CyberSec First Responder: Threat Detection and Response (Exam CFR-210)

The CyberSec First Responder: Threat Detection and Response course prepares the candidates to protect the IT infrastructure of their organizations against cyber-attacks. The course also teaches the candidates to execute a properly planned response to such incidents. The tools and techniques taught in this course are independent of the size and scope of the organization as the course is based on the common threats, risks and their mitigation techniques which are applicable universally.

The candidates are advised to have some knowledge of basic networking technologies such as TCP/IP, routing protocols, network security and VPNs. In addition to this, the candidates are also supposed to have at least two years of professional experience in network administration or a similar field.

Prerequisites:

Some knowledge of basic networking technologies such as TCP/IP, routing protocols, network security and VPNs

Student Materials:

Student Workbook
Student Prep Guide

Certification Exams:

CyberSec First Responder: Threat Detection & Response CFR210

Who Should Attend?

• Cybersecurity practitioners
• Information systems security engineers
• Information security officers
• IT administrators

Course Curriculum

Course Introduction

Introduction (0:09)

Course Introduction (1:12)

Instructor Introduction (0:22)

Assessing Information Security Risk

Introduction (0:22)

Topic A: Identify the Importance of Risk Management (0:28)

Elements of Cybersecurity (Perimeter Model) (1:26)

Elements of Cybersecurity (Endpoint Model) (1:38)

The Risk Equation (0:54)

Risk Management (0:56)

The Importance of Risk Management (0:43)

ERM (0:42)

Reasons to Implement ERM (1:02)

Risk Exposure (0:25)

Risk Analysis Methods (1:22)

Risks Facing an Enterprise (1:10)

Topic B: Assess Risk (0:32)

ESA Frameworks (0:28)

ESA Framework Assessment Process Part1 (0:43)

ESA Framework Assessment Process Part2 (0:44)

New and Changing Business Models (0:40)

De-perimeterization (1:41)

New Products and Technologies (1:23)

Internal and External Influences (0:55)

System-Specific Risk Analysis (0:38)

Risk Determinations (2:58)

Documentation of Assessment Results (0:36)

Guidelines for Assessing Risk (2:01)

Topic C: Mitigate Risk (0:51)

Classes of Information (1:16)

Classification of Information Types into CIA Levels (1:51)

Security Control Categories (1:15)

Technical Controls (Template) (0:26)

Technical Controls (Example Answer) (0:36)

Aggregate CIA Score (3:08)

Common Vulnerability Scoring System (1:54)

Common Vulnerabilities and Exposures (0:30)

Demo - Common Vulnerability Scoring System (5:41)

Extreme Scenario Planning and Worst Case Scenarios (1:12)

Risk Response Techniques (1:10)

Additional Risk Management Strategies (1:40)

Continuous Monitoring and Improvement (0:27)

IT Governance (0:31)

Guidelines for Mitigating Risk (1:12)

Topic D: Integrate Documentation into Risk Management (0:29)

From Policy to Procedures (1:17)

Policy Development (0:14)

Process and Procedure Development (0:10)

Demo - Finding a Policy Template (5:20)

Topics to Include in Security Policies and Procedures (0:36)

Best Practices to Incorporate in Security Policies and Procedures Part1 (1:34)

Best Practices to Incorporate in Security Policies and Procedures Part2 (0:59)

Business Documents That Support Security Initiatives (1:50)

Guidelines for Integrating Documentation into Risk Management Part1 (1:06)

Guidelines for Integrating Documentation into Risk Management Part2 (0:46)

Section Review (0:21)

Review Questions

Analyzing the Threat Landscape

Introduction (0:14)

Topic A: Classify Threats and Threat Profiles (0:30)

Threat Actors Part1 (1:12)

Threat Actors Part2 (0:44)

Threat Motives (0:39)

Threat Intentions (0:39)

Attack Vectors (0:41)

Attack Technique Criteria (1:20)

Qualitative Threat and Impact Analysis (0:54)

Guidelines for Classifying Threats and Threat Profiles (0:39)

Topic B: Perform Ongoing Threat Research (0:30)

Ongoing Research (0:47)

Situational Awareness (0:30)

Commonly Targeted Assets (1:56)

The Latest Vulnerabilities (1:21)

The Latest Threats and Exploits (1:28)

The Latest Security Technologies (1:07)

Resources Aiding in Research Part1 (0:52)

Resources Aiding in Research Part2 (0:21)

Demo - Resources that Aid in Research of Threats (3:02)

The Global Cybersecurity Industry and Community (0:43)

Trend Data (0:16)

Trend Data and Qualifying Threats (1:01)

Guidelines for Performing Ongoing Threat Research (1:25)

Section Review (0:28)

Review Questions

Analyzing Reconnaissance Threats to Computing and Network Environments

Introduction (0:21)

Topic A: Implement Threat Modeling (0:25)

The Diverse Nature of Threats (0:36)

The Anatomy of a Cyber Attack (2:13)

