CISCO Regional Academy ( Centre for Electronic Governance) - Threat Analysis 

Introduction to Understanding Incident Analysis in a Threat-Centric SOC

Classic Kill Chain Model Overview

Kill Chain Phase 1: Reconnaissance

Weaponization

Kill Chain Phase 3: Delivery

Kill Chain Phase 4: Exploitation

Kill Chain Phase 5: Installation

Kill Chain Phase 6: Command-and-Control

Kill Chain Phase 7: Actions on Objectives

Applying the Kill Chain Model

Diamond Model Overview

Applying the Diamond Model

Wrap-Up

Introduction to Understanding Incident Analysis in a Threat-Centric SOC

Classic Kill Chain Model Overview

Kill Chain Phase 1: Reconnaissance

Weaponization

Kill Chain Phase 3: Delivery

Kill Chain Phase 4: Exploitation

Kill Chain Phase 5: Installation

Kill Chain Phase 6: Command-and-Control

Kill Chain Phase 7: Actions on Objectives

Applying the Kill Chain Model

Diamond Model Overview

Applying the Diamond Model

Topic Introduction

Pyramid of Pain

Getting Started with the MITRE ATT&CK Framework

Enterprise ATT&CK Matrix Components

MITRE ATT&CK Matrices and Tactics

MITRE ATT&CK Techniques and Strategies for Detection and Mitigation

MITRE ATT&CK Navigator Web Application

Create A Threat Model Using ATT&CK Framework

Wrap-Up

Classic Kill Chain Model Overview Practice Quiz

Kill Chain Phase 1: Reconnaissance Practice Quiz

Kill Chain Phase 2: Weaponization Practice Quiz

Kill Chain Phase 3: Delivery Practice Quiz

Kill Chain Phase 4: Delivery Practice Quiz

Kill Chain Phase 5: Delivery Practice Quiz

Kill Chain Phase 6: Delivery Practice Quiz

Kill Chain Phase 7: Delivery Practice Quiz

Applying the Kill Chain Model Practice Quiz

Diamond Model Overview Practice Quiz

Applying the Diamond Model Practice Exam

MITRE ATTACKTM Framework Practice Exam

Understanding Incident Analysis in a Threat-Centric SOC Course Exam

Introduction to Identifying Common Attack Vectors

DNS Operations

Dynamic DNS

Recursive DNS Query

HTTP Operations

HTTPS Operations

SQL Operations

SMTP Operations

Web Scripting

Obfuscated JavaScript

Shellcode and Exploits

Common Metasploit Payloads

Directory Traversal

SQL Injection

Cross-Site Scripting

Punycode

DNS Tunneling

Pivoting

HTTP 302 Cushioning

Gaining Access Via Web-Based Attacks

Exploit Kits

Exploit Kits

Wrap-Up

Introduction to Identifying Common Attack Vectors

DNS Operations

DNS Mappings

DNS Ports

DNS Distributed Database

DNS Terminology

DNS RR Types

The nslookup Utility

Dynamic DNS

DDNS Operations

Dynamic DNS

Topic Introduction

Recursive DNS Query

Topic Introduction

HTTP Protocol Fundamentals

URI and URL

HTTP Request Methods

HTTP Request and Response Packets Capture Example

HTTP Status Codes

HTTP Cookies

HTTP Referer

HTTPS Operations

Topic Introduction

HTTPS Operations

Web Server Digital Certificate

Topic Introduction

HTTP/2 Operations

HTTP/2 Streams

HTTP/2 Version Identification

Other Features of HTTP/2

HTTP/2 PCAP Example

HTTP/2 Vulnerabilities

SQL Operations

Topic Introduction

SQL Commands

SMTP Operations

Topic Introduction

SMTP Terminology

SMTP Flow

SMTP Conversation

Web Scripting

Web Scripting

Web Scripting

Server-Side and Client-Side Scripting

Topic Introduction

Obfuscated JavaScript

Shellcode and Exploits

Topic Introduction

Common Metasploit Payloads

Singles

Stagers

Stages

Other Payloads

Directory Traversal

Topic Introduction

SQL Injection

Topic Introduction

Intrusion Prevention System Signatures

Cross-Site Scripting

Topic Introduction

Cross-Site Scripting

Punycode

Topic Introduction

DNS Tunneling

Topic Introduction

Pivoting

Topic Introduction

HTTP 302 Cushioning

Topic Introduction

HTTP 302 Cushioning

Gaining Access Via Web-Based Attacks

Topic Introduction

Exploit Kits

Topic Introduction

Exploit Kits

Exploit Kits

Emotet Advanced Persistent Threat

Wrap-Up

DNS Operations Practice Exam

Dynamic DNS Practice Exam

