SANSトレーニングロードマップ を読んで
SANSトレーニングロードマップ https://www.sans.org/mlp/level-up/
全般的な基礎スキル 各コースのトピックを洗い出した
-
新しくセキュリティに関わる方 コンピュータ、技術、セキュリティ -
コンピュータITの基礎 SEC275 Foundations: Computers, Technology & Security GFACT - https://www.sans.org/cyber-security-courses/foundations/
- 無料
- 題目
- Computer Components & Concepts
- Operating Systems, Containers, & Virtualization
- Linux
- Networking Fundamentals
- The Web: Search Engine & Servers
- Practical Programming in Python and C
- Windows Foundations
- Advanced Computer Hardware (e.g. CPU & Memory)
- Encryption
- Introduction to Basic Security Concepts
- Introduction to Forensics
- Introduction to Reconnaissance, Exploitation, and Privilege Escalation
- Introduction to Network & Computer Infiltration (e.g. Lateral Movement)
-
サイバーセキュリティの基礎 SEC301 Introduction to Cyber Security GISF - https://www.sans.org/cyber-security-courses/introduction-cyber-security/
- 無料
- 得られること
- Communicate with confidence regarding cyber security topics, terms, and concepts
- Have a fundamental grasp of any number of technical acronyms: TCP/IP, IP, TCP, UDP, DHCP, ARP, NAT, ICMP, and DNS, and the list goes on
- Understand and apply the Principle of Least Privilege
- Understand the application of Confidentiality, Integrity, and Availability (CIA) for prioritization of critical security resources
- Understand the relationship between the Graphical User Interface (GUI) and Command Line Interface (CLI) on both Windows and Linux
- Use the GUI and CLI to manipulate files and folders in both Windows and Linux
- Build better passphrases that are more secure while also being easier to remember and type – and be able to help co-workers, family, and friends do the same
- Deploy a secure password manager in your organization and at home
- Grasp basic cryptographic principles, processes, procedures, and applications
- Implement cryptography tools
- Understand the cyber security impact of the Internet of Things (IoT)
- Discuss the cyber security impact of Artificial Intelligence (AI)
- Understand how a computer works including the role of the operating system, kernel, file systems, users, groups, hard-disk-drives, and Random Access Memory (RAM)
- Convert number systems utilized by computers including decimal, binary, and hexadecimal values
- Understand computer network basics including routing, default gateways, and common protocol packet headers
- Utilize built-in Windows tools to see your network settings
- Analyze network traffic using the popular Wireshark tool
- Understand how Windows and Linux implement file and directory permissions
- Set file permissions on a Linux system
- Understand wireless technologies including Wi-Fi, Bluetooth, and mobile phones
- Secure a wireless access point using industry best practice settings
- Understand different types of malware
- Explain a variety of frequent attacks such as social engineering, drive-by downloads, watering hole attacks, living-off-the-land, lateral movement, buffer overflow, botnets, and other common attacks
- Understand the application of defensive technologies such as anti-malware firewalls, sinkholes, content filters, vulnerability scanners, penetration testing, active defense, threat hunting, and * allow-listing
- Implement a simple firewall configuration
- Differentiate between the surface web, the deep web, and the dark web.
- Understand browser security and the privacy issues associated with web browsing
- Explain system hardening
- Discuss system patching
- Understand virtual machines and cloud computing
- Understand backups and create a backup plan for your personal life that helps you guard against having to pay a ransom to access your data
-
-
要素技術 攻撃、保護、防御、運用 -
セキュリティの基礎 SEC401 Security Essentials: Network, Endpoint, and Cloud GSEC - https://www.sans.org/cyber-security-courses/security-essentials-network-endpoint-cloud/
- 無料
- 学べること
- The core areas of cybersecurity and how to create a security program that is built on a foundation of Detection, Response, and Prevention
- Practical tips and tricks that focus on addressing high-priority security problems within your organization and doing the right things that lead to security solutions that work
- How adversaries adapt tactics and techniques, and importantly how to adapt your defense accordingly
- What ransomware is and how to better defend against it
- How to leverage a defensible network architecture (VLANs, NAC, and 802.1x) based on advanced persistent threat indicators of compromise
- The Identity and Access Management (IAM) methodology, including aspects of strong authentication (Multi-Factor Authentication)
- How to leverage the strengths and differences among the top three cloud providers (Amazon, Microsoft, and Google), including the concepts of multi-cloud
- How to identify visible weaknesses of a system using various tools and, once vulnerabilities are discovered, configure the system to be more secure (realistic and practical application of a capable vulnerability management program)
- How to sniff network communication protocols to determine the content of network communication (including access credentials) using tools such as tcpdump and Wireshark
