دانلود دوره آموزشی SANS SEC564: Red Team Operations and Threat Emulation 2020

شرکت SANS یکی از بزرگترین مکپانی ها در زمینه امنیت سایبری است و سالانه دوره های زیادی را در این زمینه برگزار میکند . یکی از مهمترین اقداماتی که در حال حاظر در شبکه های بزرگ که دارای مرکز عملیات امنیت هستند (SOC) اتفاق می افتد راه اندازی RED TEAM است . تیم سرخ به عنوان یک تیم فعال همواره در حال بررسی تهدیدات و شکاف ها و نقاط ضعف است . دوره فوق به شما در بررسی تهدیدات ، آنالیز آنها ، پاسخگویی به BLUE TEAM ، گزارش دهی دقیق ، ایجاد برنامه های دوره ای و تست مجدد سیستم ها و امنیت آنها و …. کمک میکند . دوره فوق یکی از بهترین و مهمترین دوره ها برای کارشناسان و مدیران امنیت که در مراکر امنیت اطلاعات یا security operation center فعالیت میکنند .

You will do all of this in a course-long exercise, in which we perform an adversary emulation against a target organization modeled on an enterprise environment. This environment includes Active Directory, email, web, and file servers, as well as endpoints running the latest operating systems. We will start by consuming cyber threat intelligence to identify and document an adversary that has the intent, opportunity, and capability to attack the target organization. You will discover the TTPs used by the adversary while creating an adversary emulation plan leveraging MITRE ATT&CK (Adversary Tactics, Techniques, and Common Knowledge).

We’ll cover the planning phase of these exercises, showcasing various industry frameworks and methodologies for red teaming and adversary emulation. These frameworks are industry standards used by various regulatory bodies to ensure consistent and repeatable red team exercises.

Using strong planning and threat intelligence, students will follow the same unified kill chain as the adversaries to reach the same objective, from setting up attack infrastructure with command and control to emulating multiple TTPs mapped to MITRE ATT&CK.

The course concludes with exercise closure activities such as analyzing the response of the blue team (people and process), reporting, and remediation planning and retesting. Finally, you will learn how to show the value that red team exercises and adversary emulations bring to an organization. The main job of a red team is to make a blue team better. Offense informs defense and defense informs offense.

Course Syllabus

SEC564.1: Introduction and Planning of Red Team Exercises
SEC564.2: Red Team Exercise Execution and Closure