

Being ready for the cloud

In the Defender path, that target is now viewed as the victim and you'll work as an incident responder for that same app, understanding how an attack happened. You'll get access to logs of a previous successful attack. As a Defender you'll learn the power of jq in analyzing logs, and instructions on how to set up Athena in your own environment.

flAWS2.cloud

Brought to you by Scott Piper of Summit Route, an independent AWS security consultant. Welcome to the flAWS 2 challenge! Similar to the original flAWS.cloud (also created by Summit Route), this game/tutorial teaches you AWS (Amazon Web Services) security concepts. The challenges are focused on AWS specific issues, so no buffer overflows, XSS, etc.

flaws2.cloud

Training Labs

Attack Detection Fundamentals: Initial Access - Lab #1

In the first part of F-Secure Consulting's Attack Detection Workshop series, covering Initial Access, we explored a number of offensive techniques for obtaining a foothold within a target environment through the creation and successful delivery of malicious documents (also known as maldocs).

labs.f-secure.com

Attack Detection Fundamentals: Initial Access - Lab #1

LetsDefend Blue Team Academy

Blue team training contents for improving defensive side of cybersecurity skills

app.letsdefend.io

Training with real-world exercises

OpenSOC - Network Defense Simulation

Best part of all, a key motivation behind OpenSOC is the demonstration of how powerful open-source tools can be for Security Operations. Every single security system utilized in the virtual enterprise within OpenSOC is an open-source platform. That's right, everything. Firewalls, SIEM, log aggregation, IDS/IPS, HIDS, anti-virus, honeypots, mail filtering, etc.

opensoc.io

Malware analysis training

How You Can Start Learning Malware Analysis

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. You can get into this field by building upon your existing skills in any of these disciplines. As someone who's helped thousands of security professionals learn how to analyze malware at SANS Institute, I have a few tips for how you can get started.

www.sans.org

How You Can Start Learning Malware Analysis

Introduction to Malware Analysis and Reverse Engineering

Introduction to Malware Analysis and Reverse Engineering CS6038/CS5138 Malware Analysis Department of Electrical Engineering and Computing Systems College of Engineering and Applied Science University of Cincinnati Meets every Tue/Thu in 3210 RECCENTER @ 4:00PM-5:20PM Want to participate?: Apply to Graduate School Here This class will introduce the CS graduate students to malware concepts, malware analysis, and black-box reverse engineering techniques.

class.malware.re

Existing curated collection of resources

From the most to the least curated

Training Resources

ENISA CSIRT training material was introduced in 2008. In 2012, 2013 and 2014 it was complemented with new exercise scenarios containing essential material for success in the CSIRT community and in the field of information security. In these pages you will find the ENISA CSIRT training material, containing Handbooks for teachers, Toolsets for students and Virtual Images to support hands on training sessions.

www.enisa.europa.eu

Free Training

This is a list of over 100 free DFIR and Cybersecurity related training courses and resources that I've heard of. When I was trying to get into the field, there was so much I wanted to learn, but I couldn't afford training.

dfirdiva.com

Home - AboutDFIR - The Definitive Compendium Project

Submit Resources Looking to add your DFIR or related resource to the AboutDFIR.com Definitive Compendium project? Use one of the submission pages to the right to have your resources added. Submit Feedback/Resource/Research Idea Use this singular form for all Research Ideas, Resource submissions, and Site Feedback.

aboutdfir.com

meirwah/awesome-incident-response

A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams. Digital Forensics and Incident Response (DFIR) teams are groups of people in an organization responsible for managing the response to a security incident, including gathering evidence of the incident, remediating its effects, and implementing controls to prevent the incident from recurring in the future.

github.com