There is a discriminating shortage of cyber security experts in public and private sectors. Recently department of labor stated that there is zero percent unemployment in information security jobs and a study by Cisco systems reported that those jobs are highest paid jobs

A report says that “There is a deficit of a million information security workers and there is a supply and demand issue, more over this gap will increase in the next 5 years.”

There is a requirement of a decently prepared cyber security workforce. It can only be the best defense against ever present and increasing cyber threats. Our expert level cyber security training portfolio covers the skills you have to get from foundational to master levels. Beginning with cyber security awareness, we focus on building required skills through our very own advance ethical hacking curriculum.




Over the past year, we have all experienced the onslaught of headlines about major hacks and widespread new information security threats. It has been dark reading, indeed, for the hundreds of millions of consumers who have seen their credit card numbers, email addresses, and other personal information exposed by online intruders. Globally, cybercrime costs exceed $445 billion each year, with the United States accounting for nearly one-quarter of that price tag, the Center for Strategic and International Studies reported in June. How did we get here, and what does it mean for the future? Researchers in the Florida Tech University online Master of Science in Information Technology/Cyber Security program recently pulled together data on industry trends and predictions to create a graphical portrait of where the industry is -- and where it needs to be.


Cyber Security Need


Training

Course Fees Duration
Topics
  • Ethics and Legality
  • Footprinting
  • Scanning
  • Enumeration
  • System Hacking
  • Trojans and Backdoors
  • Sniffers
  • Denial of Service
  • Social Engineering
  • Session Hijacking
  • Hacking Web Servers
  • Web Application Vulnerabilities
  • Web Based Password Cracking Techniques
  • SQL Injection
  • Hacking Wireless Networks
  • Virus and Worms
  • Physical Security
  • Linux Hacking
  • Evading Firewalls, IDS and Honeypots
  • Buffer Overflows
  • Cryptography
  • Penetration Testing
Course Duration : 5 days / 40 hrs
Course Fees : Rs 25,000 (Twenty Five Thousand Rupees)
Course fees to be paid before 5th May 2015
Only limited seats with first come first serve basis
Course start date : You will be informed by eMail / contact number provided
Training Location : Hyderabad
Rs 25,000 1 week

Training + Job on Selection



The main difference when security testing is of mindset when compared with functional testing . When functional testing, you are trying to prove that a feature works for an end-user – it does what they expect, and does not hinder them from completing their tasks. You would probably prioritise accordingly – focus on features that are used more often, used by more users, are considered the most important, etc. As a security tester / ethical hacker, your ‘end-user’ is now an attacker trying to break your application. The goal of your testing is to prove that a specific attack scenario does not succeed, for any attack scenario. A significant difficulty here is that, proving a feature works is much easier than proving that a specific feature cannot be hacked by any method.

This requires a special mindset and skill, and only few can do ethical hacking effectively. To identify those who have this ability we have developed a 1 week course in which you will be trained in 22 topics of CEHv8 certification. After one week training you will be eligible to apply for CEH certification or if selected in our interview process will be absorbed in Ameccaz.

  • One week of exclusive training on CEH v8 certification.
  • 4 hours of class room and 4 hours of practical sessions every day.
  • After completion of one week training an interview will be conducted .
  • Shortlisted candidate will be absorbed into the Ameccaz as a Security Consultant
  • All the selected candidates will be trained on advanced ethical hacking syllabus for 6 months .
  • Stipend will be paid to the candidates during the training period.
  • Job location will be in Hyderabad-Telangana
If you have any queries send a mail to jobs@ameccaz.com with subject “ QUERY ON TRAINING” with all your queries.
If you are interested to join training send a mail to jobs@ameccaz.com with subject “ INTERESTED TO JOIN” with updated resume & mobile number. We will contact you for further discussions.
All your communications in this regard should be through email ONLY.

Advanced Ethical Hacking Syllabus (on the job training)

Topics
  • Hello, World!
  • Variables and Types
  • Lists
  • Basic Operators
  • String Formatting
  • Basic String Operations
  • Conditions
  • Loops
  • Functions
  • Classes and Objects
  • Dictionaries
  • Modules and Packages
Topics
  • Generators
  • List Comprehensions
  • Multiple Function Arguments
  • Regular Expressions
  • Exception Handling
  • Sets
  • Serialization
  • Partial functions
  • Code Introspection
  • Decorator
Preparation
  • Building an incident response kit
  • Identifying your core incident response team
  • Instrumentation of the site and system
Identification
  • Signs of an incident
  • First steps
  • Chain of custody
  • Detecting and reacting to Insider Threats
Containment
  • Documentation strategies: video and audio
  • Containment and quarantine
  • Pull the network cable, switch and site
  • Identifying and isolating the trust model
Eradication
  • Evaluating whether a backup is compromised
  • Total rebuild of the Operating System
  • Moving to a new architecture
Recovery
  • Who makes the determination to return to production?
  • Monitoring to system
  • Expect an increase in attacks
Special Actions for Responding to Different Types of Incidents
  • Espionage
  • Inappropriate use
Incident Record-keeping
  • Pre-built forms
  • Legal acceptability
Incident Follow-up
  • Lessons learned meeting
  • Changes in process for the future
Reconnaissance
  • What does your network reveal?
  • Are you leaking too much information?
  • Using Whois lookups, ARIN, RIPE and APNIC
  • Domain Name System harvesting
  • Data gathering from fob postings, websites, and government databases
  • Recon-ng
  • Pushpin
  • Identifying publicly compromised accounts
  • Maltego
  • FOCA for metadata analysis
Scanning
  • Locating and attacking unsecure wireless LANs
  • War dialing with War-VOX for renegade modems and unsecure phones
  • Port scanning: Traditional, stealth, and blind scanning
  • Active and passive Operating System fingerprinting
  • Determining firewall filtering rules
  • Vulnerability scanning using Nessus and other tools
  • CGI scanning with Nikto
Intrusion Detection System (IDS) Evasion
  • Foiling IDS at the network level: Fragmentation and other tricks
  • Foiling IDS at the application level: Exploiting the rich syntax of computer languages
  • Using Fragroute and Web Attack IDS evasion tactics
  • Bypassing IDS/IPS with TCP obfuscation techniques
Network-Level Attacks
  • Session hijacking: From Telnet to SSL and SSH
  • Monkey-in-the-middle attacks
  • Passive sniffing
Gathering and Parsing Packets
  • Active sniffing: ARP cache poisoning and DNS injection
  • DNS cache poisoning: Redirecting traffic on the Internet
  • Using and abusing Netcat, including backdoors and nasty relays
  • IP address spoofing variations
Operating System and Application-level Attacks
  • Buffer overflows in-depth
  • The Metasploit exploitation framework
  • Format string attacks
Netcat: The Attacker's Best Friend
  • Transferring files, creating backdoors, and shoveling shell
  • Netcat relays to obscure the source of an attack
  • Replay attacks
Password Cracking
  • Analysis of worm trends
  • Password cracking with John the Ripper
  • Rainbow Tables
  • Password spraying
Web Application Attacks
  • Account harvesting
  • SQL Injection: Manipulating back-end databases
  • Session Cloning: Grabbing other users' web sessions
  • Cross-Site Scripting
Denial-of-Service Attacks
  • Distributed Denial of Service: Pulsing zombies and reflected attacks
  • Local Denial of Service
Maintaining Access
  • Backdoors: Using Poison Ivy, VNC, Ghost RAT, and other popular beasts
  • Trojan horse backdoors: A nasty combo
  • Rootkits: Substituting binary executables with nasty variations
  • Kernel-level Rootkits: Attacking the heart of the Operating System (Rooty, Avatar, and Alureon)

