SEC504: Hacker Tools, Techniques, and Incident Handling


SECTION 1: Incident Response and Cyber Investigations The first section of SEC504 focuses on how to develop and build an incident response process in your organization by applying the Dynamic Approach to Incident Response (DAIR) to effectively verify, scope, contain, assess, and remediate threats. We’ll apply this process in-depth with hands-on labs and examples from real-world compromises. TOPICS: Incident Response; Digital Investigations; Live Examination; Network Investigations; Memory Investigations; Malware Investigations; Cloud Investigations.

SECTION 2: Recon, Scanning, and Enumeration Attacks In this course section we’ll look at the techniques attackers use to conduct reconnaissance as a pre-attack step, including how they use open-source intelligence, network scanning, and target enumeration attacks to find the gaps in your network security. You’ll use attacker techniques to assess the security of a target network, evaluating popular protocols and endpoints for Windows, Linux, and cloud targets. After delivering the attacks, you’ll investigate the logging data and evidence that remains to recognize these attacks as they happen. TOPICS: MITRE ATT&CK Framework Introduction; Open-Source Intelligence; DNS Interrogation; Website Reconnaissance; Network and Host Scanning with Nmap; Cloud Spotlight: Cloud Scanning; Enumerating Shadow Cloud Targets; Server Message Block (SMB) Sessions; Defense Spotlight: DeepBlueCL.

SECTION 3: Password and Access Attacks Password attacks are the most reliable mechanism for attackers to bypass defenses and gain access to your organization’s assets. In this course section we’ll investigate the complex attacks that exploit password and multi-factor authentication weaknesses using the access gained to access other network targets. TOPICS: Password Attacks; Understanding Password Hashes; Password Cracking; Defense Spotlight: Domain Password Audit Tool (DPAT); Cloud Spotlight: Insecure Storage; Multi-Purpose Netcat.

SECTION 4: Public-Facing and Drive-By Attacks In this course section we’ll begin our look at target exploitation frameworks that take advantage of weaknesses on public servers and client-side vulnerabilities. Using the implicit trust of a public website, you’ll apply attacker tools and techniques to exploit browser vulnerabilities, execute code with Microsoft Office documents, and exploit the many vulnerabilities associated with vulnerable web applications. TOPICS: Metasploit Framework; Drive-By Attacks; Defense Spotlight: System Resource Usage Monitor; Command Injection; Cross-Site Scripting (XSS); SQL Injection; Cloud Spotlight: SSRF and IMDS Attacks.

SECTION 5: Evasion and Post-Exploitation Attacks Building on password, public-facing, and drive-by attacks, we’ll look at the attacks that happen after initial exploitation. You’ll see how attackers bypass endpoint protection systems and use an initial foothold to gain access to internal network targets. You’ll then apply the techniques you learn with privileged insider Local Area Network (LAN) attacks, using privileged access to establish persistence, how attackers scan for and collect data from a compromised organization. You will apply these skills to assess the security risks of a vulnerable cloud deployment through visualization and automated assessment techniques. Finally, we’ll look at the steps to take after the course is over, turning what you’ve learned into long-term skills and helping you prepare for the certification exam. TOPICS: Endpoint Security Bypass; Pivoting and Lateral Movement; Hijacking Attacks; Covering Tracks; Establishing Persistence; Defense Spotlight: Real Intelligence Threat Analytics; Data Collection; Cloud Spotlight: Cloud PostExploitation.

SECTION 6: Capture-the-Flag Event. TOPICS: Target Discovery and Enumeration; Applying OpenSource Intelligence and Reconnaissance InformationGathering; Public-Facing Asset Compromise; Email Compromise; Attacking Windows Active Directory; Password Spray, Guessing, and Credential Stuffing Attacks; PostExploitation Pivoting and Lateral Movement; Choosing, Configuring, and Delivering Exploits; Internal Attacker Compromise Attribution.


Last Update At : 16 December 2022