Recursive DNS Query Practice Exam

HTTP Operations Practice Exam

HTTPS Operations Practice Exam

HTTP/2 Operations Practice Exam

SQL Operations Practice Exam

SMTP Operations Practice Exam

Web Scripting Practice Exam

Obfuscated JavaScript Practice Exam

Shellcode and Exploits Practice Exam

Common Metasploit Payloads Practice Exam

Directory Traversal Practice Exam

SQL Injection Practice Exam

Cross-Site Scripting Practice Exam

Punycode Practice Exam

DNS Tunneling Practice Exam

Pivoting Practice Exam

HTTP 302 Cushioning Practice Exam

Gaining Access Via Web-Based Attacks Practice Exam

Exploit Kits Practice Exam

Emotet Advanced Persistent Threat Practice Exam

Identifying Common Attack Vectors Course Exam

Introduction to Identifying Malicious Activity

Understanding Network Design

Identifying Possible Threat Actors

Log Data Search

System Logs

Windows Event Viewer

Firewall Log

DNS Log

Web Proxy Log

Email Proxy Log

AAA Server Log

Next Generation Firewall Log

Applications Log

NetFlow

NetFlow as a Security Tool

Network Behavior Anomaly Detection

Data Loss Detection Using NetFlow Example

DNS Risk and Mitigation Tool

IPS Evasion Techniques

Gaining Access and Control

Wrap-Up

Introduction to Identifying Malicious Activity

Topic Introduction

Topic Introduction

Zero Trust Workforce Protections

Zero Trust Workload Protections

Zero Trust Workplace Protections

Zero Trust Model Security Vision

Topic Introduction

Script Kiddies

Hacktivists

Organized Crime

State-Sponsored/Nation-State Actors

Insider Threat

Topic Introduction

Modeling Network Attacks

System Logs

Log File Locations and Log Files

Configuring Syslog

Selector Syntax

Action Syntax

Windows Event Viewer

Firewall Log

DNS Log

Web Proxy Log

Email Proxy Log

AAA Server Log

Next Generation Firewall Log

Applications Log

NetFlow

NetFlow

References

NetFlow as a Security Tool

Network as a Sensor

NetFlow as Security Tool Examples

Network Behavior Anomaly Detection

Data Loss Detection Using NetFlow Example

DNS Risk and Mitigation Tool

Fast Flux and Botnets

Double IP Flux

Domain Generation Algorithm

IPS Evasion Techniques

Traffic Fragmentation

Traffic Substitution and Insertion

Encryption and Tunneling

Protocol-Level Misinterpretation

Resource Exhaustion

Timing Attacks

The Onion Router

Tor Relays

Detecting Tor Traffic

Gaining Access and Control

Nyetya Ransomware Event

Peer-to-Peer Networks

BitTorrent Application

Risks of P2P File Sharing

Botnets

Detecting Malicious Encrypted P2P Traffic

Encapsulation

DNS Tunnels

Other Tunnels

Altered Disk Image

Software Image Verification

Secure Boot

Wrap-Up

Understanding the Network Design Practice Quiz

Zero Trust Model Practice Quiz

Log Data Search Practice Quiz

Practice Quiz

System Logs Practice Quiz

Firewall Log Practice Quiz

DNS Log Practice Quiz

Web Proxy Log Practice Quiz

Email Proxy Log Practice Quiz

AAA Server Log Practice Quiz

Next Generation Firewall Log Practice Quiz

Applications Log Practice Quiz

Netflow Practice Quiz

NetFlow as a Security Tool Practice Quiz

Network Behavior Anomaly Detection Practice Quiz

Data Loss Detection Using NetFlow Example Practice Quiz

DNS Risk and Mitigation Tool Practice Quiz

IPS Evasion Techniques Practice Quiz

The Onion Router Practice Quiz

Gaining Access and Control Practice Quiz

Peer-to-Peer Networks Practice Quiz

Encapsulation Practice Quiz

Altered Disk Image

Identifying Malicious Activity

Introduction

Network Baselining

Identify Anomalies and Suspicious Behaviors

PCAP Analysis

Delivery

Wrap-Up

I

Network Baselining

Core Baseline Process

Identifying Anomalies and Suspicious Behaviors

PCAP Analysis

Delivery

Wrap-Up

Network Baselining Practice Quiz

Identifying Anomalies and Suspicious Behaviors Practice Quiz

PCAP Analysis Practice Quiz

Delivery Practice Quiz

Identifying Patterns of Suspicious Behavior Course Exam