My Training
This has been my infosec program of study, both in and out of school, for the past few years. With the COVID situation cancelling my co-op and so much cheap and free training on offer, this summer I've been lining up webinar after course after workshop to make the most of my downtime. I'll be keeping track, here, of various training resources I'm using, along with a bit of annotation and any certificates and certifications that come of it.
CompTIA Security+
Azure Fundamentals
CCSK
Qualys Web Application Scanning Specialist
Qualys Vulnerability Management Specialist
Nessus Certificate of Proficiency
Splunk Fundamentals I
Mohawk College - Network Engineering & Security Analysis
Top
COMP 10201: Applied Research 2
Course (1 term)
This independent project involves
a program of exploitation training and demonstration of 10 intentionally vulnerable Linux and Windows virtual machines – with written and video documentation of vulnerabilities, tools, and techniques – and a workflow/reference document for network penetration testing. This project is intended to act as a training program in preparation for the Offensive Security Certified Professional (OSCP) certification exam, as well as a template for others for training in offensive security skills.
Fall 2020
COMP 10247: Python for Networking
Course (1 term)
Course Description: Learn how to use Python and Network Programmability to manage a network more efficiently. Acquire Python programming skills relevant to networking engineers.
Fall 2020
COMP 10027: Protocol Analysis and Troubleshooting
Course (1 term)
Course Description: Establish a solid foundation in TCP/IP network performance and troubleshooting using a protocol analyzer. Implement a VOIP telephone system using Asterisk.
Fall 2020
COMP 10030: Microsoft Security
Course (1 term)
Course Description: Examine exploits and their solutions. Emphasize security tools primarily for Windows Servers and Clients. Present different styles of exploits, solutions and enhanced security techniques.
Fall 2020
COMP 10097: Virtual Infrastructure
Course (1 term)
Course Description: Design, build, test and document virtual infrastructure solutions to meet requirements described in case studies using mainly open-source software and tools.
Fall 2020
COMP 10199: Applied Research 1
Course (1 term)
This independent project involved developing (1) a demonstration of credential exposure and steps to reduce exposure of credentials; (2) a demonstration of password hash cracking and steps to implement secure password policies; and (3) a demonstration of non-trivial phishing/spear-phishing attacks on two networks (one standard/vulnerable email server configuration and one best-practices email server configuration) and steps to implement the best-practices employed in the demonstration server.
Winter 2020
COMP 10224: Advanced Cisco Routing and Switching
Course (1 term)
Course Description: Develop skills and knowledge to successfully install, operate, secure and troubleshoot a small-to-medium-size enterprise branch network. Establish a foundational knowledge about the security threats facing modern network infrastructures, securing Cisco routers, implementing AAA on Cisco routers, mitigating threats to Cisco routers, switches and networks, implement site-to-site VPNs, and configure and administer various models of the Cisco ASA security appliance. Apply skills to create a functional company infrastructure using private, public, and DMZ networks controlled by VPNs and firewall application. Prepare for the challenges faced in the business networking environment by practicing and evaluating both individual and team work skills.
Winter 2020
COMP 10111: PowerShell Administrative Scripting
Course (1 term)
Course Description: Develop hands-on skills required to create custom PowerShell scripts that are capable of performing complex, repetitive, and time consuming Windows administration tasks for both local and domain environments.
Winter 2020
COMP 10032: UNIX Security
Course (1 term)
Course Description: Establish a solid foundation in UNIX security. Topics include installation, patching, network security, security scanning, intrusion detection, and limited access environments.
Winter 2020
COMP 10031: Security Auditing and Forensics
Course (1 term)
Course Description: Develop hands-on skills in the areas of computer and forensic investigation. Perform ongoing monitoring and auditing of such systems. Carry out a forensic investigation into suspicious events, incidents, or system compromises. Use third-party utilities as well as the relevant Windows and UNIX system utilities and commands to perform security auditing and forensic tasks.
Winter 2020
COMP 10023: Cisco Routing and Switching
Course (1 term)
Course Description: Develop skills and knowledge to install, operate, and troubleshoot a small-to-medium size enterprise branch network. Establish a solid operating knowledge of IP data networks, LAN switching technologies, IPv4 addressing, IPv6 addressing, IP routing technologies, IP services network device security, IP services, WAN technologies, and troubleshooting. Prepare for the challenges faced in the business networking environment by practicing and evaluating both individual and team work skills.
Fall 2019
COMP 10022: ITIL Client Support
Course (1 term)
Course Description: Develop customer service skills and techniques in preparation for a career as a technical support specialist. Topics will include defining, managing, and maintaining service levels. Develop and demonstrate process management and implementation skills through both case study and on-line customer support tools.
