CBROPSCertification Path Link
New Cert Track CCNP Feb 2020 Link New Cert Track CCNA Feb 2020 Link New Re-certification Policy Link "The Art of War" by Sun Tzu Link
White Board Files for the Class
Recent Headline security incidentsRecent Attacks (July 2020)
Blackbaud Data Breach ransomware Link Garmin Attacks Link Premier League Link University of York (may to July) Link Amazon Link Hydro Norway Link MOZI IOT Attack Link General LinksExcellent all in one Website re tools and methods Link
Excellent site on Worms and Trojans Link Most Common Password List Link UNIX in a Browser (Practice) Link 18 Biggest data breaches of the 21st Century Link Top 50 Product List (os) vulnerabilities List Top Ten most common passwords (123456) Link How Does a Botnet Work Link Dyn DNS Link Cisco CTA cloud (Login) Stealthwatch Link IPFIX & Netflow Link Dyre Malware Banking Link Malvertising Link TLS 1.3 MITM Decryption myth Link DDNS Providers Link DNS Servers WorldWide Link 10 Most Vulnerable OS's 2017 Link TACACS+ Uses MD5 to hash the secret and XOR Link Cisco Cognitive Threat Analytics Link OpenSOC Community Link OpenSOC Link SSL 3.0 POODLE Vulnerability Link DOM based XSS in DVWA Link Verizon 2019 Data Breach Report Link Email MX record lookup Link Cisco CTA Login Link "Dyre" Banking Trojan Link Useful information on how to drive hping3 Kali Link Attacking ToolsBest Hacking Tools Link
Wordlist Password File Link Obtaining Windows Password Link hping3 Kali Linux Link (ICMP/SYN?etc) Online HASH generator NT/NTLM etc Link DNSChef Kali Link DNS Tunneling Kali Link Buffer Overflow Attack DVWA Link Pass The Hash Kali Link Firewalk Kali Linux Link Link2 Mimikatz Link List of useful tools Link General ToolsPlaybooks Link
Free Online Sandboxing/ Anti Malware Link Public Web Site for Hacking Link CVSS 3.0 Online Scoring Calculator Link Windows sysinternal tool download link URL Encoder/Decoder Link Swiss Knife of on-line conversion tool Link Epoch time converter Link Security ThreatsHacktivist, Anonymous Link
The Deep Web and Dark Web Link Public Web Site for Hacking Link Bluejacking/Bluesnarfing/Bluebugging Link Evil Twin Attack using Starbuks WiFi and Raspberry Pie Link WEP IV Attack Video Link WPA Attacks Video Link , WPA Explained Video Link TKIP and CCMP Video Link Wi-Fi Protected Setup (WPS) Video Link RFID Vs NFC Link Fukushima Nuclear Plant Documentary Link Host & Software SecurityFIPS & EAL some comparisions
Difference between TPM and HSM Link Difference between BIOS and UEFI Link FDE/SDE Link EMP Test on an Iphone Video Link USB Kill Link Embeded OS Stuxnet attacks against atomic plants in IRAN. Real time O/S WolfSSL Link Containers App/OS Docker Link Thin Clients for VDI HP Link Virtualisation Link Link2 Good example of the diference SaaS/PaaS/IaaS link Microsoft/Citrix ZenApp VDI Link VDI Demo Video Link Vitrual Mobile Infrastructure (NUBO IOS/Android) VMI Link IaaS/NaaS/SaaS/PaaS Link SECaaS Link Cisco Umbrella V's Cloudflare Link ANT (Adaptive Network Technology) Link SDLC Agile Mode Link Fuzzing Video Link Basic Fuzzing Framework Tool Link !!! Some Great Attacks !!!!Bronze Soldier attack Estonia,
Human rights attacks and China, HM Revenue & Customs lost accounts. Mafia Boy DOS attack Feb/2000. Anonymous attack against the Home Office. Stuxnet attacks against atomic plants in IRAN. Turkish Web site Hacking. Spamming 350 million and the result = 28 E,T, A are the most common English letters in order of frequency What is Phishing, redirection to malicious website, via email. Vishing is as Phishing except via Phone. Smishing is Phishing via SMS What is Pharming, redirection to malicious website unknown (DNS/HOSTs) Nimda Code Red 1999-2004, Conficker worm 2008, Stuxnet 2010, NHS Attack May 2017 WannaCry Link Admin/Tech/Physical Link Common Vulnerabilities & Exposures CVE EU-US Agreement re data transfer (Safe Harbour) DNS DDOS attack. it almost broke the Internet 3/2013 (New Amplification) NTP Attack Feb 2014 (Amplification) Morris Worm first Internet -based worm 1988 Hacking Tools, sectools.org, Kali Linux, Metasploit Basic Security Requirements CIA Salted Password Hashing MD5 Avalanche effect Hello World hash will be totally different to Hello World1, and MD5 Collision Demo Simon Singh Web Site Information Security Policies RUSECURE Youtube Videos |
Course Content
The CBROPS course is an 8 day course with a combination of Instructor-Led Training (ILT) and Self Study.