Covering the Tracks

  • File and directory camouflage and hiding
  • Log file editing on Windows and Unix
  • Accounting entry editing: UTMP, WTMP, shell histories, etc.
  • Covert channels over HTTP, ICMP, TCP, and other protocols
  • Sniffing backdoors and how they can really mess up your investigations unless you are aware of them
  • Steganography: Hiding data in images, music, binaries, or any other file type
  • Memory analysis of an attack

Putting It All Together

  • Specific scenarios showing how attackers use a variety of tools together
  • Analyzing scenarios based on real-world attacks
  • Learning from the mistakes of other organizations
  • Where to go for the latest attack info and trends
Hands-on Analysis
  • Nmap port scanner
  • Nessus vulnerability scanner
  • Network mapping
  • Netcat: File transfer, backdoors, and relays
  • More Metasploit
  • Exploitation using built in OS commands
  • Privilege escalation
  • Advanced pivoting techniques
Topics
  • The Mindset of the Professional Pen Tester
  • Building a World-Class Pen Test Infrastructure
  • Creating Effective Pen Test Scopes and Rules of Engagement
  • Detailed Recon Using the Latest Tools
  • Effective Pen Test Reporting to Maximize Impact
  • Mining Search Engine Results
  • Document Metadata Extraction and Analysis
Topics
  • Tips for Awesome Scanning
  • Tcpdump for the Pen Tester
  • Nmap In-Depth: The Nmap Scripting Engine
  • Version Scanning with Nmap and Amap
  • Vulnerability Scanning with Nessus and Retina
  • False-Positive Reduction
  • Packet Manipulation with Scapy
  • Enumerating Users
  • Netcat for the Pen Tester
  • Monitoring Services during a Scan
Topics
  • Comprehensive Metasploit Coverage with Exploits/Stagers/Stages
  • In-Depth Meterpreter Hands-On Labs
  • Implementing Port Forwarding Relays for Merciless Pivots
  • Bypassing the Shell vs. Terminal Dilemma
  • Installing VNC/RDP/SSH with Only Shell Access
  • Windows Command Line Kung Fu for Penetration Testers
Topics
  • Password Attack Tips
  • Account Lockout and Strategies for Avoiding It
  • Automated Password Guessing with THC-Hydra
  • Retrieving and Manipulating Hashes from Windows, Linux, and Other Systems
  • Massive Pivoting through Target Environments
  • Extracting Hashes and Passwords from Memory with Mimikatz
  • Password Cracking with John the Ripper and Cain
  • Using Rainbow Tables to Maximum Effectiveness
  • Pass-the-Hash Attacks with Metasploit and More
Topics
  • Wireless Attacks
  • Discovering Access
  • Attacking Wireless Crypto Flaws
  • Client-Side Wireless Attacks
  • Finding and Exploiting Cross-Site Scripting
  • Cross-Site Request Forgery
  • SQL Injection
  • Leveraging SQL Injection to Perform Command Injection
  • Maximizing Effectiveness of Command Injection Testing
Topics
  • Applying Penetration Testing and Ethical Hacking Practices End-to-End
  • Scanning
  • Exploitation
  • Post-Exploitation
  • Pivoting and Analyzing Results
Topics
  • Windows Operating System Components
    • Key Differences in Windows Versions
    • Windows 8.1 and Beyond
    • Microsoft Server Variations
  • Core Forensic Principles
    • Analysis Focus
    • Key Questions
    • Determining Your Scope
  • Live Response and Triage-Based Acquisition Techniques
    • RAM Acquisition
    • Registry Extraction
    • Creating Custom Content Images
    • Triage-Based Forensics - Fast Forensic Acquisition - Key Files
    • Following the Order of Volatility
    • Triage via Custom Content Extraction
  • Acquisition Review with Write Blocker
  • Advanced Acquisition Challenges
    • Detecting Encrypted Drives
    • SSD vs. Standard Platter-Based Hard Drives
    • SSD Acquisition Concerns
  • Windows Image Mounting and Examination
  • NTFS File System Overview
  • Document and File Metadata
  • File Carving
    • Principles of data carving
    • Loss of file system metadata
    • File carving tools
  • Custom carving signatures
  • Memory, Pagefile, and Unallocated Space Analysis
    • Artifact Recovery and Examination
    • Facebook Live, MSN Messenger, Yahoo, AIM, GoogleTalk Chat
    • IE8/IE9 InPrivate/Recovery URLs
    • Yahoo, Hotmail, G-Mail, Webmail, E-Mail
Topics
  • Registry Forensics In-Depth
    • Registry Basics
      • Hives, Keys, and Values
      • Registry Last Write Time
      • MRU Lists
    • Profile Users and Groups
      • Discover Usernames and the SID Mapped to Them
      • Last Login
      • Last Failed Login
      • Logon Count
      • Password Policy
    • Core System Information
      • Identify Current Control Set
      • System Name and Version
      • Timezone
      • Local IP Address Information
      • Wireless/Wired/3G Networks
      • Geo-location Using Wireless Networks
      • Network Shares and Offline Caching
      • Last Shutdown Time
    • User Forensic Data
      • Evidence of Program Execution
      • Evidence of File Downloads
      • Evidence of File and Folder Access (Shellbags)
      • XP, Win7, Win8/8.1 Search History
      • Typed Paths and Directories
      • Recent Documents (RecentDocs)
      • Open-> Save/Run Dialog Boxes Evidence
      • Application Execution History (UserAssist)
    • Tools Utilized
      • Regripper and Regripper Plug-ins
      • Access Data's Registry Viewer
      • TZWork's CAFAE and YARU (Yet Another Registry Utility)
Topics
  • Shell Item Forensics
    • Link/Shortcut Files (.lnk) - Evidence of File Opening
    • Win7/Win8 Jump Lists - Evidence of File Opening and Program Execution
    • ShellBag Analysis - Evidence of Folder Opening
  • USB and Bring Your Own Device (BYOD) Forensic Examinations
    • Vendor/Make/Version
    • Unique Serial Number
    • Last Drive Letter
    • MountPoints2 - Last Drive Mapping Per User
    • Volume Name and Serial Number
    • Username that Used the USB Device
    • Time of First USB Device Connection