Fall 2019
COMP 10017: Email Server Administration
Course (1 term)
Course Description: Ensure a solid foundation in e-mail administration. Configure both server and workstation software. Provide secure communication services for a variety of user applications. Encrypt e-mail messages between senders and receivers. Perform data backups and recovery from loss of data. Troubleshoot connectivity and security issues.
Fall 2019
COMP CO924: Web Server Administration
Course (1 term)
Course Description: Administer business-class web service environments including server software and user applications. Perform administrative tasks including the installation and verification of software components, configuration of server and user environments, back and recovery routines, and the securing of sensitive content.
Fall 2019
COMP 10051: Microsoft Server Administration 2
Course (1 term)
Course Description: Develop the administration skill set that began in Microsoft Server Admin Part 1. Examine and utilize the tools that can simplify and speed up the completion of various administration tasks.
Fall 2018
COMP 10021: Wireless Networking
Course (1 term)
Course Description: Describe the behavioural fundamentals and properties of radio frequency (RF) waves. Explain the major spread spectrum technologies commonly used in wireless networking environments. Design, administer, customize, and troubleshoot popular IEEE 802.11 wireless network topologies.
Fall 2018
COMP 10019: Network Infrastructure
Course (1 term)
Course Description: Build a foundation for learning to make informed design decisions regarding the infrastructure of an enterprise level network. Identify and select appropriate vendor products for a given network scenario. Identify and examine network design concepts focussing on physical and data link OSI layers for cable-based LANS. Classify design principles in the context of Ethernet networks that adhere to the TIA/EIA-568 structured cabling standard.
Fall 2018
COMP 10018: UNIX Administration
Course (1 term)
Course Description: Build the basic skills required to deploy and administer UNIX and UNIX-like systems in a networked environment.
Fall 2018
COMP 10041: Microsoft Server Administration 1
Course (1 term)
Course Description: Develop a working knowledge of managing a Microsoft Server and Domain. Construct a shared file system. Manage and design user and computer accounts in the Active Directory environment. Examine and construct group policies using Group Policy Management tools.
Summer 2018
COMP 10024: Fundamentals of UNIX
Course (1 term)
Course Description: Establish a solid foundation with a Unix operating system. Construct ans execute well formed UNIX commands. Install end-user applications. Customize the user environment. Work with UNIX directories and files. Create and troubleshoot shell scripts.
Summer 2018
COMP 10043: TCP/IP Internet Services
Course (1 term)
Course Description: Establish a solid foundation of theory and hands on skills required to administer a TCP/IP network.
Summer 2018
COMP 10110: Virtualization
Course (1 term)
Course Description: Develop a working knowledge of the major concepts related to desktop virtualization. Install and configure multiple virtualization packages. Install and execute various operating systems from within virtual machines. Establish an understanding of the terminology and features of multiple virtualization packages and install and configure virtual hardware and networking components.
Summer 2018
MATH 10064: Discrete Math & Statistics
Course (1 term)
Course Description: This course introduces students to selected topics from number theory, discrete mathematics and statistics. Number theory topics include: Prime factorization, modular arithmetic and tournament scheduling. Discrete mathematics topics include: progression and sequences; mathematical induction, binomial theorem, permutations and combinations. Statistics topics include understanding data; gathering data; probability and probability models; inference about data; and analysis.
Summer 2018
COMP 10001: Programming Fundamentals
Course (1 term)
Course Description: Build a foundation for learning and practicing the discipline of Software Engineering and the application of tools and methods to produce and maintain quality software systems. Develop essential skills to create software structures and logic. Develop knowledge and disciplines which are transferrable to any computer-based software problem.
Winter 2018
COMP CO910: Introduction to Networking
Course (1 term)
Course Description: Administer Microsoft Windows and UNIX hosts within a virtualized environment. Design and implement common network-level services. Create and utilize software development environments.
Winter 2018
COMP CO710: HTML & CSS
Course (1 term)
Course Description: Create Web Pages using the HyperText Markup Language (HTML). Format Web pages using Cascading Style Sheets (CSS). Create Web pages that include lists, links, images, Web Tables, and Web Forms, styled with CSS. Use Web Accessibility Initiative (WAI) rules for accessibility compliance in design.
