CyberSec First Responder: Threat Detection & Response CFR210
4.3 (68 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
544 students enrolled

CyberSec First Responder: Threat Detection & Response CFR210

CyberSec First Responder: Threat Detection and Response (Exam CFR-210)
4.3 (68 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
544 students enrolled
Last updated 10/2018
English
English [Auto-generated]
Current price: $139.99 Original price: $199.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 12 hours on-demand video
  • 11 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Assess information security risk in the IT infrastructure
  • Create and implement information assurance lifecycle
  • Analyze threats to the IT infrastructure
  • Assess the security posture within a risk management framework
  • Collect cybersecurity intelligence information
  • Analyze collected intelligence to define actionable response
  • Conduct security audits
  • Respond and investigate cybersecurity incidents
Requirements
  • The candidates are advised to have some knowledge of basic networking technologies such as TCP/IP, routing protocols, network security and VPNs
  • In addition to this, the candidates are also supposed to have at least two years of professional experience in network administration or a similar field.
Description

The CyberSec First Responder: Threat Detection and Response course prepares the candidates to protect the IT infrastructure of their organizations against cyber-attacks. The course also teaches the candidates to execute a properly planned response to such incidents. The tools and techniques taught in this course are independent of the size and scope of the organization as the course is based on the common threats, risks and their mitigation techniques which are applicable universally.

The candidates are advised to have some knowledge of basic networking technologies such as TCP/IP, routing protocols, network security and VPNs. In addition to this, the candidates are also supposed to have at least two years of professional experience in network administration or a similar field.


Who this course is for:
  • Cybersecurity practitioners
  • Information systems security engineers
  • Information security officers
  • IT administrators
Course content
Expand all 447 lectures 12:02:27
+ Course Introduction
3 lectures 01:43
Course Introduction
01:12
Instructor Introduction
00:22
+ Lesson 01 - Assessing Information Security Risk
52 lectures 01:02:51

Download files here

Preview 00:22
Topic B: Assess Risk
00:32
ESA Frameworks
00:28
ESA Framework Assessment Process Part1
00:43
ESA Framework Assessment Process Part2
00:44
New and Changing Business Models
00:40
De-perimeterization
01:41
New Products and Technologies
01:23
Internal and External Influences
00:55
System-Specific Risk Analysis
00:38
Risk Determinations
02:58
Documentation of Assessment Results
00:37
Guidelines for Assessing Risk
02:01
Topic C: Mitigate Risk
00:51
Classes of Information
01:16
Classification of Information Types into CIA Levels
01:51
Security Control Categories
01:15
Technical Controls (Template)
00:26
Technical Controls (Example Answer)
00:36
Aggregate CIA Score
03:08
Common Vulnerability Scoring System
01:54
Common Vulnerabilities and Exposures
00:30
Demo - Common Vulnerability Scoring System
05:42
Extreme Scenario Planning and Worst Case Scenarios
01:12
Risk Response Techniques
01:10
Additional Risk Management Strategies
01:40
Continuous Monitoring and Improvement
00:27
IT Governance
00:31
Guidelines for Mitigating Risk
01:12
Topic D: Integrate Documentation into Risk Management
00:29
From Policy to Procedures
01:17
Policy Development
00:14
Process and Procedure Development
00:10
Demo - Finding a Policy Template
05:20
Topics to Include in Security Policies and Procedures
00:36
Best Practices to Incorporate in Security Policies and Procedures Part1
01:34
Best Practices to Incorporate in Security Policies and Procedures Part2
00:59
Business Documents That Support Security Initiatives
01:50
Guidelines for Integrating Documentation into Risk Management Part1
01:06
Guidelines for Integrating Documentation into Risk Management Part2
00:46
Lesson 01 Review
00:21
Lesson 01-Quiz
10 questions
+ Lesson 02 - Analyzing the Threat Landscape
25 lectures 23:23

Download files here

Introduction
00:14
Topic A: Classify Threats and Threat Profiles
00:30
Threat Actors Part1
01:12
Threat Actors Part2
00:45
Threat Motives
00:39
Threat Intentions
00:39
Attack Vectors
00:42
Attack Technique Criteria
01:21
Qualitative Threat and Impact Analysis
00:54
Guidelines for Classifying Threats and Threat Profiles
00:39
Topic B: Perform Ongoing Threat Research
00:30
Ongoing Research
00:48
Situational Awareness
00:30
Commonly Targeted Assets
01:56
The Latest Vulnerabilities
01:21
The Latest Threats and Exploits
01:28
The Latest Security Technologies
01:07
Resources Aiding in Research Part1
00:52
Resources Aiding in Research Part2
00:21
Demo - Resources that Aid in Research of Threats
03:02
The Global Cybersecurity Industry and Community
00:43
Trend Data
00:16
Trend Data and Qualifying Threats
01:01
Guidelines for Performing Ongoing Threat Research
01:25
Lesson 02 Review
00:28
Lesson 02 - Quiz
8 questions
+ Lesson 03 - Analyzing Reconnaissance Threats to Computing and Network Environmen
31 lectures 57:03