Legend Green = ILT Red = Self Study 1. Defining the Security Operations CenterNotes:
1 Wazuh, which I learned is apparently pronounced "wazoo."
Elsa to Elastic (Security Onion) Link
ELK Stack (Kibana ElasticSearch) Link Beats Agent (Info to Elasticsearch) Link Understanding Reverse Shells Link Difference between SIEM and SOAR Link Log Mining Slide Show Link Cyber Workforce Framework NIST 800-181 Link Talk Talk data breach Link Top 15 Data Breaches Link SecureX Cisco Platform Link SecureX SOAR Link Stealthwatch Link Indicators of Compromise (IOCs) Link Link2 PHP stands for PHP: Hypertext Preprocessor Link Personal Home Page tools Armitage (Kali) Pen Testing Link Apache Struts Vulnerability Reverse Connection Link Security Onion Link Sguil (Pronounce sgweel) Link Elsa Open Source Logging Link Zeek (Formally Bro) Link PhishTank Link 2 Understanding Network Infrastructure and Network Security Monitoring ToolsFree Build Your Own Network Packet Tracer Link
Packet Tracer 64 bit Windows Download Link Packet Tracer 32 bit Windows Download Link 3 Exploring Data Type CategoriesNotes:
1. Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets. IOC's (www.openioc.org now Fireeye) Link
Gartner Group originally defined SOAR Link SecureX Cisco Platform Link Threat Response Link Elsa version Security Onion Link Difference between SIEM and SOAR Link The CIA Triad Video Link aka AIC or PAIN (Priv/Auth/Int/non) PII in the UK Link GDPR (General Data Protection Regulation) UK Link Intellectual property and copyright laws UK Link Covid research being stolen by hostile states Link Search on SNORT for sig id 24256 Link 4 Understanding Basic Cryptogrpahy ConceptsBirthday Attack, probability hashing Video Link
Birthday Attack Cryptography Link NSA Suite B Link Cracking Enigma Enigma cannot encrypt the same letter to itself The U Boats started messages with win/press/temp Lazy operators did not change settings everyday Key Stretching Algorithms PBKDF2 Online Demo On Line XOR Calculator. AND/OR/XOR explained Plain Text/Clear Text Link Why Random Numbers in Cryptography Link Difference between Confusion and Diffusion Link Link2 Online Paint Program Link Online Coder/Decoder Rot13 XOR etc Link Better Link Prime Number Checker on-line Link One Time Pad Crypto Museum Link Number Stations and One Time Pads Link Link2 Online Coder/Decoder Rot13 XOR etc Link Better Link On-Line MD5 Hashing Generator Link Online HASH generator NT/NTLM etc Link Diffie Hellman OnLine Calculator Link AES Calculator OnLine ECB and CBC Link PRNG OnLine Link TLS 1.3 Published August 2018 Link NIST TLS Document Link Time to disable all SSL/TLS 1.0 (PCI Compliance) Link TLS PNF Link 48 byte PNRF used to generate Master Key (Shared TLS) Link Obfuscation-Steganography Video Link Difference between DH and DHE Link Key Stretching Video Link Certificate OIDs Table Link Certificate Pinning Link Certificate Chain of Trust Link Elliptical Curves Video Link Public/Private keys generation and Elliptical Curve Link Key Escrow Video Link DigiNotar Dutch CA Attack 2011 Link On Line XOR Calculator. AND/OR/XOR explained Difference between DER and Base64 Link Creating a Rogue CA Certificate Key Escrow Video Link1 Link2 5 Understanding Common TCP/IP AttacksICMP Redirects and Routing tables (Scapy) Link
Scapy ICMP Tunneling Link ICMPTX Explained Link ICMP OS Fingerprinting Link Teredo Tunneling Tool Link MaxMind GeoIP Link PII Link SQL Injection Attack (1=1) Link SQL Slammer UDP 2003 Link Teardrop DOS attack (Fragmentation) Link DDOS attack against DNS "Dyn" Link Botnets using HTTP for CnC Link Firewalk Kali Linux Link Link2 robots.txt Link Reconnaissance web site Shodan Link OSINT Great reconnaissance tool Link DNS DDOS attack. it almost broke the Internet 3/2013 (New Amplification) NTP Attack Feb 2014 (Amplification) Wiper 2013 Korea Link Top 10 Botnets Link Zeus MITM App attack (Banking) Link What this website reveals about you webkay.robinlinus.com Gather information from a website robots.txt Link DDOS Cisco Solution (Arbor) ASR9000 Link 6 Understanding Endpoint Security TechnologiesTalos White Paper Link
Buffer Overflow Video Link Buffer Overflow Youtube Link Sony RootKit Link What is a RootKit Link Common Types of virus Link What is a Computer Worm Link The Computer Worm good Link Difference between Virus Worms and Trojan Horses. Sasser Worm 2004 Link Common Worms Link Common Botnets Link NHS Attack May 2017 WannaCry Link Derren Brown The Push Video Link Email Scams costing millions Link SMS Scam Link The Real Hustle Premium Rate scam Link The Real Hustle Keylogers Link CTA and Threat Analytics Link Security Onion IDS Link Free Online Sandboxing/ Anti Malware Link Inland Revenue lose 25 million records in post 2007 Link CVSS 3.0 Online Scoring Calculator Link Difference between MAC/DAC/RBAC Link CVE Mitre org Link CVE Details top 50 Link Open-source intelligence (OSINT) Link Link2 OpenSOC Link Personal Data with regard to GDPR Link Safe Harbour to GDPR Link COBIT & ITIL Link DMCA Digital Millennium Copyright Act Link 7 Understanding Incident Analysis in a Threat-Cenntric SOC