Winter 2018
MATH 10042: Mathematics for Computer Studies
Course (1 term)
Course Description: Use mathematical procedures to solve problems involving conversions between different number systems. Perform symbolic manipulation and simplification of expressions in Boolean algebra including truth tables and Karnaugh maps. Apply mathematical principles used in technical computing and investigate different graphing techniques. Solve application problems modeled by algebraic, exponential and logarithmic equations.
Winter 2018
Web Application Security
Top
Analyzing the OWASP API Security Top 10 for Pen Testers
Webinar (1hr)
This talk explored the recently released OWASP API Security Top 10 list, as well as tools and resources to test and secure APIs.
August 31 2020
PortSwigger Web Security Academy
Course (?hr)
The makers of Burp Suite and the Web Application Hacker's Handbook have created an amazing free series of online web application security training resources in lieu of a 3rd edition of the WAHH. The lessons are clear and packed with valuable information. The labs are user-friendly and an excellent opportunity for hands-on experience with the vulnerabilities discussed. The difficulty of the material ranges from quite basic introductory concepts to quite advanced exploitation. Some labs do, however, require a Burp Suite Pro license to access tools like Collaborator.
August 19 - present 2020
Learn Burp Suite
Course (~2hr)
This course introduces the major tools of the Community Edition of Burp Suite (Proxy, Repeater, Target, Spider, Sequencer, Intruder, Comparer) and the paid Scanner tool, using the OWASP WebGoat for demonstrations and practice.
July 14 2020
Modern Webapp Pentesting - How to Attack a JWT
Webinar (1hr)
This talk covered the basics of JSON Web Tokens (JWTs) and their vulnerabilities to information disclosure, forgery using the none signature algorithm, and offline cracking, with some demonstration of Burp Suite tools to attack JWTs.
June 18 2020 2020
Qualys Web Application Scanning
Course (8hr)
This course covered the basics of configuring web applications in the Qualys subscription, completing discovery and vulnerability scans, generating reports, and managing users and roles related to the Qualys Web Application Scanning application.
June 12 2020
Chrome Developer Tools: Raiding the Armory
Conference talk (1hr)
On a recommendation from the ACM Dev Tools webinar, I checked out this Stir Trek 2018 talk by Greg Malcolm. The talk focussed on the Chrome Dev Tools (rather than Firefox), and on site troubleshooting and development. This took a deeper and more applied dive into debugging, break points, and timing management.
April 23 2020
Free Tools! How to Use Developer Tools and Javascript in Webapp Pentests
Webinar (1hr)
This short session looked at basic features of the built-in browser Developer Tools, particularly the Inspector, Console, and Storage areas in Firefox's Dev Tools. This dovetailed nicely with my time working on learning Javascript, so I picked up a couple of handy pentesting tips using the Dev Tools Console.
April 23 2020
CNIT 129S: Securing Web Applications
Course (~12hr)
Sam Bowne posts all of his CCSF courses for public access, so I worked through the Web Application Hacker's Handbook readings and facilitated the lab projects with the Mohawk Cybersecurity Club. This course covers techniques used by attackers to breach web applications and how to protect them.
April - June 2019
Process Injection Bootcamp
Workshop (~8hr)
This 2-day bootcamp at BSidesTO 2020 covered the fundamentals of process injection, classic injection techniques, dynamic and remote payloads, defense evasion, and advanced techniques like process hollowing. It was fantastic!
October 17 - October 18 2020
Offensive Maldocs in 2020
Webinar (~1hr)
This webinar demonstrated new techniques for creating malicious documents including XLM (Excel 4.0) macros, Remote Template Injection, and a new method of abusing MsoShapes in office documents
September 8 2020
PenTest HackFest & Cyber Ranges Summit
Conference (~15hr)
SANS brought the Pentest HackFest and the Cyber Ranges Summit together into one free online conference. I mostly stuck to the HackFest track, but I'll be going back over some of the Cyber Ranges track, too, if/when they post the videos. I also got to compete in the Global Cyber Ranges Competition, after qualifying in the miniNetWars in April!
June 4 - June 5 2020
Bad As You Want To Be: Aversary Emulation Basics
Webinar (1.5hr)
MalwareJake Williams provided a range of ideas and free resources for taking red-teaming and threat-hunting efforts to the next level - emulating the threat actors in your threat model. He followed the Cyber Kill Chain framework to organise the presentation, so the coverage was deep, and ran a couple of simple demos to spoof foreign government email servers and to create registry key artifacts.
May 28 2020
Practical Ethical Hacking
Course (24.5hr)
The full course by The Cyber Mentor, Heath Adams, focussed on the tools and tactics that are commonly used in pentesting and red teaming. The course also includes basics of networking and scripting. The section on Active Directory attacks and the web recon resources were outstanding.
