Security Event Triage: Monitoring Network Application Services

Focused View

Alan Monnox

2:32:02

82 View

1. Course Overview

1. Course Overview.mp4

02:01

2. Increasing the Digital Forensic Footprint with Log Data

1. Module Overview.mp4

04:02

2. Defining Network Application Services.mp4

05:07

3. Filling Out the Big Picture with Log Data.mp4

03:26

4. Setting up a Lab Environment.mp4

05:40

5. Log Analysis with Sigma.mp4

05:08

6. Module Summary.mp4

00:56

03. Detecting DNS Tunneling

01. Module Overview.mp4

00:52

02. Establishing a Covert Channel Over DNS.mp4

06:16

03. Understanding DNS Covert Channels.mp4

06:02

04. Sigma Rules for DNS C2 Attacks.mp4

02:24

05. BIND DNS Channel Detection with Postman.mp4

06:03

06. Analyzing BIND DNS with JupyterLab.mp4

06:13

07. Using Windows Events for DNS Monitoring.mp4

02:33

08. Visualizing the C2 Channel.mp4

03:36

09. Identifying the Compromised Clients.mp4

03:27

10. Module Summary.mp4

01:45

4. Identifying Compromised Authentication Application Protocols

1. Module Overview.mp4

01:15

2. Remote Services and Threat Vectors.mp4

05:49

3. Threat Finding with DeepBlueCLI.mp4

04:55

4. Analyzing Windows Logon Events.mp4

03:18

5. Creating a Timeline for the Attack.mp4

02:03

6. Enumerating SSH Users.mp4

04:30

7. Securing SSH with Keys.mp4

06:07

8. Module Summary.mp4

01:09

5. Exfiltrating Data with FTP and SMTP

1. Module Overview.mp4

01:03

2. Understanding the Role of FTP.mp4

07:10

3. Examining the FTP Logs.mp4

05:29

4. Investigating FTP Anonymous File Access.mp4

05:46

5. Monitoring the SMTP Relay.mp4

03:16

6. Understanding SMTP Log Entries.mp4

05:43

7. Module Summary.mp4

01:29

6. Finding Rogue DHCP Servers and VPN Weaknesses

1. Module Overview.mp4

01:21

2. Understanding DHCP Attack Techniques.mp4

03:15

3. Investigating DHCP Server Exploits.mp4

05:23

4. Locating Rogue DHCP Servers.mp4

01:58

5. Safeguarding Your VPN Services.mp4

05:01

6. Examining the OpenVPN Service.mp4

03:26

7. Analyzing OpenVPN with AWS CloudWatch.mp4

03:59

8. Summary.mp4

03:06

Description

Exploited network application services allow a malicious actor to establish covert channels and silently exfiltrate data. This course will show you how to use the service logs to quickly detect these attacks and closedown the open threat vectors.

What You'll Learn?

Network application services are both ubiquitous and exploitable. If successfully compromised by a sophisticated threat actor they provide the means for establishing C2 channels and exfiltrating company information.

In this course, Security Event Triage: Monitoring Network Application Services, you will learn foundational knowledge of the tools and techniques you can apply to detect when and how these essential services have been compromised.

First, you will learn the techniques an APT agent can employ in order to exploit the different types of network application services. Next, you will discover what the security events written to the log files can reveal about the attack that’s unfolding. Finally, you will explore how to use freely available tools to analyze events from across the network to differentiate the good from the bad in terms of the malicious use of these services. When you’re finished with this course, you will have the skills and knowledge of monitoring network application services needed to protect your organization from sophisticated cyberattacks seeking to exploit these essential network protocols.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Network Monitoring

Alan Monnox

Instructor's Courses

Alan is the Lead Architect for the cyber security company Reveille Security. He is also the author of the book Rapid J2EE Development published by Prentice Hall. Alan’s tenure in the IT industry goes back over several decades and during that time he has been fortunate to work on many large-scale systems for a range of business-sectors and industries, including energy, finance, retail and healthcare. His core skills are in information security, solution architecture, and systems integration. Much of his work with clients is as a consultant but the projects he enjoys the most are where he gets hands on with the technology and works as part of a team to deliver a great result. Alan’s role in security and architecture places an emphasis on the importance of communications skills. Despite once being terrified at the thought of public-speaking, Alan now enjoys any opportunity to share knowledge and ideas, be that through presentations, workshops, mentoring or by simply putting pen to paper.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.