THE KILL CHAIN
Reconnaissance Domain Dossier Link Weaponization (Virus,Code injection,Exploit system vulnerabilities) Metasploit Link Delivery (Email,Phishing,direct to websites.USB devices) Exploitation (Applications,O/S Vulnerabilities,Users) SQL A closer look at the Angler Exploit Kit Link Installation Command-and-Control (CnC) Actions on Objectives --------------------------------- Cisco use Case, Ransomware defense (good PDF) link Threatconnect Link 3rd Party Integration of SI Feeds (STIX/TAXII) Link The Pyramid of Pain (Mitre Attack Framework) Link Link2 PRE-ATT&CK Link Pre-ATT&CK Matrix Link ATT&CK Navigator Link 8 Identifying Resources for Hunting Cyber Threats
Notes:
1. IOC's have the following sources IPS/AMP/SI The Hunting Maturity Model Link
CVSS 3.0 Online Scoring Calculator Link Distribution of Vulnerabilities by CVSS Link cve.mitre.org Link CVSS User Guide Link CVSS Metrics Link NIST Search for CVE (2012-1516) Link High Impact Vulnerabilities Link TOP OS Vulnerabilities Link OWASP Top Ten Web Security Risks Link Open Web Application Security Project Link Website Traffic Analysis Link Spamhaus Attack Link Virustotal Analyze suspicious Files/Websites Link Talos Link CTA - Cognitive Threat Analytics (now known as CI) Link Zeek Network Monitoring tool (formly Bro) Link 9 Understanding Event Correlation and NormalisationDirect Vs Circumstantial evidence Link
10 Identifying Common Attack Vectors
Notes:
1. DDNS two ways: either you install a piece of software on your computer that constantly updates their servers or you configure the service on your router, if it is supported. 2. Punycode, or more formally the Internationalized Domain Names in Applications (IDNA) framework as it is used on the Internet, was designed as a way to map characters that would normally be invalid in DNS host names 3. Cisco DNS Umbrellas IP's
Public Web Site for Hacking Link
Firesheep HTTP cookie attack Link HTTP/2 & SPDY Link Session hijacking(Facebook) using cookies over wifi Link Obfuscating Java online tool Link Windows DEP to stop Shellcode Link PunnyCode Link HTML character codes (%2e) Link Homoglths Attack Generator Link / = %2F = %252F \ = %5C = %255C Link Pass The Hash Attack Video Link How STRONG is your password What is a DNS Zone Link DNS Tunneling Kali Link DNS Changer Link DNSSEC Link Fast Flux/Double Flux Link SMTP vs IMPA vs POP Link SMTP contents explained ie HELO/EHLO Link Sammy KamKar Link Youtube cross-site scripting Link Heartbleed Poodle attack Link Target(American Retail) attack via Pivot from HVAC system Link Emotet originally used as a banking Trojan Link DNS DDOS attack. it almost broke the Internet 3/2013 (New Amplification) NTP Attack Feb 2014 (Amplification) 11 Identifying Malicious Activity
Notes:
1. TOR For greater security, all Tor traffic passes through at least three relays before it reaches its destination. DUO Two Factor Authentication Link
Cisco Tetration Link ELSA is EOL (Elastic replacement) Link The Onion Router (TOR) Link TOR Metrics Link (info about TOR Relays) Link What is a TOR Relay Link 12 Identifying Patterns of Suspicious Behavior13 Conducting Security Incident Investigations14 Using a Playbook Model to Organise Security MonitoringPlaybooks Link
Really good Cisco Blog on CSIRT Playbooks Link Top 5 Cyber Security Incident Response Playbooks Link 15 Understanding SOC Metrics16 Understanding SOC Workflow and Automation17 Describing Incident ResponseUnderstanding the Use of VerisVERIS Link
Understanding Windows OSWindows Inner workings Link
Windows Hive Link Windows Shortcut keys link FAT/FAT16/32/ExFAT Link NTFS Link Microsoft System Internals Download Link Windows Registry Run, RunOnce Link Run and RunOnce RunServices(Once) Registry Keys Link Link2 Check Virus Total link AD Tutorial YouTube Link TPM on Window PC Link Windows Kiosk software Link Trusted Computer Base Link 10 Most Vulnerable OS's 2017 Link Windows DEP Link Null Sessions Windows Link Difference between Microsoft and Cisco Trace route Link Understanding LinuxUNIX in a Browser (Practice) Link
The mind behind Linux YouTube Link 37 Linux commands you should know Link Linux systemd link Configure && make && make install link | ||||||||||||||