    • Time of Last USB Device Connection
    • Time of Last USB Device Removal
    • BYOD Device Forensics
    • Bitlocker-To-Go Encrypted USB Devices
  • Key Word Searching and Forensics Suites (AccessData's FTK, Guidance Software's EnCase)
Topics
  • E-mail Forensics
    • Evidence of User Communication
    • How E-Mail Works
    • Determining Sender's Geographic Locations
    • Examination of E-Mail
    • Types of E-Mail Formats
      • Microsoft Outlook
      • Web-Based Mail
      • Microsoft Exchange and Office 365
      • Lotus Notes
      • Exchange Dumpster Forensics
      • Recovering Deleted E-Mails
    • Web and Cloud Based Email
    • E-Mail Searching and Examination
  • Forensicating Additional Windows OS Artifacts
    • Windows search index forensics
    • Extensible Storage Engine (ESE) database recovery and repair
    • XP Thumbs.db and Vista/Win7/Win8 Thumbscache Files
    • Windows Prefetch Analysis (XP/Vista/Win7/Win8/Win8.1)
    • Windows Recycle Bin Analysis (XP/Vista/Win7/Win8)
  • Windows Event Log Analysis
    • Which Windows Events Matter to a Digital Forensic Investigator
    • EVTX and EVT Log Files
      • Track account usage including RDP, brute force password attacks, and rogue local account usage
      • Audit and analyze file and folder access
      • Track application installations
      • Find evidence of malware execution
      • Identify suspicious services
      • Prove system time manipulation
      • Track bring your own device (BYOD) and external devices
      • Geo-locate a device via event logs
Topics
  • Browser Forensics
    • History
    • Cache
    • Searches
    • Downloads
    • Understanding Browser Timestamps
    • Internet Explorer
      • IE Key Forensic File Locations
      • History files: Index.dat and WebCache.dat
      • Cache Index.dat Timestamps
      • Win8 Metro UI Applications
      • Download History
      • InPrivate Browsing Artifact Recovery
      • Internet Explorer Tab Recovery Folder Analysis
      • Browser, Tab, History Synchronization
    • Firefox
      • Firefox Artifact Locations
      • Mork Format and SQLite Files
      • Download History
      • Cache Examinations
      • Typed URLs
      • Form History
      • Private Browsing Mode
      • Session Recovery
      • Firefox Extensions
    • Chrome
      • Chrome File Locations
      • History Information and Page Transition Types
      • Chrome Timestamps
      • Cache Examinations
      • Download History
    • Examination of Browser Artifacts
      • Super Cookies
      • Flash Cookie Files
      • DOM and Web Storage Objects
      • Google Analytics Cookies
    • Tools Used
      • Nirsoft Tools
      • Woanware ChromeForensics
      • SQLite Manager
      • ESEDatabaseView
      • Hindsight
Topics
  • Digital Forensic Case
    • Analysis
      • Following evidence analysis methods discussed throughout the week, find critical evidence.
      • Examine registry, e-mail, recovered files, and more.
    • Reporting
      • Focus and submit the top three pieces of evidence discovered and discuss what they prove factually.
      • Document one of the submitted pieces of evidence for potential examination during the mock trial.
  • Presentation
    • Each team will be asked to prepare an:
      • Executive Summary
      • Short Presentation
      • Conclusion
    • The team voted to have the best argument and presentation proving their case will win the challenge.
Topics
  • Overview of the web from a penetration tester's perspective
  • Exploring the various servers and clients
  • Discussion of the various web architectures
  • Discovering how session state works
  • Discussion of the different types of vulnerabilities
  • Defining a web application test scope and process
  • Defining types of penetration testing
Topics
  • Discovering the infrastructure within the application
  • Identifying the machines and operating systems
  • Secure Sockets Layer (SSL) configurations and weaknesses
  • Exploring virtual hosting and its impact on testing
  • Learning methods to identify load balancers
  • Software configuration discovery
  • Exploring external information sources
  • Google hacking
  • Learning tools to spider a website
  • Scripting to automate web requests and spidering
  • Application flow charting
  • Relationship analysis within an application
  • JavaScript for the attacker
Topics
  • Vulnerability discovery overview
  • Creating custom scripts for penetration testing
  • Python for penetration testing
  • Web app vulnerabilities and manual verification techniques
  • Interception proxies
  • Fiddler
  • Zed Attack Proxy (ZAP)
  • Burp Suite
  • Information leakage and directory browsing
  • Username harvesting
  • Command Injection
  • Directory traversal
  • SQL injection
  • Blind SQL injection
Topics
  • Cross-Site Scripting (XSS)
  • Cross-Site Scripting discovery
  • Cross-Site Request Forgery (CSRF)
  • Session flaws
  • Session fixation
  • AJAX
  • Logic attacks
  • API attacks
  • Data binding attacks
  • patproxy
  • Automated web application scanners
  • skipfish
  • w3af
Topics
  • Exploring methods to zombify browsers
  • Discussing using zombies to port scan or attack internal networks
  • Exploring attack frameworks
  • Browser Exploitation Framework (BeEF)
  • Walking through an entire attack scenario
  • Exploiting the various vulnerabilities discovered
  • Leveraging attacks to gain access to the system
  • How to pivot our attacks through a web application
  • Understanding methods of interacting with a server through SQL injection
  • Exploiting applications to steal cookies
  • Executing commands through web application vulnerabilities
Topics
Concepts of TCP/IP
  • TCP/IP communications model
  • Data encapsulation/de-encapsulation
  • Discussion of bits, bytes, binary, and hex

