Module 1: Understanding the cyber-security landscape
In this module, you will learn about the current cybersecurity landscape and learn how adopting the assume compromise philosophy, you can you restrict an attacker’s ability to move laterally between information systems and to restrict their ability to escalate privileges within those systems. The current cyber-security landscape is vast and likely impossible for any one individual to comprehend in its entirety. There are, however, several aspects of that landscape to which those interested in the fundamentals of enterprise security should pay attention.
- Current Cyber-security Landscape
- Assume Compromise Philosophy
Module 2: Red Team: Penetration, Lateral Movement, Escalation, and Exfiltration
Red team versus blue team exercises involve the simulation of an attack against an organization’s information system. The red team simulates and, in some cases, performs proof of concept steps taken in the attack against the organization’s IT systems. The blue team simulates the response to that attack. This adversarial approach not only allows for the identification of security vulnerabilities in the way that the organization’s IT systems are configured, but also allows members of the organization’s information systems staff to learn how to detect and respond to attacks. In this module you will learn the Practice Red team versus Blue team approach to detecting and responding to security threats.
- Red Team versus Blue Team Exercises
- The Attackers Objective
- Red Team Kill Chain
Module 3: Blue Team Detection, Investigation, Response, and Mitigation
In this module you will learn about the Blue Team roles and goals in the attack exercises. You will learn the structure of an attack against an objective (Kill Chain) and the ways limiting how an attacker can compromise unprivileged accounts. You will also learn the methods used to restrict lateral movement that prevent attackers from using a compromised system to attack other systems and how telemetry monitoring is used to detect attacks.
- The Blue Team
- Blue Team Kill Chain
- Restricting Privilege Escalation
- Restrict Lateral Movement
- Attack Detection
Module 4: Organizational Preparations
There are several ongoing preparations that an organization can take to improve their overall approach to information security. In this module, we will take a closer look at some of them. You will learn about a conceptual model for thinking about the security of information and how to approach information security and to prepare properly including ensuring your organization has a deliberate approach to information security.
- CIA Triad
- Organizational Preparations
- Developing and Maintain Policies
Lab : Designing a Blue Team strategy
After completing the lab, students will be able to:
- Design a high-level approach to mitigating threats
- Recommend tools and methodology facilitating tracking down origins of cyberattacks
- Provide high level steps of a recovery effort
- Recommend methods of preventing cyber attacks
- Describe regulatory challenges that result from malware exploits