Cyber Network Defense Bootcamp
Adam Meyers july 23-24
Ends February 1
Ends June 1
Ends July 20
Cyber Network Defense is a critical and evolving requirement for organizations large and small in the 21st century. There are a number of component courses available for various disciplines in the realm of CND; however, there are very few options for a CND crash-course bootcamp that covers topics relevant to the overarching mission of defending the home network. Many courses teach the fundamentals of incident response utilities, malware analysis, and reverse engineering. In practice, we find many "detection" tools have limited success rates and can be quite misleading - from basic antivirus to highly specialized memory and hooking analysis tools.
Newly redesigned, this class features a number of hands on activities lead by the instructor aimed at arming the student with the tools of cyber defense. The class will culminate in a final exercise that will put all of the newly acquired skills to the test simulating an actual attack. In this class students will learn:
- Intelligence collection, charting, and analysis
- Network Packet analysis
- Using and deploying a tactical IDS
- Advanced network analysis for hunting missions
- Device/Hardware forensics
- Static/Dynamic Malware Analysis
- Memory Forensics
- Mobile malware analysis
This course will cover the holistic approach to CND, beginning with intelligence ingestion and easing into network anomaly detection and advanced network forensics. Following the understanding of the network layer, the course will introduce key concepts of incident analysis by providing an in-depth introduction into incident response device forensics using freely available and commercially licensed tools of the trade. With incident analysis and network forensics under their belts, students will then immerse themselves in nearly a full day of static and dynamic reverse engineering to include topics like manual unpacking and deobfuscation of command and control protocols. To round out the training, students will be given a short training in incident reporting and will learn how to present technical findings to managerial and executive level personnel in a clear and concise manner.
- Open Source Intelligence Methods and Commercial Intelligence Options
- Network Forensics and Analysis
- Advanced Network Detection Techniques
- Device Forensics Tools
- Device Forensics Methodologies
- Dynamic Malware Analysis
- Static Malware Analysis
- Dynamic Memory Analysis
- Mobile Malware Analysis
- Incident Reporting Talking to the C-Level
Students should have a working understanding of how computer networking functions. This class will require math skills to understand decimal, hexadecimal, and binary. Understanding of the various components of a computer and how they function (RAM/Disk/CPU). This class will demonstrate low-level programming language components so an understanding of what is assembly is preferred – though we will cover some basics.
What to Bring
Laptop with VMWare with a windows XP virtual machine.
(Note: Windows 7/Vista students have had issues due to ASLR and additional security controls implemented on Windows 7/Vista it is highly recommended that you have a windows XP image, also VirtualBox users have had issues with USB drivers for some exercises)
What you get
Book of materials Course disc Comprehensive Hands-on Cyber Defense Bootcamp training
Adam Meyers is the Director of Intelligence for CrowdStrike, in this role he overseas the team's daily activity, and provides direction and strategic vision for the company's intelligence collection, reverse engineering, and analysis efforts. He also serves as a senior security researcher, who focuses on reverse engineering targeted malware threats, mobile malware and related technologies. Previously he was the Director, Cyber Security Intelligence with the National Products and Offerings Division of SRA International. In that role Mr. Meyers served as a senior subject matter expert for cyber threat and cyber security matters for a variety of SRA projects. Mr. Meyers provided both technical expertise at the tactical level and strategic guidance on overall security program objectives. Mr. Meyers also acted as the product manager for SRA Cyberlock, a dynamic malware analysis platform.