- How to use Windows, Linux, and macOS command line tools to analyze a system looking for high-risk indicators of compromise, as well as the concepts of basic scripting for the automation of continuous monitoring
- How to build a network visibility map that can be used to validate the attack surface and determine the best methodology to reduce the attack surface through hardening and configuration management
- Why some organizations win and why some lose when it comes to security, and most importantly, how to be on the winning side
-
防御するためのスキル SEC450 Blue Team Fundamentals: Security Operations and Analysis GSOC - https://www.sans.org/cyber-security-courses/blue-team-fundamentals-security-operations-analysis/
- 有料
- 題目
- Security Data Collection - How to make the most of security telemetry including endpoint, network, and cloud-based sensors
- Automation - How to identify the best opportunities for SOAR platform and other script-based automation
- Efficient Security Process - How to keep your security operations tempo on track with in-depth discussions on what a SOC or security operations team should be doing at every step from data generation to detection, triage, analysis, and incident response
- Quality Triage and Analysis - How to quickly identify and separate typical commodity attack alerts from high-risk, high-impact advanced attacks, and how to do careful, thorough, and cognitive-bias free security incident analysis
- False Positive Reduction - Detailed explanations, processes, and techniques to reduce false positives to a minimum
- SOC Tools - including hands-on exercises demonstrating:
- How to collect, organize, and use relevant threat data in a Threat Intelligence Platform (TIP)
- Principles of success for endpoint security data collection whether you use a SIEM, EDR, or XDR
- Alert Triage - How to quickly and accurately triage security incidents, using clever data correlation and enrichment techniques that will immediately surface and sort true positives from false * positives
- How to best use incident management systems to effectively analyze, document, track, and extract critical metrics from your security incidents
- Crafting automation workflows for common SOC activities, relieving analysts of boring tasks and freeing up time for better threat hunting and detection engineering
- Burnout and Turnover Reduction - Informed with both scientific research and years of personal experience, this class teaches what causes cyber security analyst burnout and how you and your team can avoid it by understanding the causes and factors that lead to burnout. This class will help you build a long-term sustainable cyber defense career so you and your team can deliver the best every day!
- Certification - The ability to add on the GIAC GSOC certification that encourages students to retain the material over the long term, and helps you objectively demonstrate you and your team’s level of skill
-
攻撃者のテクニック SEC504 Hacker Tools, Techniques, and Incident Handling GCIH - https://www.sans.org/cyber-security-courses/hacker-techniques-incident-handling/
- 有料
- Topics
- Incident Response
- Case study: Argous Corporation compromise
- Dynamic Approach to Incident Response
- Investigative analysis: Examining incident evidence
- Digital Investigations
- Techniques for digital investigation
- Establishing an incident timeline
- Investigation efficiency: Data reduction
- Live Examination
- Using PowerShell for Windows threat hunting
- Identifying suspicious Windows processes
- Correlating network and persistence activity
- Assessing file-less malware threats
- Enumerating Windows auto-start extensibility points
- Leveraging Sysinternals for live Windows examinations
- Network Investigations
- Identifying compromised host beaconing with proxy server logs
- Filtering network activity to identify indicators of compromise
- Assessing encrypted network traffic with multiple data sources
- Building the incident timeline
- Memory Investigations
- Collecting volatile memory from a compromised host
- Conducting offline analysis of attacker persistence
- Using Volatility 3 to investigate malware
- Build attacker event timelines using non-volatile memory captures
- Malware Investigations
- Assessing attacker malware in a safe test environment
- Using snapshot and continuous recording tools
- Inspecting malware actions with RegShot and Procmon
- Identifying malicious code on Windows
- Cloud Investigations
- Steps for conducting a cloud security incident investigation
- Essential cloud logging assets for incident response
- Data collection and isolation for compromise assessment
- Applying cloud recovery and remediation following an incident
- Complete cloud compromise incident response walkthrough
- Bootcamp: Linux Olympics
- Learn Linux using an interactive learning environment
- Build command line skills at your own pace
- Working with Linux file systems and permissions
- Using JQ to parse and filter JSON data
- Using file parsing tools, including grep, cut, and awk
- Linux compromise incident response walkthrough
- Bootcamp: PowerShell Olympics
- Learn PowerShell on Windows using an interactive learning environment
- Build command line skills at your own pace
- Get started with PowerShell skills: cmdlets, functions, built-ins, and more!