May 20 - August 18 2020
Empire PowerShell for Beginners - Mimikatz & Privilege Escalation
Course (~1hr)
A 3-part tutorial on installing and using Empire PowerShell for harvesting credentials and escalating privileges. The tutorials could use some fine-tuning, but otherwise an OK intro to Empire.
May 5 2020
Elevating your Windows Privileges Lika a Boss!
Conference talk (1hr)
All of the 2019 Wild West Hackin' Fest talks are up on YouTube. This talk by Jake Williams (@MalwareJake) covers the basics of Windows privilege escalation using COM objects, DLL side loading, and various privileges assigned to user accounts.
May 5 2020
Kerberos & Attacks 101
Webinar (1hr)
This was a fantastically clear explanation of the main Kerberos attacks, by the discoverer of the Kerberoasting vulnerability, Tim Medin. He covered the principles, uses, and defenses for Golden Tickets, Silver Tickets, Skeleton Keys, Pass-the-Ticket and Over-Pass-the-Ticket. Now I need to know more about Mimikatz and other ticket collectors!
April 30 2020
Hacking Dumberly Redux More Dumberer
Webinar (1hr)
Tim Medin of Red Siege reminds us to first try for the low-hanging fruit and dumb misconfigurations with off-the-shelf software. Incomplete patching, ncat, test accounts, and bad passwords - the simple stuff is out there everywhere!
April 17 2020
Infosec Institute Cyber Range
Cyber range access (~16hr)
The Cyber Work podcast from the Infosec Institute was celebrating a milestone and gave away codes for a free month of access to their cyber range. I had a couple of days free over the Spring Break, so I worked my way through their Pentesting scenarios. They have a nice range of scenarios from absolute basics to specialist skills.
February 20 - February 21 2020
Ethical Hacking & CompTIA Pentest+
Course (11hr)
I've been picking at this course from Total Seminars since late January, so it's time to finish it off. I've found the content to be quite high-level and theoretical, but the review is good, and there are always new ideas and viewpoints to take in. This course also came with a practice test each for CEH and PenTest+, so we'll see how I'm faring there, too.
January 22 - May 20 2020
Beginner Network Penetration Testing
Course (~15hr)
This was an introductory course promoting the longer format Practical Ethical Hacking course on Udemy by The Cyber Mentor, Heath Adams. The course started out with quite basic material and worked its way right into some heavy-duty network penetration testing tools and techniques. I'm looking forward to his 25-hour PEH course!
June 22 - June 23 2019
Microsoft Ignite Security Challenge
Course (~6.5hr)
This series of modules covers identity and access management, threat protection, and information protection and governance in Microsoft Azure Active Directory and 365 environments.
October 3 2020
AWS Security Fundamentals
Course (2hr)
This course covers fundamental AWS cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured.
May 29 2020
AWS Cloud Practitioner Essentials
Course (6hr)
The fundamental-level course is intended for individuals who seek an overall understanding of the AWS Cloud, independent of specific technical roles. It provides a detailed overview of cloud concepts, AWS services, security, architecture, pricing, and support. This course also helps you prepare for the AWS Certified Cloud Practitioner exam.
June 29 2020
Azure Fundamentals
Course (9.5hr)
This is the self-paced online Azure Fundamentals training. The MS Azure Virtual Training Day was a bit shallow and included no hands-on components, so I ran through this course. The hands-on exercises were helpful and the review was worthwhile. And apparently they helped with the exam.
May 17 2020
Microsoft Azure Virtual Training Day: Fundamentals
Workshop & certification (5hr)
I got up at 2AM to catch this in the Central Europe timezone, so I was little put off that it was simply a recording and involved no hands-on components. The session provided an overview of the Azure core services and included introductory material on cloud computing and shared responsibility for security. It is intended as preparation for the AZ-900 exam and included a voucher for the Azure Fundamentals exam (hence the 2AM wakeup). I think I'll still be taking the 9 hour self-paced course for AZ-900 prep before attempting the exam.
May 7 2020
Breaching the Cloud Perimeter
Workshop (4hr)
This excellent 4-hour workshop was packed with a deep walk-through of cloud pentesting tools and techniques, interspersed with practical labs attacking AWS and Azure cloud assets. This is the first of four 4-hour sessions in the paid offensive tradecraft training. Take any or all of them if you can!
April 25 2020
Lift and Adrift: Understanding Threats in an AWS Environment
Meeting talk (2hr)
"This talk will provide examples of these new attack vectors in AWS environments, ways to identify these vectors, and finally steps to mitigate them (individually and across an organisation). It is intended to be an introductory talk, and does not require advanced knowledge of AWS services."
