We’re in the midst of the Remote SOC era, so it makes sense that the majority of our new modules focus on our Security Operations Center (SOC) Track.
We’ll describe the 17 newest training modules:
Tcpdump is a widely used network analysis tool for security specialists. This tool captures traffic from the network and can either display it on the terminal or save it for later analysis. It is a really good idea to run this tool regularly to keep a watch over your network. Learn how to collect traffic using tcpdump, capture files, and analyze requests to identify malicious behavior.
Many VPN services have adopted WireGuard because it makes setting up encrypted and authenticated network connections easy and increases the security of remote communications. Our new module goes through the steps on how to configure a WireGuard VPN connection to allow remote users to securely access a private network.
In some cases, you might not have access to a graphical user interface so you can't use tools like Wireshark. In this module, you will be using a command-line alternative to Wireshark called TShark. Learn the basics of TShark to capture network activity.
Recorded Future specializes in the collection, processing, analysis, and dissemination of threat intelligence. This browser extension provides instant access to threat intelligence so you can see how to process alerts in your SIEM, investigate phishing emails, prioritize vulnerabilities for patching, get more information on malware analysis results, or know what to focus on when reading any type of intelligence source. In this module, you will investigate a phishing site and find more information based on the findings, using the browser extension tool provided by Recorded Future.
These courses focus on the latest attack vectors and methodologies, as well as incident detection, response, and investigation best practices. Training modules teach both the red team (offensive) and blue team (defensive) sides of an attack.
It is impossible to think of a Linux user or administrator who never checked the log files on a system. This module is intended for level 1 SOC Analysts who need to understand the syslog format and various types of UNIX log file formats. Learn about the Syslog format, types of files in /var/log, and remote logging.
Kernel privilege escalations are often unstable but powerful. Kernel level exploitations are getting more and more popular among attackers as playing with the heart of the operating system can be a dangerous game. For example, Linux Kernel vulnerabilities have implications for tens of millions of Linux PCs and servers, and many of the Android devices. In the module, you learn how to detect vulnerable server kernels, compile exploits, and escalate privileges with "Chocobo Root" (CVE-2016-8655).
Remote Code Execution is a vulnerability that can be exploited if user input is injected into a File or a String and executed (evaluated) by the programming language's parser. A Remote Code Execution can lead to a full compromise of the vulnerable web application and also a web server. This module provides both the theoretical and practical sides of remote code execution (RCE) and its potential impact on your system.
Process Monitor is a Windows tool that helps you monitor for issues on your system. You can view process, registry, filesystem, and network activity in real-time. Learn how to troubleshoot issues by capturing and filtering live operating system events using Procmon.
This course is intended for level 2 SOC Analysts to use Sysmon to identify in-memory process injection. Process injection is used by malware to evade anti-virus software and gain privilege escalation.
Many companies use tens of thousands, if not more, of digital certificates to protect web servers through device authentication and data encryption. Windows PKI offers a variety of components. This module takes a closer look at securing web servers. Learn how to enroll a certificate and deploy it to the IIS website and how to complete a Certificate signing request.
Group Policy is a good way to centrally manage computer and user settings across an Active Directory environment. In this module, you will learn how to utilize PowerShell logging, Windows event collector, and a group policy to forward event logs from domain joined workstations to the domain controller.
In this module, you use CVE-2020-13777 to intercept the decryption key that a ransomware infection has sent back to its command & control server.
Using PHP Expect Teaches the learner to exploit and fix XXE vulnerabilities that lead to Remote Code Execution vulnerabilities.
Extensible Markup Language (XML) has a widely known feature called XML eXternal Entities (XXE) that is the most well-known XML attack vector and still has a high place in the OWASP Top 10 most common vulnerabilities list. In this module, you will learn how to find, exploit, and fix the XEE vulnerability.
Snyk is an amazing tool for helping to find and fix known vulnerabilities. Learn how to install and configure Snyk, then test your code and catch security vulnerabilities before you merge and deploy software.
Running Docker containers in privileged mode can be a liability because a compromise in the container may also lead to the host machine being compromised. Learn how to enumerate privileged containers and break out of them into the host machine.
Learn about the Shellshock (CVE-2014-6271) vulnerability and how to exploit a web server and patch a vulnerability. Use your reconnaissance skill to find a vulnerable file in a webserver.
Watch for even more training modules to be launched in the coming months. Remember, as a customer, you get access to all of our modules and any new ones that are delivered for the duration of your license.