Introduction to Wireshark

  • Navigating around Wireshark
  • Examination of Wireshark statistics
  • Stream reassembly
  • Finding content in packets

Network Access/Link Layer: Layer 2

  • Introduction to 802.x link layer
  • Address resolution protocol
  • ARP spoofing

IP Layer: Layer 3

  • IPv4
    • Examination of fields in theory and practice
    • Checksums and their importance, especially for an IDS/IPS
    • Fragmentation: IP header fields involved in fragmentation, composition of the fragments, fragmentation attacks
  • IPv6
    • Comparison with IPv4
    • IPv6 addresses
    • Neighbor discovery protocol
    • Extension headers
    • IPv6 in transition
Topics
Wireshark Display Filters
  • Examination of some of the many ways that Wireshark facilitates creating display filters
  • Composition of display filters

Writing tcpdump Filters

  • Format of tcpdump filters
  • Use of bit masking

TCP

  • Examination of fields in theory and practice
  • Packet dissection
  • Checksums
  • Normal and abnormal TCP stimulus and response
  • Importance of TCP reassembly for IDS/IPS

UDP

  • Examination of fields in theory and practice
  • UDP stimulus and response

ICMP

  • Examination of fields in theory and practice
  • When ICMP messages should not be sent
  • Use in mapping and reconnaissance
  • Normal ICMP
  • Malicious ICMP
Topics
Advanced Wireshark
  • Exporting web objects
  • Extracting SMTP attachment content
  • Sample Wireshark investigation of an incident
  • Tshark

Detection Methods for Application Protocols

  • Pattern matching, protocol decode, and anomaly detection
  • Detection challenges

Microsoft Protocols

  • SMB/CIFS
  • MSRPC
  • Detection challenges

HTTP

  • Protocol format
  • Sample of attacks
  • Detection challenges

SMTP

  • Protocol format
  • Sample of attacks
  • Detection challenges

DNS

  • Its vital role in the Internet
  • The resolution process
  • Caching
  • DNSSEC
  • Malicious DNS, including Cache poisoning

IDS/IPS Evasion Theory

  • Theory and implications of evasions at different protocol layers
  • Sampling of evasions
  • Necessity for target-based detection

Real-World Traffic Analysis

  • Client attacks
  • DDoS attacks
  • Four-way handshake
  • TCP reset attack
  • Malformed DNS DoS
Topics
Operational Lifecycle of Open-Source IDS
  • Planning, installation, configuration, running, customization, auditing, refinement, and updating

Introduction

  • Function of an IDS
  • The analyst's role in detection
  • Flow process for Snort and Bro
  • Similarities and differences between Snort and Bro

Snort

  • Introduction to Snort
  • Planning, including deployment scenarios
  • Running
    • Modes of operation: sniffer, packet logger, NIDS
    • Plug-ins
  • Customization
    • Writing Snort rules
  • Refining
    • Solutions for dealing with false negatives and positives
    • Writing a rule for a vulnerability
    • Tips for writing efficient rules

Bro

  • Introduction to Bro
  • Planning
    • Operational modes
      • Standalone on a single host
      • Cluster on multiple hosts/cores
  • Running
    • BroControl to manage Bro
    • Running in standalone mode
    • Running in cluster mode
  • Customization
    • Understanding and deploying Bro's policy neutral features
      • Bro scripting
      • Signatures

Comparing Snort and Bro to Analyze Same Traffic

  • Examination of output from each - Snort alerts and Bro logs
  • Tips for performing Bro log correlation
  • Customizing Bro to add a new signature and raise a notice about malicious traffic
Topics
Analyst Toolkit
  • Ngrep, tcpflow, p0f, Chaosreader, tcpreplay

SiLK

  • Introduction of concept of network flow
  • Understand the uses for flow

Packet Crafting

  • Using Scapy to craft,read/write from to pcaps, alter, and send packets

Network Forensics

  • Learn what it is
  • Become aware of indicators of network issues
  • Learn to investigate incidents using some sample traffic of:
    • Exploited host
    • Phishing attack

Network Architecture for Monitoring

  • Become familiar with hardware used with and for monitoring

Correlation of Indicators

  • Examination of log files
  • OSSEC
  • Understand different methods of correlation
Topics
  • Assembling a toolkit for effective malware analysis
  • Examining static properties of suspicious programs
  • Performing behavioral analysis of malicious Windows executables
  • Performing static and dynamic code analysis of malicious Windows executables
  • Contributing insights to the organization's larger incident response effort
Topics
  • Core concepts for analyzing malware at the code level
  • x86 Intel assembly language primer for malware analysts
  • Identifying key x86 assembly logic structures with a disassembler
  • Patterns of common malware characteristics at the Windows API level (DLL injection, function hooking, keylogging, communicating over HTTP, etc.)
Topics
  • Recognizing packed malware
  • Automated malware unpacking tools and approaches
  • Manual unpacking of malware using OllyDbg, process dumping tools and imports-rebuilding utilities
  • Intercepting network connections in the malware lab
  • Interacting with malicious websites to examine their nature
  • Deobfuscating browser scripts using debuggers and runtime interpreters
  • JavaScript analysis complications
Topics
  • Bypassing anti-analysis defenses
  • Recovering concealed malicious code and data
  • Unpacking more sophisticated packers to locate the Original Entry Point
  • Identifying and disabling methods employed by malware to detect analysts' tools
  • Analyzing shellcode to assist with the examination of malicious documents and other artifacts
Topics
  • Analyzing malicious Microsoft Office (Word, Excel, PowerPoint) documents
  • Analyzing malicious Adobe PDF documents
  • Analyzing memory to assess malware characteristics and reconstruct infection artifacts
  • Using memory forensics to analyze rootkit infections
Topics
  • Behavioral malware analysis
  • Dynamic malware analysis (using a debugger)
  • Static malware analysis (using a disassembler)
  • JavaScript deobfuscation
  • PDF document analysis
  • Office document analysis
  • Memory analysis
Topics