April 22 2020
CCSK+
Course (~14hr)
James Arlen is an advisor to the Mohawk Cybersecurity Club, and offered to run his 2-day hands-on CCSK course for us. The CCSK+ version includes a good mix of basics, theory, and hands-on labs in AWS, and was a solid preparation for the CCSK exam.
June 22 - June 23 2019
210W-11 Mapping IT Defense-In-Depth Security Solutions to ICS - pt II
Workshop (1hr)
This module picks up at Layer 3 - Network Security, and continue to build on the defense-in-depth strategy introduced in Part I with Hardware and Software Security.
June 25 2020
210W-10 Mapping IT Defense-In-Depth Security Solutions to ICS - pt I
Workshop (1hr)
This training introduces the defense-in-depth model and cover layers 1 (Security Management) and 2 (Physical Security).
June 25 2020
210W-09 ICS Attack Methodologies in IT & ICS
Workshop (1hr)
Understanding how hackers attack systems helps you better understand how to defend against cyber attacks.
June 25 2020
210W-08 ICS Cybersecurity Consequences
Workshop (1hr)
This course will covers the impacts of cyber based attack can have on an ICS, and different ways of looking at the potential consequences of three types of events.
June 25 2020
210W-07 ICS Cybersecurity Vulnerabilities
Workshop (2hr)
This course examines some of the current trends in cybersecurity vulnerabilities that contribute directly to cyber risk in Industrial Control Systems (ICSs). The goal is to identify the root causes and their associated countermeasures that can be used to protect control systems.
June 25 2020
210W-06 ICS Cybersecurity Threats
Workshop (1hr)
Risk is a function of threat, vulnerability, and consequence. The most complex attribute is threat because it can be intentional or unintentional, natural or man-made. When trying to develop defensive strategies to protect controls systems, it is important to understand the threat landscape in order for appropriate countermeasures or compensating controls to be deployed.
June 25 2020
210W-05 ICS Cybersecurity Risk
Workshop (1hr)
This course is designed to help gain a better understanding of cyber risk, how it is defined in the context of ICS security, and the factors that contribute to risk. It also covers how IT-based countermeasures can be customized to accommodate ICS architectures.
June 25 2020
210W-04 Cybersecurity Within IT and ICS Domains
Workshop (1hr)
Understanding the basic concepts of cybersecurity will provide the necessary foundation to determine the appropriate controls to protect ICS. ICSs are dependent on IT, as contemporary IT is often troubled with cyber vulnerabilities.
June 25 2020
210W-03 Common ICS Components
Workshop (1hr)
This course covers the common components and protocols found in Industrial Control Systems (ICS)
June 24 2020
210W-02 Influence of IT Components in ICS
Workshop (1hr)
This course covers the elements of a traditional IT network, specific issues that relate to emerging cybersecurity problems, and some of the complexity associated with trying to mitigate those problems.
June 24 2020
210W-01 Differences in Deployments of ICS
Workshop (1hr)
This course discusses what, where, and how industrial control systems (ICSs) are used and describes some of specific examples of how ICSs work in real-life situations.
June 24 2020
100W Cybersecurity Practices for ICS
Workshop (2hr)
This training covers operational security practices and their application to industrial control systems (ICS) security.
June 24 2020
Using a Collection Management Framework for ICS Security Operations and Incident Response
Webinar (1hr)
The webcast outlined how to build a Collection Management Framework and how to use it for incident response, threat hunting, and security operations in ICS environments.
June 23 2020
Securing ICS Using the NIST Cybersecurity Framework and Fortinet
Webinar (1hr)
This webinar began with a SANS instructors panel on applying NIST to ICS environments, for assessing risk and developing a tiered approach to ICS security. They also specifically touched on Fortinet's products for critical infrastructure security.
June 23 2020
Leveraging Managed Threat Hunting for an Effective ICS/OT Cybersecurity Program
Webinar (1hr)
This webinar introduced the cloud-based Managed Threat Hunting program from Dragos (Neighborhood Watch) and discussed evluation of Managed Detection and Response and Managed Threat Hunting products for ICS/OT.
June 23 2020
Responding to Incidents in Industrial Control Systems
Webinar (1hr)
This webinar discussed at a high level, the primary need to identify ICS threats in order to manage incidents effectively, and provided general recommendations for setting up an effective IR program to reduce risk exposure.
