קורסים חשכ"ל

אנטומיה של תקיפת הסייבר 2 (קורס המשך)

שעות הקורס: 19:00-21:00
היקף שעות: 40 שעות אקדמאיות (8 מפגשים)
מיקום: SQLABS קורס מקוון
צפי פתיחת הקורס: 10.12.2020

Overview

The Cybersecurity Specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. These concepts are illustrated with examples drawn from modern practice, and augmented with hands-on exercises involving relevant tools and techniques. Successful participants will develop a way of thinking that is security-oriented, better understanding how to think about adversaries and how to build systems that defend against them. The students will understand the concepts of reactive vs. proactive security and will have hands on activity's

What we will learn

 What is cyber and the digital universe?
 What is denial of service and how it is performed?
 How is information gathering performed?
 How to gain privileges (with brute-forcing and without)?
 How to inject code into interpreted context?
 How to exploit vulnerable code?
 Security truisms
 What are blacklists and how are they implemented?
 What are whitelists and how are they implemented?
 How to improve authentication mechanisms?
 How to better manage your current assets?
 How to create baselines and detect anomalies?
 How to use and improve the human factor?
 What are APTs?
 What is security by design?

Prerequisites

(Entry level (first cyber course graduation) : Technical/scientific mind-set, very good English (reading), search skills (google

Part 1: Threat Landscape

o Flooding
o Spoofing
o Protocol malformations
o Reflections and amplifications
o Scanning, fingerprinting and enumeration
o Manual vs. Automated spidering
o Credential harvesting
o Resource mapping
o Error based information disclosure
o Brute-force logins and passwords
o Password hashes and password dictionaries
o Custom dictionaries and password complexity
o Bypass authentication mechanisms
o Bypass session management
o Bypass OS user and fs permissions
o Bypass security software
o cmd OS injections
o data-store injections
o file injections (XML, json, etc)
o remote file and resource inclusion
o injecting web clients (browsers)
o injecting client applications (office, pdf, etc)
o Buffer, stack and heap overflows
o Browser and plugin exploitation
o Code execution

Part 2: strategies

 What is defense all about
o IP blacklists
o Anti-malware defenses
o URL filtering (… and ad blocking too)
o Block mail SPAM and spoofs
o Application firewalls (proxies and reverse-proxies, WAFs, DB-fw)
o IDS/IPS/HIPS
o NAC
o Firewalls and access-lists
o Application whitelisting
o Application firewalls (positive proxies and reverse-proxies)
o strong passphrases
o certificates
o cryptography
o multi-factor authentication
o permissions and the ‘need to know’ rule
o admins (locale & domain) and roots
o audit
o patch operating systems and applications
o perform vulnerability scans
o harden OS and application configurations
o maintain a ‘master’ system image bank
o backup and disaster recovery
o keep detailed logs and network traffic captures
o Honeypots and decoys
o Exploit mitigation tools
o Centralized log collection and analysis (aka SIEM)
o Network/host-based anomaly detection
o Heuristic A/V and HIPS
o New profession: security analyst
o User education
o Skill assessment and training (of security teams)
o Secure coding for developers
o Penetration test