Real Incident Response Tactics

  • Preparation: Key tools, techniques, and procedures an incident response team needs to properly respond to intrusions
  • Identification: Proper scoping of an incident and detecting all compromised systems in the enterprise
  • Containment: Identification of exactly how the breach occurred and what was stolen
  • Eradication: Determining the key steps that must be taken to help stop the current incident
  • Recovery: Recording of the threat intelligence to be used in the event of a similar adversary returning to the enterprise
  • Lessons Learned

Threat and Adversary Intelligence

  • Importance of Cyber Threat Intelligence
  • Understanding the "Kill Chain"
  • Threat Intelligence Creation and Use During Incident Response
  • Incident Response Team Life-Cycle Overview
  • Incident and Malware Detection - All Activity across a Specific System
  • Enterprise Incident Response/Forensics - Specific Activity across All Systems

Remote and Enterprise Incident Response

  • Remote System Access in the Enterprise
  • Remote System Host-Based Analysis
  • Scalable Host-Based Analysis (one analyst examining 1,000 systems)
  • Remote Memory Analysis

Windows Live Incident Response

  • Live Incident Response Kit and Tools
  • Volatile Data Collection
  • Comparison of Key Data Collected via Live Collection, Static Drive, and Memory Analysis Techniques
  • Auto-Start Malware Persistence Checks
  • Trusted Windows Command Shells
  • Finding Evil: Automating Collection across the Enterprise
  • Remote Command Shell Usage - PsExec
  • Incident Response Using Powershell
  • Live Response Key Tools

Topics
Memory Acquisition
  • Acquisition of System Memory from both Windows 32/64 Bit Systems
  • Hibernation and Pagefile Memory Extraction and Conversion
  • Virtual Machine Memory Acquisition

Memory Forensics Analysis Process

  • Identify Rogue Processes
  • Analyze Process DLLs and Handles
  • Review Network Artifacts
  • Look for Evidence of Code Injection
  • Check for Signs of a Rootkit
  • Acquire Suspicious Processes and Drivers

Memory Forensics Examinations

  • Live Memory Forensics
  • Memory Analysis Techniques with Redline
  • Advanced Memory Analysis with Volatility
  • Code Injection, Malware, and Rootkit Hunting in Memory
  • Perform In-memory Windows Registry Examinations
  • Extract Typed Adversary Command Lines
  • Investigate Windows Services
  • Find and Dump Cached Files from RAM
  • Dumping Hashes and Credentials from Memory

Memory Analysis Tools

  • Rekall
  • Volatility
  • Redline
  • MoonSols Windows Memory Toolkit
Topics
Timeline Analysis Overview
  • Timeline Benefits
  • Prerequisite Knowledge
  • Finding the Pivot Point
  • Timeline Context Clues
  • Timeline Analysis Process

Memory Analysis Timeline Creation

  • Memory Timelining

Filesystem Timeline Creation and Analysis

  • MACB Meaning by Filesystem (NTFS vs. FAT)
  • Windows Time Rules (File Copy vs. File Move)
  • Filesystem Timeline Creation Using Sleuthkit and fls
  • Bodyfile Analysis and Filtering Using the mactime Tool

Super Timeline Creation and Analysis

  • Super Timeline Artifact Rules
  • Program Execution, File Knowledge, File Opening, File Deletion
  • Timeline Creation with log2timeline
  • log2timeline Input Modules
  • log2timeline Output Modules
  • Filtering the Super Timeline Using l2t_process
  • Targeted Super Timeline Creation
  • Automated Super Timeline Creation
  • Super Timeline Analysis
Topics
Advanced "Evidence of Execution" Artifacts
  • RecentFileCache.bcf /Amcache.hve
  • Application Compatibility Cache (ShimCache)

Windows 7/8 Server 2008/2012 Shadow Volume Copy Analysis

  • Volume Shadow Copy Data Analysis
  • Acquiring Shadow Copy Volume Images
  • Raw and Live Shadow Copy Examination Using the SIFT Workstation
  • Creating and Analyzing Shadow Volume Timelines

Deep Dive Malware and Anti-Forensic Detection

  • Sleuthkit Toolset
  • File-Based Data Carving
    • Carving Key Files from a Compromised System (Malware, .rar Files, Prefetch Files, and Shortcut Files)
  • NTFS Filesystem Analysis
    • Master File Table (MFT) In Depth
    • NTFS System Files
    • NTFS Metadata Attributes ($Standard_Information, $Filename, $Data)
    • Rules of Windows Timestamps for $StdInfo and $Filename
    • NTFS Timestamps
    • Resident vs. Nonresident Files
    • Alternate Data Streams
    • Directory Listings and the $I30 file
    • Transaction Logging and the $Logfile and $UsnJrnl
    • What Happens When Data is Deleted from a NTFS Filesystem?

Anti-Forensic Detection Methodologies

  • MFT Anomalies
  • Timeline Anomalies
  • Deleted File
  • Deleted Registry Keys
  • File Wiping
  • Clearing Browsing History
  • Privacy Cleaner
  • Adjusting Timestamps
Topics
Adversary and Malware Hunting
  • Rapid Data Triage Analysis
  • Cyber Threat Intelligence & Indicators of Compromise (IOC) Searching
  • Evidence of Persistence
  • Supertimeline Examination
  • Packing/Entropy/Executable Anonmaly/Density Checks
  • System Logs
  • Memory Analysis
  • Malware Identification

Methodology to Analyze and Solve Challenging Cases

  • Malware/Intrusion
  • Spear Phishing Attacks
  • Web Application Attacks/SQL Injection
  • Advanced Persistent Threat Actors
  • Detecting Data Exfiltration
Topics
  • The Intrusion Forensic Challenge will have each incident response team analyzing multiple systems in an enterprise network.
  • Each incident response team will be asked to answer the following key questions during the challenge just as they would during a real-breach in their organizations:

IDENTIFICATION AND SCOPING:

1. How and when did the APT group breach our network?

2. List all compromised systems by IP address and specific evidence of compromise.

3. When and how did the attackers first laterally move to each system?

CONTAINMENT AND SECURITY INTELLIGENCE GATHERING:

4. How and when did the attackers obtain domain administrator credentials?

5. Once on other systems, what did the attackers look for on each system?

6. Find extracted email from executive accounts and perform damage assessment.

7. Determine what was stolen: Recover any .rar files or other archives exfiltrated, find encoding passwords, and extract the contents to verify extracted data.