- Learn to quickly interrogate a Windows system for effective threat hunting
- Accelerate your common analysis tasks with PowerShell automation
- Incident Response
-
- フォレンジックの基礎
- フォレンジックの基礎 FOR308 Digital Forensics Essentials
- https://www.sans.org/cyber-security-courses/digital-forensics-essentials/
- 有料
- Topics
- Introduction to digital investigation and evidence
- Where to find digital evidence
- Digital forensics principles
- Digital forensics and incident response processes
- Digital forensics acquisition
- Digital forensics examination and analysis
- Presenting your findings
- Understanding digital forensic reports
- Challenges in digital forensics
- Building and developing digital forensics capacity
- Legality of digital evidence
- How to testify in court
-
有事の際のフォレンジック技術とデータ抽出 FOR498 Battlefield Forensics & Data Acquisition GBFA - https://www.sans.org/cyber-security-courses/digital-acquisition-rapid-triage/
- 有料
- Topics
- Advanced use of a wide range of best-of-breed, open-source tools in the SANS Windows 10 environment, as well as other external tools to perform proper data acquisition and evidence handling
- Rapid incident response collection of artifacts to quickly further the investigation without waiting for completion of a forensic image
- Remote and enterprise digital evidence collection
- Windows live artifact collection
- Memory collection
- Volume shadow copy acquisition
- Understanding advanced storage containers such as RAID and JBOD
- Examination of file systems and how they hold data
- Advanced understanding of proper evidence collection and scene management
- Identifying data storage devices and locations
- Properly identifying a vast array of interface styles and adapter usage
- Gaining access to storage media using non-destructive methods
- Accessing and collecting cloud-based storage containers, including online email such as Gmail and Outlook.com
- Instruction specific to the acquisition of Apple devices
- Methodologies for accessing and acquiring data from portable and cellular devices, as well as non-traditional devices such as GPS units and Internet of Things devices
- フォレンジックの基礎 FOR308 Digital Forensics Essentials
- クラウドセキュリティの基礎
-
クラウドセキュリティの基礎 SEC488 Cloud Security Essentials GCLD - https://www.sans.org/blog/sec488-cloud-security-course-updates/
- 無料
- Topics
- Section 1 Updates
- Moved some of the advanced account segmentation topics out of day 4 and moved here where it makes the most sense
- Added more GCP content to even out the day amongst the big three vendors.
- Shuffled some content around so it flows more logically from topic to topic
- Moved some of the “drier” material into the notes pages for more depth—this will help keep the material exciting to teach as the drier slide content was replaced with more interesting topics
- Labs are more reliable than ever before
- Section 2 Updates
- More GCP again
- Shuffled some content around so it flows better
- Added some neat security automation content that also appears in one of the labs
- Section 3 Updates
- A little more GCP content
- Renamed the CASB module to “CASBs, CWPPs, and CSPMs, Oh My!” (it now includes more types of security options
- Lab 3.4 (which was problematic before) has been replaced with a Cloud Custodian lab
- Section 4 Updates
- Quite a bit more logging discussions and examples
- Shuffled some content around so it flows better
- Section 5 Updates
- Shuffled some content around so it flows better
- Moved some of the “drier” material into the notes pages for more depth and replaced slide content with more interesting topics
- Merged Privacy and Risk Management modules into one: “Privacy and Risk Management”
- Moved lab 5.2 to 5.1
- Created a new lab 5.2 (Fun with Functions) showing how defenders can automate some of their work
- Split penetration testing module into two: “Preparing for Cloud Penetration Tests” and “Conducting Cloud Penetration Tests”
- Section 6 Updates
- CloudWars has been converted to run on the SANS ranges.io platform. Why does this matter to you? Ranges.io collects a history for each student. Therefore, over time, you can access your history of various activities you’ve participated in, which you can reference (and show off) later.
- Section 1 Updates
- クラウドセキュリティ入門 SEC388 Intro to Cloud Computing and Security
- https://www.sans.org/cyber-security-courses/introduction-cloud-computing-security/
- 有料
- Topics
- Introduction to Cloud Computing
- AWS and Azure account setup
- Cloud Service Providers
- Terminology and vocabulary
- Common cloud services
- Cloud security case study
- Cloud Interfaces
- GUI / Web Interface
- API Access
- CLI and Automation
- Cost Calculation
- Understanding costs
- Controlling costs
- Budgeting and alerting
- Compute Services
- Virtualization and Autoscaling
- Image Selection
- Identity and Authentication
- Instance Deployment
- Cloud Storage
- Availability
- Accessing Storage
- Storage Costs
- Storage integration
- Business Needs
- Uptime
- Remote Access
- Security Controls
- Threat and Vulnerability Programs
- Logging & Monitoring
- Log Sources
- Console Logging
- Portal Logging
- Monitoring and Alerting
- Introduction to Cloud Computing
-
- サイバーレンジ
- CTFとトリビア Bootup CTF
- スキルの確認と実践応用 NetWars Core
- https://www.sans.org/cyber-ranges/
- コースではない?