June 23 2020
IoT Virtual Village
Conference (8hr)
The IoT Virtual Village was full of the presentations that you would find at a physical IoT Village event. Highlights were a wireless swiss army knife, the deplorable state of IoT segmentation, and some of the latest SCADA/ICS red team hacks.
May 28 - May 29 2020
IoT Hacking 101 - Firmware Funhouse
Workshop (1.5hr)
The talk was heavily focussed on career options and tracks in IoT security, but the demo was a good little hands-on introduction to accessing, viewing, and decrypting IoT device firmware. I'm looking forward to the IoT Virtual Village and CTF at the end of the month!
May 3 2020
Tech Tuesday Workshop - C2Matrix - Know Your Tool CTF
Workshop (2hr)
This workshop introduced the C2 Matrix, the various tools, capabilities, and features as well as the detective tools one can use to monitor and understand what the generated payloads do. In a CTF format, we took a identified and examined payloads that were generated with various C2 frameworks.
August 25 2020
Improve Your Security Posture with TrustedSec
Webinar (1hr)
Ben Ten and Larry Spohn of TrustedSec ran through several demonstrations of common hacking tools and techniques to improve understanding of early Indicators of Compromise (IoCs) and how to identify threats within a network environment. The demonstrations also provided good insight into how to reduce one's noise levels in a pentest.
August 19 2020
What About Ransomware
Webinar (1hr)
In this webinar, John Strand discusses open-source (Caldera, Atomic Red Team) and commercial (Scythe) tools and the value of them in attack emulation to improve threat intelligence and detection of ransomware using overlapping fields of visibility.
June 25 2020
Testing Your Threat Hunting Platform
Webinar (1hr)
Following up on the Threat Hunting workshop, this session covered how to confirm that your threat hunting platform is working as intended. They overviewed DNS C2 detection testing and Metasploit session detection testing methods.
May 6 2020
Cyber Threat Hunting Training
Workshop (6hr)
This 6-hour workshop, with hands-on labs focussed on free threat-hunting tools, covered how to leverage network data to perform a cyber threat hunt. Key takeaways were developing a threat scoring system, identifying long connections, locating beacons, and finding C2 over DNS. They've run this for free a couple of times, with more planned in coming months.
April 4 2020
The SOC Age: Or, A Young SOC Analysts Illustrated Primer
Webinar (1hr)
John Strand discussed the core skills that a SOC analyst needs in order to be successful and to prevent burnout.
October 15 2020
Excellent Architecture: Avoid Common Mistakes in Security Operations
Webinar (1hr)
Christopher Crowley of Montance LLC discussed a full range of architecture, maturity, and failure considerations for an effective SOC. This talk was an overview of his SOC-Class.com training, covering advice around the development of SOCs intergrated with monitoring, threat intelligence, penetration testing, forensics, maturity assessments and more.
August 3 2020
CompTIA CySA+ Training
Course (7hr)
This was another Total Seminars course I picked up on a deal last year, and have been meaning to fit into my schedule. Now's as good a time as any!
July 8 - Present 2020
Nessus Certificate of Proficiency
Course (11hr)
This course featured no interactive labs, but covered the basics of configuring basic and credentialed scans of networks and web applications, asset discovery and vulnerability scans, generating reports, and managing users in Nessus Manager.
June 15 - June 16 2020
Qualys Vulnerability Management
Course (8hr)
This course covered the basics of host asset discovery, host categorisation, vulnerability scanning, result filtering, reporting, and user management in the Qualys Security and Compliance Suite's Vulnerability Manager and AssetView applications.
June 11 2020
Mapping Your Network to MITRE ATT&CK to Visualize Threats, Logging, and Detection
Webinar (1hr)
Wade Wells gave a brief introduction to integrating logging and detection resources with MITRE's ATT&CK framework using tools like DeTT&CT to demonstrate and gap-fill coverage of high-threat TTPs and across the board.
May 27 2020
Elastic SIEM Fundamentals
Workshop (2hr)
This session covered the basics of the Elastic SIEM UI, data analysis, and agent installation. It touched only briefly on the prebuilt machine learning jobs for anomaly detection.
May 1 2020
Anomaly Detection for Cybersecurity
Course (2hr)
An OK introduction to security anomalies and automated detection of attack behaviour. The labs are not well written, but attempt to cover configuring Elastic anomaly detection using machine learning, and specifically detecting DNS data exfiltration.
April 17 2020
Kibana Fundamentals
Course (2hr)
A simple introduction to the basics of Kibana queries, analysis, and visualiation (focus on Lens). The lab document is a bit out of date or missing information, but otherwise straight-forward.