8. Collect and list all malware used in the attack.

9. Develop and present security intelligence or an indicator of compromise (IOC) for the APT-group "beacon" malware for both host- and network-based enterprise scoping. What specific indicators exist for the use of this malware?

REMEDIATION AND RECOVERY

10. Do we need to change the passwords for every user in domain or just the ones affected by the systems compromised?

11. Based on the attacker techniques and tools discovered during incident, what are the recommended steps to remediate and recover from this incident?

a. What systems need to be rebuilt?

b. What IP addresses need to be blocked?

c. What countermeasures should we deploy to slow or stop these attackers if they come back?

d. What recommendations would you make in order to detect these intruders in our network again?

Topics
Threat Vectors
  • What makes a system vulnerable
  • Why even your security devices are at risk
  • How to minimize the impact of a compromise
  • How to defend against APTs
  • Understanding the APT life cycle
  • Why the perimeter is still your most effective point of security
  • Why anti-virus is a dead-end technology and where to go from here
  • Why vendors may give you poor security advice
  • When it is acceptable to assume additional risk

OSI Layer 2

  • ARP - how it works and why it is a problem
  • How do attackers hijack communication sessions?
  • The six different methods of connection hijacking through a switch and how to fix them

OSI Layer 3

  • Offset and measurement, the foundation of most security technology
  • IP header layout
  • Important IP header fields
  • Record route attacks
  • Strict and loose source routing attacks - which firewalls are vulnerable?
  • How to detect a source route attack
  • Fragmentation and how it works
  • What does a normal fragmentation session look like
  • What malicious fragmentation looks like and how to detect it

OSI Layers 4 and 5

  • UDP header format and which fields are important
  • Why UDP scans are inaccurate and how to fool them
  • TCP header format and which fields are important
  • Normal and abnormal TCP patterns
  • TCP flags and how they work
  • TCP sequence numbers and how they work
  • TCP port scans and how to fool them
  • ICMP header format and which fields are important
  • Common ICMP type/codes
  • Traffic control issues with ICMP
  • Using ICMP as a covert communication channel

Packet Decoding

  • How does a packet sniffer work?
  • Reading Libpcap decodes
  • Windump/tcpdump
  • Creating display filters
  • Reading/saving capture files
  • Bit masking and how to leverage it
  • Caveats when sniffing from a Windows system
Topics
IPv6
  • What is involved with migrating from IPv4
  • Transition issues
  • IPv6 header format and important fields
  • IPv6 addressing
  • IPv6 extension headers
  • ICMPv6
  • IPv6 security issues
  • Tunnel brokers

Static and Stateful Packet Filtering

  • How static filters work
  • Problems with complex protocols
  • When SI firewalls and NIPS fall back to static filtering
  • When is static filtering the best option?
  • How stateful filters work
  • Problems with the state table and how to fix them

Stateful Inspection and NAT

  • How stateful inspection works
  • Why stateful inspection fails when implemented for application security
  • Creating a "trusted host" at the egress of your perimeter
  • What options are available for NAT?
  • When NAT will help strengthen your security posture

Netfilter and Building a Rule Base

  • Assessing your needs
  • Large scale management issues
  • Best practices
  • Common implementation mistakes
  • Rulebase optimization
  • Assessing risk

Network Based Intrusion Detection and Prevention

  • When NIDS is a better choice than NIPS
  • Anomaly detection
  • NIDS and NIPS, technology under the hood
  • NIPS vs. SI firewall - is there really any difference besides price?
  • Must-have features for NIDS and NIPS
  • How to verify detects
  • Dealing with false positives and tuning them out
  • Network placement of NIDS and NIPS devices
  • Creating custom rules

NIDS Hands-on

  • NIPS vs. NIDS operation
  • Configuring variables
  • Pre-processor options
  • Post-processor options
  • How to write snort rules
  • Alerts and log entries
  • Processing the decodes
  • Running Snort
Topics
Cisco Routers
  • Strengths and limitations of filtering with your border router
  • Best practices for creating filters
  • Things the router can catch which the firewall cannot
  • Locking down the router
  • Commands to lock down IOS
  • Common mistakes
  • How to sniff traffic with a Cisco router

Network Access Control

  • NAC and how it works
  • Standards and acronyms
  • Adaptive network security

Packet Crafting

  • How Packet Crafting tools work
  • Packets that can be used to test perimeter security systems
  • Packets that can be crafted to find holes in firewalls

Perimeter Assessment

  • Options and potential approaches
  • Picking the right tools
  • Sample scripts for policy verification
  • Deep testing for new firewall products
  • What to do when something is "broken"

Virtual Firewalls and Proxies

  • Understanding Virtual Firewalls
  • Difference between fast path and slow path deployment
  • When virtualization is a bad idea
  • How a proxy works
  • Problems with proxies

Beyond Stateful

  • Breaking away from traditional port based defenses
  • How Next Generation firewalls work
  • How Next Generation firewalls make decisions
  • How Unified Threat Management works
  • When Unified Threat Management (UTM) is a bad idea
  • How Deep Packet Inspection works
  • Next Generation Firewall Deployment Scenarios
Topics
Locking Down Hosts
  • Securing DNS
  • Running split and split-split DNS
  • The problems with recursion and how to avoid them
  • How to avoid becoming a spam relay
  • Tools to test your DNS and SMTP setup
  • The importance of scrubbing banners

Locking Down Web Applications

  • Identifying application risks
  • CSRF attacks
  • Logical vulnerabilities
  • Session based weaknesses
  • Bypass attacks
  • How attackers use applications to target administrators
  • Injection exploitation
  • Securing web applications
  • Using a WAF to secure applications

