Hands-On Training to Support Your Security Needs

We’ve heard from many customers that telling them what to fix is not good enough; they want to know how to fix their security vulnerabilities and ensure they are protected in the future.  So, we created a comprehensive training program focused on defensive security, but we understand that having a solid defense means you need to understand all the offensive techniques.  Our training provides a very detailed comparison between the of defensive and offensive approaches, using real world scenarios.  This gives you the best opportunity for implementing strong defensive layers inside your network infrastructure and endpoints.  After completing this course, your team will understand what needs to be done to ensure the highest levels of security and performance, and how Collective Sense solutions can help you achieve your goals.

Course Contents

1)  Introduction to the Collective Sense defensive security system

2) Web application security -> hardened Reverse Proxy -> modsecurity vs HTTP security issues

3) Hardened Linux vs exploits/rootkits

4) Network security

5) System Auditing, integrating & accounting

6) Summary: offense vs defense

The many labs included in the training include:

  • GDB introduction
  • Seccomp
  • Apparmor policy development
  • Volatility LAB – diffing between infected and clean memory dumps
  • Malware PCAP analysis
  • SELinux module development
  • PAX – policy development
  • PAM LAB: google-authenticator / yubikey
  • Simple kernel module development + hiding + detection
  • Suricata vs metasploit, PtH, heartbleed, shellshock and others
  • WLAN Security vs Evil Twin / Karma and others attack detection
  • Web application security vs OWASP Top 10 attack techniques and others
  • Grsecurity/PAX/GCC hardening vs Linux kernel and userspace exploitation using vulnerabilities from the last past years (PERF_EVENTS, ptrace/sysret, memppodiper, semtex, sendpage, chroot() escape, dirty_cow)
  • Seccomp/capabilities/namespaces vs exploits
  • SELinux vs exploits (Redis Command Execution, Venom, Apache)
  • Volatility vs rootkits
  • Secure SSH relays and importance of low level privileges rule
  • System users accountability, including root
  • Linux Domain Controller
  • Using sysdig/SystemTAP for detecting deviations in the behavior of daemons and services
  • Network packet filtering including TOR, ipsets, IP reputation, port knocking
  • Network honeypots vs scanning tools and obstruction of the process of enumeration
  • PCAP analysis and Deep Packet Inspection vs malware
  • Sandboxing for malware detection and deep analysis (cuckoo, yara)
  • Web Application Firewall vs OWASP Top 10