April 16 2020
How to Build a Home Lab
Webinar (1hr)
With all of the interest in their other threat hunting and active defense workshops, the Active Countermeasures/Black Hills Information Security crew put together a session on building a safe, simple home lab for testing new tools and techniques. A very simple hardware setup and loads of free/cheap tool recommendations.
April 16 2020
Splunk Fundamentals I
Course & certification (~10hr)
Over 14 modules, many with practical labs using a 60-day free trial of enterprise Splunk, you get a very straightforward introduction to the basic capabilities of Splunk and the Splunk search language. At the end, there is a free 39-question certification test for the Splunk Fundamentals I certification.
March 23 - April 13 2020
Getting Started in Security with BHIS and MITRE ATT&K
Course (16hr)
John Strand and Black Hills Security opened up their full getting-started class to anyone who was interested in this pay-what-you-can offering. The class covers security fundamentals with lots of hands-on labs demonstrating the top vulnerabilities, attacks, and defenses Black Hills pentesters see in their 500+ security assessments each year.
July 27 - July 30 2020
DNSSEC
Course (2hr)
This course outlines the DNS Security Extensions (DNSSEC) protocol that protects against data spoofing, and the process for implementing it.
June 30 2020
IPv6: How to Securely Start Deploying
Webinar (1hr)
This 1-hour session from Joff Thyer was a firehose of information about securing IPv6 with practical adivce on specific types of traffic to filter and address assignment best practices.
June 6 2020
Cryptography Essentials Made Simple
Webinar (1hr)
This was a nice review of symmetric, asymmetric, and hashing cryptography principles and major algorithms, along with their relative value for different platforms and applications.
May 15 2020
Securing Active Directory
Course (1hr)
This was the first of three sessions working through material from the Active Directory Administration Cookbook by the author, Sander Berkouwer. Sander covers some lesser-known security options like fine-grained password and lockout policies, LAPS, the AD recycle bin, and group Managed Service Accounts that severely limit Kerberos attacks.
May 7 2020
Universal Privilege Management
Webinar (45min)
This webinar, promoting the BeyondTrust product, looked at what we do after we remove local admin privileges to maintain user productivity. The BeyondTrust product uses limited privilege policies (change network settings, install approved software, blacklist non-approved software use); credential vaults allowing specific users access to specific machines (similar control for off-site and 3rd-party remote access and can be validated against service tickets); and remote session monitoring and recording.
April 15 2020
Active Defense & Cyber Deception
Workshop (4hr)
John Strand literally wrote the book on Active Defense (Offensive Countermeasures, with Paul Asadoorian - free to read on Kindle at the moment!), and in this 4-hour workshop he introduces the tools for legal Annoyance, Attribution, and even Attack, in the ADHD (Active Defense Harbinger Distribution) VMs they provided. The workshop focussed mainly on the Annoyance tools, like honey accounts, honey ports, and honey tokens, and a bit on the Attribution aspects of those tools. Their webite, however, has a full set of labs and exercises for the full range of tools in ADHD.
April 9 2020
Check Point Infinity Training - Mastering R80 Security Management
Course (~14hr)
My co-op offered me the chance to go to this 2-day training, as I was the one responsible for configuring their new CheckPoint firewall. The training consisted of hands-on labs to demonstrate product features.
February 12 - February 13 2019
Intro to DFIR: The Divide and Conquer Process
Course (3hr)
This course covers a systematic approach to intrusion investigations, including a framework for categorizing artifacts that may contain DFIR evidence, how to analyze those artifact categories, and the benefits of an automated approach.
October 9 - October 12 2020
Linux Forensics: It's All About the Logs
Webinar (1hr)
Hal Pomeranz covers a variety of vital information that can be collected from Linux logs, including deleted logs, audit logs, and even logs in binary that require crazy command line tricks to parse.
September 2 2020
Linux Forensics Magical Mystery Tour with Hal Pomeranz
Webinar (1hr)
Hal Pomeranz dives into the value and recovery of Linux forensic evidence like relative atime updates, block groups and allocation strategies, and deleted file recovery on the command line.
May 7 2020
Autopsy Training
Workshop (8hr)
This course covers all of the basic functionality of the forensic tool Autopsy. I can't believe how much nicer the current version is compared to the dodgy old version that comes pre-installed in Kali.
April 29 - April 30 2020
Atomic Purple Team Framework and Life Cycle
Webinar (1hr)
In this webinar, Kent Ickler and Jordan Drysdale of Defensive Origins lay out a business-driven workflow for balancing risk with attack, hunt, and defend methodologies to grow an effective purple team.