Download files here

Introduction
00:21
Topic A: Implement Threat Modeling
00:25
The Diverse Nature of Threats
00:36
The Anatomy of a Cyber Attack
02:13
Threat Modeling
00:37
Reasons to Implement Threat Modeling
00:32
Threat Modeling Process
01:15
Attack Tree
01:35
Threat Modeling Tools
00:24
Threat Categories
01:27
Topic B: Assess the Impact of Reconnaissance Incidents
00:37
Footprinting, Scanning, and Enumeration
01:15
Footprinting Methods
01:35
Network and System Scanning Methods
00:41
Enumeration Methods
01:05
Evasion Techniques for Reconnaissance
02:07
Reconnaissance Tools
02:38
Packet Trace Analysis with Wireshark
00:31
Demo - Performing Reconnaissance on a Network
07:23
Demo - Examining Reconnaissance Incidents
08:10
Topic C: Assess the Impact of Social Engineering
00:25
Social Engineering
02:09
Types of Social Engineering Part1
01:53
Types of Social Engineering Part2
01:44
Types of Social Engineering Part3
01:09
Phishing and Delivery Media
00:47
Phishing and Common Components
01:14
Social Engineering for Reconnaissance
00:49
Demo - Assessing the Impact of Social Engineering
07:37
Demo - Assessing the Impact of Phishing
03:23
Lesson 03 Review
00:26
Lesson 03 - Quiz-
10 questions
+ Lesson 04 - Analyzing Attacks on Computing and Network Environments
62 lectures 01:35:10

Download files here

Introduction
00:21
Topic A: Assess the Impact of System Hacking Attacks
00:19
System Hacking Part1
00:29
System Hacking Part2
00:28
System Hacking Part3
00:32
System Hacking Part4
00:29
System Hacking Part5
00:26
System Hacking Part6
00:23
Password Sniffing
00:57
Password Cracking
03:58
Demo - Cracking Passwords Using a Password File
08:30
Privilege Escalation
00:57
Social Engineering for Systems Hacking
00:25
System Hacking Tools and Exploitation Frameworks
01:06
Topic B: Assess the Impact of Web-Based Attacks
00:26
Client-Side vs. Server-Side Attacks
01:10
XSS
00:57
XSRF
00:58
SQL Injection
01:47
Directory Traversal
01:58
File Inclusion
01:25
Additional Web Application Vulnerabilities and Exploits
01:16
Web Services Exploits
01:10
Web-Based Attack Tools
00:20
Demo - Assessing the Impact of Web-Based Threats
03:24
Topic C: Assess the Impact of Malware
00:22
Malware Categories
04:55
Trojan Horse
00:46
Polymorphic Virus
00:15
Spyware
01:09
Supply Chain Attack
00:40
Malware Tools
00:16
Demo - Malware Detection and Removal
05:35
Topic D: Assess the Impact of Hijacking and Impersonation Attacks
00:28
Spoofing, Impersonation, and Hijacking
00:42
ARP Spoofing
05:12
DNS Poisoning
01:35
ICMP Redirect
00:58
DHCP Spoofing
02:33
NBNS Spoofing
01:17
Session Hijacking
00:44
Hijacking and Spoofing Tools
00:23
Topic E: Assess the Impact of DoS Incidents
00:23
DoS Attacks
01:58
DoS Attack Techniques
04:37
DDoS
00:53
DoS Evasion Techniques
01:31
DoS Tools
00:27
Demo - Assessing the Impact of DoS Attacks
04:07
Topic F: Assess the Impact of Threats to Mobile Security
00:27
Trends in Mobile Security
02:37
Wireless Threats
01:51
BYOD Threats
01:33
Mobile Platform Threats
02:11
Mobile Infrastructure Hacking Tools
00:17
Topic G: Assess the Impact of Threats to Cloud Security
00:19
Cloud Infrastructure Challenges
01:56
Threats to Virtualized Environments
03:37
Threats to Big Data
01:33
Example of a Cloud Infrastructure Attack
01:22
Cloud Platform Security
01:09
Lesson 04 Review
00:21
Module 04 - Quiz
17 questions
+ Lesson 05 - Analyzing Post -Attack Techniques
44 lectures 01:02:40

