Misconfigurations Defense for Red and Blue Teams

Focused View

Richea Perry

4:19:31

6 View

1. SECTION 1

1. Introduction.mp4

02:39

2. Course Agenda.mp4

04:16

3. Intro to Systemic weaknesses in relation to cybersecurity misconfigurations.mp4

07:25

4. Intro to the top 10 NSA & CISA Misconfigurations.mp4

02:52

5. Misconfiguration #1.mp4

08:28

6. Misconfiguration #2.mp4

07:53

7. Misconfiguration #3.mp4

07:08

8. Misconfiguration #4.mp4

05:49

9. Misconfiguration #5.mp4

06:16

10. Misconfiguration #6.mp4

03:42

11. Misconfiguration #7.mp4

04:44

12. Misconfiguration #8.mp4

06:26

13. Misconfiguration #9.mp4

03:36

14. Misconfiguration #10.mp4

05:16

15. End of Section 1 Quiz.mp4

02:28

2. SECTION 2-Misconfigurations Mitigation Recommendations

1. An Intro to MITRE ATT&CK Framework.mp4

03:38

2. Mitigate-Default configurations of software and applications.mp4

07:08

3. Mitigate-Improper separation of useradministrator privilege.mp4

06:05

4. Mitigate-Insufficient internal network monitoring.mp4

06:32

5. Mitigate-Lack of network segmentation.mp4

04:20

6. Mitigate-Poor patch management.mp4

02:54

7. Mitigate-Bypass of system access controls.mp4

05:09

8. Mitigate-Weak or misconfigured multifactor authentication (MFA) methods.mp4

04:39

9. Mitigate-Insufficient access control lists (ACLs) on network shares and services.mp4

05:22

10. Mitigate-Poor credential hygiene.mp4

05:09

11. Mitigate- Unrestricted code execution.mp4

06:11

12. Validating Security Controls.mp4

05:38

13. Open-Source Tools for Testing Active Directory Misconfigurations.mp4

09:36

14. Intro to Open-Source Tools for addressing the top 10 misconfigurations.mp4

01:26

15. Open-Source Tools for Preventing Insufficient Access Control Lists (ACLs) on Net.mp4

05:59

16. Open-Source Tools for Preventing Lack of Network Segmentation.mp4

04:55

17. Open-Source Tools for Preventing Insufficient Internal Network Monitoring.mp4

06:14

18. Establishing security baselines to help with mitigating misconfigurations.mp4

03:38

19. Lab#1- Creating Security Baselines In Azure.mp4

07:02

20. Lab#2- PenTest Azure Deployments Misconfigurations using ChatGPT.mp4

13:02

21. Lab#3- PenTest Azure Deployments Misconfigurations using ChatGPT.mp4

07:21

22. Lab#4-Misconfigurations Research Defense Challenge.mp4

02:57

3. SECTION 3-Putting everything into perspective

1. Introduction to Section 3.mp4

01:26

2. Intro to Root Cause Analysis (RCA).mp4

02:25

3. Benefits of RCA for both Red and Blue Teamers.mp4

03:57

4. Steps for conducting RCA.mp4

06:42

5. Quiz#2.mp4

01:19

6. Intro to creating misconfigurations mitigation checklists using AI.mp4

01:39

7. Creating a misconfiguration prevention checklist.mp4

06:33

8. Creating a misconfiguration checklist that prevents bypass of system access cont.mp4

03:52

9. Challenge-Create Your own misconfigurations checklist.mp4

00:54

10. Case Scenario- Applying Misconfigurations Checklist to a Data Breach Incident.mp4

09:22

11. Improving Hardening of environment against these misconfigurations.mp4

09:59

12. Prevent cloud security misconfigurations via Azure Red Team Pen Testing.mp4

05:54

13. End of Course.mp4

01:36

4. Course Resources

1.1 Case Scenario-The Breach of Acme Inc.pdf

1.2 JOINT CSA TOP TEN MISCONFIGURATIONS TLP-CLEAR.PDF

1.3 Links to websites.txt

1.4 Steps Involved in Root Cause Analysis.pdf

1. Bonus Lecture.html

Description

Misconfigurations Defense for Red and Blue Teams as well as GRC Professionals

What You'll Learn?