July 16 2020
A Blue Team's Perspective on Red Team Hack Tools
Webinar (1hr)
This talk had an excellent discussion of the nature and practice of purple teaming. In addition to reviewing the value of common red team tools, to identify flaws in Active Directory and general network design and implementation, they debuted the PlumHound tool, adapting BloodHound for purple teaming (moving from graphs for attackers to lists for defenders).
June 16 2020
Applied Purple Teaming: Infrastructure, Threat Optics, and Continuous Improvement
Workshop (4hr)
This workshop focussed on the implementation of Sysmon, WEF/WEC, and HELK to build a heavily audited and well-monitored detection environment for effective purple teaming.
June 6 2020
Automate the Boring Stuff with Python Programming
Course (9.5hr)
A Udemy course covering the much of the content of the book of the same name, delivered by the author Al Sweigart. The first half of the course was review (for me) of the basics (variables, for loops, if conditions, etc), but the second half gets into the really handy regex, file manipulation, and web scraping material. I really do need to check out the Image Manipulation sections in the book!
May 11 - May 12 2020
Introduction to JavaScript
Course (~30hr)
I've been meaning to level up (from 0) my JavaScript knowledge, and the free upgrade to CodeAcademy Pro for students is the perfect opportunity. This was a really good course, and I'm feeling much more confident in my ability to parse and write JavaScript
April 20 - April 28 2020
How to Social Engineeer Your Way into Your Dream Job
Webinar (1hr)
This was an excellent and sensible approach to intelligent/strategic job hunting (in and out of the pandemic) with a live practical example search. Jason Blanchard also runs frequent live job hunts on Twitch, and I'll have to check those out, too!
May 21 2020
Cybercrime at Scale: Dissecting a Dark Web Phishing Kit
Webinar (1hr)
This webinar provided a brief live walkthrough (followed by extended Q&A) of the location, purchase, and implementation of off-the-shelf phishing kits available on the dark web.
May 21 2020
How to Sell Security to C-Levels
Webinar (1hr)
Chris Benton provides advice on how to act as a security leader in the organisation, pitch the security controls that match the business needs of the C-suite, and collaborate with other departments (sales, legal, IT, etc) to create and align processes that remove inhibitors to business.
May 20 2020
Using ATT&CK for Cyber Threat Intelligence
Course (4hr)
This was a great introduction to the ATT&CK framework and how to apply it. The course includes exercises that are taken up in the videos and covers mapping reporting and raw data to ATT&CK as well as CTI analysis and recommendation using ATT&CK-mapped data.
May 6 2020
CompTIA Security+ Training
Course (19hr)
I started this course after finishing the Total Seminars Network+ course, and continue to be impressed with Mike Meyers' courses. I am using this, along with Marcus Carey's QuarantineSec training and the Anki flashcard app to prepare for the Security+ exam in July.
May 5 - July 1 2020
IsolationCon
Conference (10hr)
Three tracks of infosec talks (Red Team, Blue Team, and Purple Team), a CTF, and a Pub Quiz, with donations to Doctors Without Borders. What's not to love? I split my time between the Red and Purple tracks:
- The Complete History of Hacking & Phreaking
- The Red or Blue Pill
- Why Staying Silent Will Always Keep You Secure
- Hacking Universities in 20 Seconds
- Increasing CTI Collection Efficiency
- From Mantra to Mindset: Preparing for the OSCP
April 19 2020
The Proven and Practical Project Manager Toolkit
Webinar (1hr)
I'm also a PMI-PMP keeping up on my professional development units, but so much of what we do in IT and cybersecurity is project-based. This webinar focussed on Information Mapping for improved written communication, Results Chains to clarify and visually communicate project activities, and Benefit Registers to show progress and demonstrate achievements.
April 16 2020
Quarantinesec
Course (~36hr)
Hacker, author, and all-around good guy, Marcus J Carey, has been runnning a prep course for Network+, along with aspects of Security+ and Cisco networking. The course focussed on practical application of the Network+ and Security+ concepts. Marcus also arranged a number of free exam vouchers for those dedicated to the study process, and I made the most of mine! Thank you, Marcus!
March 24 - June 4 2020
CompTIA Network+ Training
Course (23hr)
I worked my way through this course from Total Seminars early last year, during my first co-op, and was impressed with the clarity and approachability of Mike Meyers' courses.
January - May 2019
© Built on Halcyonic at HTML5UP. All rights reserved. | Design:
HTML5 UP