Download files here

Introduction
00:38
Topic A: Assess Command and Control Techniques
00:23
Command and Control
01:00
IRC
00:33
HTTP/S
00:56
DNS
02:02
ICMP
01:48
Additional Channels
01:31
Demo - Assessing Command and Control Techniques
10:37
Topic B: Assess Persistence Techniques
00:21
Advanced Persistent Threat
00:52
Rootkits
00:50
Backdoors
00:37
Logic Bomb
00:24
Demo - Detecting Rootkits
03:45
Rogue Accounts
02:04
Topic C: Assess Lateral Movement and Pivoting Techniques
00:24
Lateral Movement
01:41
Pass the Hash
01:39
Golden Ticket
02:25
Remote Access Services
00:59
WMIC
01:41
PsExec
01:04
Port Forwarding
01:11
VPN Pivoting
00:57
SSH Pivoting
00:42
Routing Tables and Pivoting
00:26
Topic D: Assess Data Exfiltration Techniques
00:17
Data Exfiltration
00:43
Covert Channels
01:34
Steganography
01:03
Demo - Steganography
03:51
File Sharing Services
00:25
Topic E: Assess Anti -Forensics Techniques
00:37
Anti -Forensics
00:46
Golden Ticket and Anti -Forensics
00:44
Demo - Assessing Anti -Forensics
03:45
Buffer Overflows
00:42
Memory Residents
00:35
Program Packers
01:00
VM and Sandbox Detection
00:41
ADS
02:22
Covering Tracks
01:23
Lesson 05 Review
00:42
Module 05 - Quiz
12 questions
+ Lesson 06 - Evaluating the Organization’s Security Posture
35 lectures 53:53

Download files here

Introduction
00:21
Topic A: Conduct Vulnerability Assessments
00:32
Vulnerability Assessment
01:13
Penetration Testing
00:53
Vulnerability Assessment vs. Penetration Testing
02:51
Vulnerability Assessment Implementation
02:23
Vulnerability Assessment Tools
01:42
Specific Assessment Tools
01:10
Port Scanning and Fingerprinting
02:04
Sources of Vulnerability Information
01:28
Operating System and Software Patching
01:01
Systemic Security Issues
00:46
Demo - Perform a Vulnerability Scan with Nessus
07:36
Demo - Perform a Vulnerability Scan with MBSA
05:17
Topic B: Conduct Penetration Tests on Network Assets
00:34
ROE
02:29
Pen Test Phases
01:20
Pen Test Scope
00:54
External vs. Internal Pen Testing
02:05
Pen Testing Techniques
01:33
Pen Testing Tools of the Trade
00:45
Kali Linux
00:20
Data Mining
00:39
Attack Surface Scanning and Mapping
00:36
Packet Manipulation for Enumeration
00:50
Simulated Attacks
00:28
Password Attacks
01:54
Penetration Test Considerations
04:06
Topic C: Follow Up on Penetration Testing
00:18
Effective Reporting and Documentation
01:50
Target Audiences
00:43
Information Collection Methods
00:48
Penetration Test Follow -Up
00:52
Report Classification and Distribution
01:08
Lesson 06 Review
00:24
Module 06 - Quiz
9 questions
+ Lesson 07 - Collecting Cybersecurity Intelligence
48 lectures 01:14:44

Download files here

Introduction
00:15
Topic A: Deploy a Security Intelligence Collection and Analysis Platform
00:56
Security Intelligence
01:05
The Challenge of Security Intelligence Collection
00:33
Security Intelligence Collection Lifecycle
00:52
Security Intelligence Collection Plan
00:22
CSM
00:55
What to Monitor
01:11
Security Monitoring Tools
00:41
Data Collection
00:40
Potential Sources of Security Intelligence
02:12
Guidelines for Determining Which Data to Collect for Security Intelligence
01:00
Guidelines for Determining Which Fields You Should Log
01:03
Guidelines for Configuring Logging Systems Based on Their Impact
02:25
Guidelines for Determining Which Events Should Prompt an Alert
01:16
Information Processing
00:41
External Data Sources
00:39
Publicly Available Information
00:19
Collection and Reporting Automation
00:56
Data Retention
00:53
Topic B: Collect Data from Network-Based Intelligence Sources
00:33
Network Device Configuration Files
00:58
Network Device State Data
02:25
Switch and Router Logs
01:00
Wireless Device Logs
01:06
Firewall Logs
02:27
WAF Logs
00:47
IDS/IPS Logs
01:26
Proxy Logs
01:52
Carrier Provider Logs
00:35
Software-Defined Networking
00:39
Network Traffic and Flow Data
01:12
Log Tuning
00:34
Demo - Collecting Network-Based Security Intelligence
07:32
Topic C: Collect Data from Host-Based Intelligence Sources
00:23
Operating System Log Data
00:56
Windows Event Logs
03:00
Syslog Data
01:00
Application Logs
01:21
DNS Event Logs
00:54
SMTP Logs
01:03
HTTP Logs
00:45
FTP Logs
00:35
SSH Logs
01:24
SQL Logs
01:03
Demo - Collecting Host-Based Security Intelligence
15:50
Demo - Parsing Log Files
03:54
Lesson 07 Review
00:36
Module 07 - Quiz
9 questions
+ Lesson 08 - Analyzing Log Data
36 lectures 01:22:23