An awareness of the Top common cybersecurity misconfigurations found in large organizations that leads to cyber attacks.
How to establish security baselines in Windows Cloud Environments (Azure) to mitigate misconfigurations leading to cyber attacks.
An in-dept understanding of cyber risks associated with these misconfigurations and how they are exploited by attackers.
Application of AI(ChatGPT, Gimini) to execute various lab activities involving misconfiguration mitigation
Best Practice recommendations for mitigating these cyber risks associated with these misconfigurations
How to use MITRE ATT&CK for Technical Mitigation of attacks as a result of these misconfiguartions
How to secure your cloud (Azure) environment from misconfigurations via Red Team-Azure Penetration Testing
An Introduction to root cause analsysis and its benefits to a cybersecurity mindset
Open-Source Tools for Configurations Management to mitigate cyber attacks
How develop a Root cause analysis for selected security misconfigurations
How to address various scenarios involving the skills of Red or Blue Teamer as it relates to protecting systems from these top 10 misconfiguartions.
A better understanding of cyber risks in order to develop appropriate policies & conduct effective risks assessments policies as a GRC Professional

Who is this for?

This course is designed for aspiring Red & Blue Teamers, Cyber Security Leaders, Network defenders and those thinking of transitioning into cybersecurity, or even those already into cybersecurity that needs that holistic view of how both red and blue teams can work together efficiently in keeping people, processes and technology infrastructures secure by understanding the most common misconfigurations that leads to cyber attacks and most importantly how to prevent these attacks from occurring.

What You Need to Know?

AnUnderstanding of the fundmentals of networking, information security principles, & the ability to setup up your own cloud or on-premise virtual lab environment.

Having a basic to advanced understanding of Penetration testing steps or phases and tools used at each phase.

A curious mind to research and go beyond the surface.

More details

Description
This course is designed for aspiring Red & Blue Teamers, Security leaders, Network defenders and those thinking of transitioning into cybersecurity, or even those already into cybersecurity that needs that holistic view of how both red and blue teams can work together efficiently in keeping people, processes and technology infrastructures secure by understanding the most common misconfigurations that leads to cyber attacks and most importantly how to prevent these attacks from occurring. The learner will gain knowledge and practical skills where applicable in regards to the following:
The Top 10 most common cybersecurity misconfigurations found in both mid to large size organizations that leads to cyber attacks.
Establishing security baselines in Windows Cloud Environments (Azure) to mitigate misconfigurations leading to cyber attacks.
How to practically address the following top 10 misconfigurations that leads to network\cyber attacks:
Â Â 1-Default configurations of software and applications
Â Â 2-Improper separation of user/administrator privilege
Â Â 3-Insufficient internal network monitoring
Â Â 4-Lack of network segmentation
Â Â 5-Poor patch management
Â Â 6-Bypass of system access controls
Â Â 7-Weak or misconfigured multi-factor authentication (MFA) methods
Â Â 8-Insufficient access control lists (ACLs) on network shares and services
Â Â 9-Poor credential hygiene
Â Â 10-Unrestricted code execution
Cyber risks associated with these misconfiguration and how they are exploited by attackers.
Best Practice recommendations for mitigating these cyber risks associated with these misconfigurations
Use of MITRE ATT&CK Technical recommendations for Mitigating these attacks resulting from these misconfiguration
Introduction to root cause analysis and its benefits to a cybersecurity mindset
Intro to Open-Source Tools for Configurations Management to mitigate cyber attacks
Ways to Improve Monitoring and Hardening of Networks for Blue & Network Admin Teams against cyber attacks
Use of AI to generate defense checklist that can be used as guides by network defenders to prevent these misconfigurations.
Securing your cloud (Azure) environment from misconfigurations via Red Team-Azure Penetration Testing
The misconfigurations to be explored in this course are based onÂ NSA and CISA teams conducting comprehensive security assessments of numerous network enclaves within various organizations and during these assessments, they identified the 10 most common network misconfigurations, which are systemic weaknesses across many networks leading to system compromises.

Who this course is for:
This course is designed for aspiring Red & Blue Teamers, Cyber Security Leaders, Network defenders and those thinking of transitioning into cybersecurity, or even those already into cybersecurity that needs that holistic view of how both red and blue teams can work together efficiently in keeping people, processes and technology infrastructures secure by understanding the most common misconfigurations that leads to cyber attacks and most importantly how to prevent these attacks from occurring.

User Reviews

Rating

average 0

Total votes0

Focused display

Ethical Hacking

Cyber Security

Penetration Testing

Richea Perry

Instructor's Courses

My name is Richea Perry. I am a Cybersecurity & GRC Professional, who has experience working in the Petroleum, Education & Hospitality Industries. I help organizations develop and implement Cybersecurity & GRC Programs, that help them in their efforts to operate securely considering the many cyber risks. Some of my acquired skills are attributed to training that I have received in, but not limited to the following certification domains. OCEG-GRCP, GRCA, IPMPISO 27001 LA\LI CISSP- Certified Information Systems Security ProfessionalCRISC-Certified in Risk and Information Security Control CISA-Certified Information Systems AuditorCISM-Certified Information Systems ManagerISSEP- Information Systems Security Engineer Professional

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.