Threat Modeling (0:37)

Reasons to Implement Threat Modeling (0:32)

Threat Modeling Process (1:15)

Attack Tree (1:35)

Threat Modeling Tools (0:24)

Threat Categories (1:27)

Topic B: Assess the Impact of Reconnaissance Incidents (0:37)

Footprinting, Scanning, and Enumeration (1:15)

Footprinting Methods (1:35)

Network and System Scanning Methods (0:41)

Enumeration Methods (1:05)

Evasion Techniques for Reconnaissance (2:06)

Reconnaissance Tools (2:38)

Packet Trace Analysis with Wireshark (0:31)

Demo - Performing Reconnaissance on a Network (7:22)

Demo - Examining Reconnaissance Incidents (8:10)

Topic C: Assess the Impact of Social Engineering (0:25)

Social Engineering (2:09)

Types of Social Engineering Part1 (1:52)

Types of Social Engineering Part2 (1:44)

Types of Social Engineering Part3 (1:09)

Phishing and Delivery Media (0:47)

Phishing and Common Components (1:14)

Social Engineering for Reconnaissance (0:49)

Demo - Assessing the Impact of Social Engineering (7:37)

Demo - Assessing the Impact of Phishing (3:23)

Section Review (0:26)

Review Questions

Analyzing Attacks on Computing and Network Environments

Introduction (0:21)

Topic A: Assess the Impact of System Hacking Attacks (0:19)

System Hacking Part1 (0:29)

System Hacking Part2 (0:28)

System Hacking Part3 (0:32)

System Hacking Part4 (0:29)

System Hacking Part5 (0:26)

System Hacking Part6 (0:23)

Password Sniffing (0:57)

Password Cracking (3:58)

Demo - Cracking Passwords Using a Password File (8:30)

Privilege Escalation (0:57)

Social Engineering for Systems Hacking (0:25)

System Hacking Tools and Exploitation Frameworks (1:06)

Topic B: Assess the Impact of Web-Based Attacks (0:26)

Client-Side vs. Server-Side Attacks (1:09)

XSS (0:56)

XSRF (0:58)

SQL Injection (1:47)

Directory Traversal (1:58)

File Inclusion (1:24)

Additional Web Application Vulnerabilities and Exploits (1:16)

Web Services Exploits (1:09)

Web-Based Attack Tools (0:20)

Demo - Assessing the Impact of Web-Based Threats (3:24)

Topic C: Assess the Impact of Malware (0:22)

Malware Categories (4:55)

Trojan Horse (0:46)

Polymorphic Virus (0:15)

Spyware (1:09)

Supply Chain Attack (0:40)

Malware Tools (0:16)

Demo - Malware Detection and Removal (5:35)

Topic D: Assess the Impact of Hijacking and Impersonation Attacks (0:28)

Spoofing, Impersonation, and Hijacking (0:42)

ARP Spoofing (5:12)

DNS Poisoning (1:35)

ICMP Redirect (0:58)

DHCP Spoofing (2:32)

NBNS Spoofing (1:16)

Session Hijacking (0:44)

Hijacking and Spoofing Tools (0:23)

Topic E: Assess the Impact of DoS Incidents (0:23)

DoS Attacks (1:58)

DoS Attack Techniques (4:37)

DDoS (0:53)

DoS Evasion Techniques (1:31)

DoS Tools (0:27)

Demo - Assessing the Impact of DoS Attacks (4:06)

Topic F: Assess the Impact of Threats to Mobile Security (0:27)

Trends in Mobile Security (2:37)

Wireless Threats (1:51)

BYOD Threats (1:33)

Mobile Platform Threats (2:11)

Mobile Infrastructure Hacking Tools (0:17)

Topic G: Assess the Impact of Threats to Cloud Security (0:19)

Cloud Infrastructure Challenges (1:56)

Threats to Virtualized Environments (3:37)

Threats to Big Data (1:33)

Example of a Cloud Infrastructure Attack (1:22)

Cloud Platform Security (1:09)

Section Review (0:21)

Review Questions

Analyzing Post -Attack Techniques

Introduction (0:38)

Topic A: Assess Command and Control Techniques (0:23)

Command and Control (1:00)

IRC (0:33)

HTTP/S (0:56)

DNS (2:02)

ICMP (1:48)

Additional Channels (1:31)

Demo - Assessing Command and Control Techniques (10:37)

Topic B: Assess Persistence Techniques (0:21)

Advanced Persistent Threat (0:52)

Rootkits (0:50)

Backdoors (0:37)

Logic Bomb (0:24)

Demo - Detecting Rootkits (3:45)

Rogue Accounts (2:04)

Topic C: Assess Lateral Movement and Pivoting Techniques (0:24)

Lateral Movement (1:41)

Pass the Hash (1:39)

Golden Ticket (2:25)

Remote Access Services (0:59)

WMIC (1:41)

PsExec (1:04)

Currently there are no Q&As for this course. Be the first to ask a question.