Application Firewalls

  • Understand common web application attacks
  • Cross-site scripting
  • SQL injection and Blind SQL injection
  • What web application firewalls (WAFs) can and cannot protect against
  • What database firewalls can (and cannot) protect against
  • Deployment options
  • Evasion methods

Endpoint Protection

  • Can HIPS really prevent zero-day attacks?
  • Application control
  • Whitelisting
  • Keeping all malware off of your systems
  • Taking control of USB drives
  • Bit9 and Carbon Black
  • Data Loss Prevention solutions

Advanced Malware Protection

  • Methods of evaluation
  • Sandboxing
  • Cuckoo
  • FireEye
Topics
Security Information and Event Management
  • The importance of time synchronization
  • How to setup NTP on each platform
  • Goals for a centralized collection system
  • Components of a log collection system
  • Designing an architecture
  • Scale considerations
  • Product options
  • Facility and severity - how to leverage them
  • Log file management
  • Producing useful reports
  • Setting up real-time alerting
  • What to look for

Firewall Log Analysis

  • What gets recorded
  • What to look for
  • Spotting patterns in the stream
  • Identifying when a firewall gives you incorrect info
  • The process for parsing any firewall log

Wireless Security

  • WEP - how everything went wrong
  • WPA and WPA2
  • 802.1X
  • Design considerations
  • Leveraging your VPN solution to secure wireless

Authentication, Encryption and VPN Basics

  • Symmetrical key cryptography and how it works
  • Stream and block ciphers
  • Public key cryptography and how it works
  • Cipher algorithms
  • Choosing good encryption, time value issues
  • Political laws
  • What is a hash and how it works
  • Initial authentication options
  • Packet-level authentication options
  • Digital certificates
  • X.509 and PKI

VPN Options

  • The structure of a VPN
  • SSL and how it works
  • SSH and how it works
  • Security problems with SSH tunnels
  • IPSec and how it works
  • Troubleshooting IPSec connections
  • Remote control options, when it makes sense
  • VDI
Topics
Vulnerability Assessment and Auditing
  • Anatomy of a vulnerability scanner
  • Why registry and file checking scanners can fail
  • Why network scanners can produce inaccurate information
  • When you should outsource vulnerability scanning

Cloud Considerations

  • Understanding Cloud security implications
  • Provider versus Tenant responsibilities
  • Cloud architecture and deployment models including IaaS, Paas and SaaS
  • Key cloud threat vectors
  • Security questions to ask related to cloud computing

Pulling it All Together

  • Risk Assessments
  • Taking the pieces from the course and pulling them into a comprehensive network architecture

Ettercap Labs

  • Hijack a TCP session and inject data
  • Spoof name server replies
  • Backdoor a system through a firewall

Useful Tools

  • Network mapping tools
  • Network monitoring tools
  • Packet manipulation tools
  • Where to find the best tools
Topics
Mobile Problems and Opportunities
  • Challenges and opportunities for secure mobile phone deployments
  • Weaknesses in mobile phones
  • Exploit tools and attacks against mobile phones and tablets

Mobile Devices and Infrastructure

  • BlackBerry network and platform architecture
  • iOS security features and weaknesses
  • Analysis of iOS features including iBeacon and AirDrop
  • Google Play Marketplace and third-party application stores
  • Windows Phone architecture and development platforms
  • Benefits and weaknesses of container-based mobile device management solutions

Mobile Device Security Models

  • Privilege and access models on multiple platforms
  • Device encryption support and threats
  • Emerging changes in platform security from Android and Apple

Mobile Device Lab Analysis Tools

  • Using iOS, Android, BlackBerry and Windows Phone emulators
  • Android mobile application analysis with Android Debug Bridge (ADB) tools
  • Uploading, downloading and installing applications with ADB
  • Application testing with the iOS Simulator

Mobile Device Malware Threats

  • Trends and popularity of mobile device malware
  • Mobile malware command and control architecture
  • Efficiency of Android ransomware" malware threats
  • Value and effectiveness of Android anti-malware platforms
Topics
Mitigating the Impact of Devices Being Stolen
  • Bypassing iOS and Android passcode locks
  • Decrypting iOS keychain credentials
  • Accessing mobile device backup data
  • Creating a lost device reporting program
  • Leveraging remote device wipe strategies

Unlocking, Rooting and Jailbreaking Mobile Devices

  • Goals of unlocking
  • Jailbreaking iOS
  • Unlocking Windows Phone
  • Rooting Android
  • BlackBerry platform restrictions

Mobile Phone Data Storage and Filesystem Architecture

  • Data stored on mobile devices
  • Mobile device filesystem structure
  • Decoding sensitive data from database files on iOS and Android
  • Extracting data from Android backups
  • Using filesystem artifacts for location disclosure attacks beyond GPS coordinates

Network Activity Monitoring

  • Mobile application network capture and data extraction
  • Capturing iOS network traffic through OS X systems
  • Transparent network proxying for data capture
  • Encrypted data capture manipulation
  • Extracting files and sensitive content from network captures
  • Recovering sensitive data from popular cloud storage providers
Topics
Static Application Analysis
  • Reverse-engineering iOS binaries in Objective-C and ARM instructions
  • Reverse-engineering Android binaries in Java and Dalvik Bytecode
  • Evaluating mobile malware threats through source-code analysis
  • Defeating Apple FairPlay encryption for application binary access
  • Combining source-code and behavior analysis for effective application penetration testing
  • Overcoming anti-decompilation techniques in defensive code

Automated Application Analysis Systems

  • iOS application vulnerability analysis with iAuditor
  • Structured iOS application header analysis
  • Tracing iOS application behavior and API use with Snoop-it
  • Effective Android application analysis with Androwarn
  • Android application interaction and Intent manipulation with Drozer

Manipulating Application Behavior

  • Runtime iOS application manipulation with Cycript
  • iOS method swizzling
  • Android application manipulation with Apktool
  • Reading and modifying Dalvik Bytecode
  • Adding Android application functionality, from Java to Dalvik Bytecode
Topics
Fingerprinting Mobile Devices
  • Passive analysis
  • Active scanning
  • Application inspection

Wireless Network Probe Mapping

  • Monitoring network probing activity
  • Visualizing network discovery and search
  • Wireless anonymity attacks