Download files here

Introduction
00:35
Topic A: Use Common Tools to Analyze Logs
00:37
Preparation for Analysis
00:32
Guidelines for Preparing Data for Analysis
00:27
Log Analysis Tools
00:25
The grep Command
00:57
The cut Command
01:26
The diff Command
02:12
The find Command
01:21
WMIC for Log Analysis
01:30
Event Viewer
03:28
Bash
02:37
Windows PowerShell
02:51
Additional Log Analysis Tools
00:56
Guidelines for Using Windows- and Linux-Based Tools for Log Analysis
02:49
Demo - Analyzing Linux Logs for Security Intelligence
08:21
Topic B: Use SIEM Tools for Analysis
00:24
Security Intelligence Correlation
01:41
SIEM
01:39
The Realities of SIEM
00:49
SIEM and the Intelligence Lifecycle
01:09
Guidelines for Using SIEMs for Security Intelligence Analysis
01:58
Demo - Incorporating SIEMs into Security Intelligence Analysis
18:02
Topic C: Parse Log Files with Regular Expressions
00:45
Regular Expressions
01:15
Quantification Operators
02:37
Anchor Operators
00:52
Character Set Operators
01:54
Miscellaneous Search Operators
02:24
Special Operators
02:51
Build an Expression
02:28
Keyword Searches
04:30
Special Character Searches
02:09
IP Address Searches
02:36
Guidelines for Writing Regular Expressions
00:50
Lesson 08 Review
00:26
Module 08 - Quiz
8 questions
+ Lesson 09 - Performing Active Asset and Network Analysis
46 lectures 01:40:19

Download files here

Introduction
00:26
Topic A: Analyze Incidents with Windows-Based Tools
00:26
Registry Editor (regedit)
00:59
Analysis with Registry Editor
01:14
File System Analysis Tools for Windows
01:39
Process Explorer
01:07
Process Monitor
00:29
Service Analysis Tools for Windows
01:30
Volatile Memory Analysis Tools for Windows
01:00
Active Directory Analysis Tools
01:56
Network Analysis Tools for Windows Part1
02:38
Network Analysis Tools for Windows Part2
04:08
Demo - Windows-Based Incident Analysis Tools
19:47
Topic B: Analyze Incidents with Linux-Based Tools
00:14
File System Analysis Tools for Linux
00:47
Process Analysis Tools for Linux
00:25
Volatile Memory Analysis Tools for Linux
00:48
Session Analysis Tools for Linux
01:00
Network Analysis Tools for Linux Part1
00:54
Network Analysis Tools for Linux Part2
01:18
Demo - Linux -Based Incident Analysis Tools
07:00
Topic C: Analyze Malware
00:41
Malware Sandboxing
01:18
Crowd -Sources Signature Detection
00:57
VirusTotal Malware Entry
00:39
Reverse Engineering
00:57
Disassemblers
01:11
Disassembly of Malware in IDA
00:24
Malware Strings
00:58
Anti -Malware Solutions
02:12
MAEC
00:39
Guidelines for Analyzing Malware
01:26
Demo - Analyzing Malware
03:17
Topic D: Analyze Indicators of Compromise
00:33
IOCs
00:49
Unauthorized Software and Files
03:19
Suspicious Emails
02:07
Suspicious Registry Entries
01:09
Unknown Port and Protocol Usage
02:51
Excessive Bandwidth Usage
02:31
Service Disruption and Defacement
01:45
Rogue Hardware
02:29
Suspicious or Unauthorized Account Usage
01:15
Guidelines for Analyzing Indicators of Compromise
01:35
Demo - Analyzing Indicators of Compromise
15:03
Lesson 09 Review
00:29
Module 09 - Quiz
10 questions