Weak Wireless Attacks

  • Wireless network scanning and assessment
  • Exploiting weak wireless infrastructure
  • Monitoring mobile device network scanning
  • Exploiting "attwifi" and iPad or iPhone captive portal detection
  • Secure network impersonation

Enterprise Wireless Security Attacks

  • Certificate impersonation and mobile devices
  • Manipulating enterprise wireless authentication
  • RADIUS server impersonation attacks
Topics
Network Manipulation Attacks
  • Leveraging man-in-the-middle tools against mobile devices
  • SSL certificate manipulation and bypass attacks
  • Effective SSL penetration testing techniques

Mobile Application Attacks

  • Exploiting mobile application authentication vulnerabilities
  • Manipulating mobile application network activity
  • Applying web attacks to thin mobile applications
  • Exploiting common application flaws on Android and iOS platforms

Web Framework Attacks

  • Site impersonation attacks
  • Application cross-site scripting exploit
  • Remote browser manipulation and control
  • Data leakage detection and analysis

Back-end Application Support Attacks

  • Exploiting SQL injection in mobile application frameworks
  • Leveraging client-side injection attacks
  • Getting end-to-end control of mobile application server resources
Topics
  • Virtualization components and architecture designs
  • Different types of virtualization, ranging from desktops to servers and applications
  • Hypervisor lockdown controls for VMware, Microsoft Hyper-V, and Citrix Xen
  • Virtual network design cases, with pros and cons of each
  • Virtual switches and port groups, with security options available
  • Available commercial and open-source virtual switches, with configuration options
  • Segmentation techniques, including VLANs and PVLANs
  • Virtual machine security configuration options, with a focus on VMware VMX files
Topics
  • Storage security and design considerations
  • How to lock down management servers and clients for vCenter, XenServer, and Microsoft SCVMM
  • Security design considerations for Virtual Desktop Infrastructure (VDI)
  • Security-focused use cases for VDI
  • Private cloud security architecture
  • Configuration options for securing private cloud components
  • Specific private cloud models and how security applies to each of them
  • Virtual firewalls and network access controls
  • Commercial and open-source virtual firewalls
  • Designing intrusion detection for virtual environments and the private cloud
  • Setting up promiscuous interfaces and traffic capture in a virtual environment
  • Host-based IDS/IPS for virtualization
Topics
  • Attack models that pertain to virtualization and cloud environments
  • Penetration testing cycles with a focus on virtualization and cloud attack types
  • Specific virtualization platform attacks and exploits
  • How to modify vulnerability management processes and scanning configuration to get the best results in virtualized environments
  • How to use attack frameworks like VASTO, Virtualization Assessment Toolkit to exploit virtualization systems
  • How to implement intrusion detection tools and processes in a virtual environment
  • What kinds of logs and logging are most critical for identifying attacks and live incidents in virtual and cloud environments
Topics
  • How anti-malware tools function in virtual and cloud environments
  • What kinds of new tools and tactics are available for effective anti-malware operations in the cloud and virtual machines
  • Pulling Netflow and packet data from virtual environments for analysis
  • How forensics processes and tools should be used and adapted for virtual systems
  • What tools are best to get the most accurate results from virtual machine system analysis
  • How to most effectively capture virtual machines for forensic evidence analysis
  • What can be done to analyze hypervisor platforms, and what does the future of virtual machine forensics hold?
Topics
  • How security can adapt to accommodate virtualization infrastructure
  • How virtualization tools and technology can augment and facilitate security
  • A simple, bulletproof risk assessment strategy for virtualization and private cloud environments
  • Threats, vulnerabilities and impacts to consider when evaluating virtualization and private cloud technologies
  • New and updated policies needed for virtualization and cloud environments
  • Service-level agreements and performance considerations for cloud operations
  • Governance models for private clouds
  • Encryption tools and techniques for securing mobile virtual machines
  • Data lifecycle policies and processes to ensure virtual machines and their data are monitored and updated
  • Identity and access management fundamentals for private clouds
  • Scripting for automation with shell scripts, as well as vSphere CLI and PowerCLI
  • In-depth disaster recovery and business continuity planning processes and capabilities that virtualization and private clouds can augment
Topics
  • Assessment and audit plans for virtualization and private cloud components
  • Key configuration controls from the leading hardening guides from DISA, CIS, VMware, and Microsoft
  • Scripting techniques in VI CLI for automating audit and assessment processes
  • Sample scripts that help implement key audit functions
  • Compliance mandates and how you can institute controls in both virtualization and cloud infrastructure to satisfy requirements



Put your passions to work, build your experience and network globally in ways you’ve never dreamed. Life at ameccaz is never dull. One minute you’re knee-deep in a brainstorming session to solve complex security threats and the next you’re painting a house for a local charity. At ameccaz we hire for potential and pay for performance. We work hard, act quickly, take smart risks, and hold ourselves – and each other – accountable for putting out great work. And, we have a great time along the way. If you have the talent, we have the job.

Life @ Ameccaz


Career Benefits In Store For You



Why Cyber Security is a Smart Career Choice

Due to the increased complexity of cybercrime, the training required to enter the field is becoming more stringent as the number of cyber security jobs available continues growing. Recent high-profile hacks of government and private sector websites have been an impetus for the training and certification of new security staff.

Cyber Security Training and Education

Working as an information security professional requires an interesting blend of knowledge, ethics and the ability to think like a hacker. Some individuals enter the field straight out of college, with degrees in computer science and other technical programs, while others cross over from previous careers such as law enforcement.

Cyber Security Career Path

Developing a career path and preparing a plan of action is essential in obtaining your professional goals. Here is a common career path for a cyber security professional entering the field.

Role titles vary by experience. You can expect to enter as a security administrator or analyst, and progress through middle management to potentially a senior leadership as a Chief Information Security Officer (CISO) over time.

A successful cyber security professional may then be assigned the role of chief IS manager who is responsible for the design and development of the information security policy, as well as any regulatory compliance and information security governance. Those who excel at this position may advance to the level of Security Advisors and Auditors whose responsibilities are to advise on policy design, risk assessment, and compliance to global and industry standards.

The top level position in the field is the chief information officer who oversees the cost of ongoing and future investments to alleviate information risks and align business objectives with a concise security strategy.

FAQs