_edited.png){kind=logo}
Programmes Cyberium
Dans le monde numérique en constante évolution d'aujourd'hui, il est essentiel de rester à jour avec les nouvelles technologies et tendances. Les Programmes Cyberium, développés par ThinkCyber, visent à combler ce fossé de connaissances. Ces programmes offrent des expériences d'apprentissage complètes dans de nombreux domaines cyber.
Intro à la Cyber
XE101
Programmes Cyberium
Prerequisites
-
Basic Networking Knowledge
-
Understanding Cybersecurity Principles
Duration Options
-
Self-paced: 4-8 week
-
Trainer-led: 40 hours
Core Features of Cyberium Arena
Labs
Enhance training with defense and attack tasks.
Books
Tailored coursebooks for cybersecurity studies.
Scenarios
Diverse situations mimicking real professional challenges.
Projects
Integrated projects to demonstrate acquired knowledge.
Programmes Cyberium
The Windows Domain module focuses on Sysmon, a powerful Windows system monitoring tool. Participants learn to use Sysmon for comprehensive event logging, gaining a deeper understanding of Windows domain operations. This module covers essential topics such as installing and configuring Windows Server, managing features, and working with Windows events.
Key areas of study include Active Directory Domain Services (AD DS) installation and configuration, domain protocols management, and working with Group Policy. The module also introduces Wireshark for network protocol analysis, providing a well-rounded understanding of Windows domain environments.
Windows Server Setup
Install, configure, and manage Windows Server features and events.
Sysmon Implementation
Learn to use Sysmon for comprehensive event logging in Windows environments.
Active Directory Management
Install, configure AD DS, manage domain protocols, and work with Group Policy.
Network Analysis
Utilize Wireshark for in-depth network protocol analysis.
Programmes Cyberium
The SOC Environment module focuses on essential security infrastructure components, combining firewall management with intrusion detection and prevention systems.
SOC Environment Setup
Comprehensive security infrastructure featuring integrated monitoring systems and real-time threat detection capabilities.
Firewall Management
pfSense installation and configuration, including firewall rules, NAT implementation, and package management for enhanced security control.
IDS/IPS Implementation
Snort-based intrusion detection and prevention system setup, featuring advanced rule configuration and real-time monitoring capabilities.
Traffic Analysis
Advanced traffic monitoring and analysis using NAT features, with detailed rule management and real-time threat assessment tools.
Programmes Cyberium
This section of the SIEM module focuses on the ELK (Elasticsearch, Logstash, Kibana) stack, a powerful set of tools for Security Information and Event Management. Participants learn to effectively monitor events, employ various search methods, create custom queries, and set up alerts within the ELK environment.
The training covers practical applications of ELK in a SOC context, enabling analysts to efficiently process and analyze large volumes of security data. By mastering these skills, SOC teams can enhance their ability to detect and respond to potential security threats in real-time.
Event Monitoring
Learn to track and analyze security events across the network using ELK's powerful monitoring capabilities.
Search Techniques
Explore different search methods to efficiently locate and extract relevant security information from logs.
Custom Queries
Develop skills to create tailored queries for specific security use cases and threat hunting scenarios.
Alert Configuration
Set up and manage alerts to promptly notify the SOC team of potential security incidents or anomalies.
Programmes Cyberium
The second part of the SIEM module introduces Splunk, another powerful tool for security event management and analysis. Participants learn how to effectively monitor events, create complex queries, and manage alerts through Splunk's advanced platform.
Splunk Monitoring
Learn to navigate Splunk's interface and utilize its powerful monitoring capabilities for comprehensive security event tracking. The intuitive dashboard allows for real-time visualization of security events across your network.
Search Processing Language (SPL)
Master the basics of SPL to create effective queries and extract valuable security insights from diverse data sources. Develop complex search patterns to identify potential security threats and anomalies.
Alert Configuration
Develop skills to set up and manage custom Splunk alerts for proactive threat detection and rapid incident response. Create tailored notification systems that keep your SOC team informed of critical security events in real-time.
Programmes Cyberium
The Threat Hunting module begins with a comprehensive focus on log analysis, a critical skill for identifying potential security threats. Participants learn advanced techniques for analyzing logs from various sources, including network devices, servers, and security appliances. The training covers advanced filtering methods to efficiently sift through large volumes of log data and extract relevant information.
A key component of this section is the integration of the MITRE ATT&CK framework into the threat hunting process. Participants learn how to leverage this comprehensive knowledge base of adversary tactics and techniques to guide their hunting activities. The module also covers the creation of effective hunting rules based on log analysis findings and MITRE ATT&CK insights.
1
Log Collection
Gather logs from diverse sources across the network infrastructure.
2
Advanced Filtering
Apply sophisticated filtering techniques to identify potential indicators of compromise.
3
MITRE ATT&CK Integration
Utilize the MITRE ATT&CK framework to guide threat hunting activities.
4
Hunting Rule Creation
Develop and implement effective hunting rules based on analysis findings.
Programmes Cyberium
This section of the Threat Hunting module focuses on Sysmon, a powerful system monitoring tool for Windows. Participants learn how to effectively configure Sysmon's XML settings to capture relevant system events and activities. The training covers best practices for tailoring Sysmon configurations to specific threat hunting needs and organizational requirements.
A significant portion of this section is dedicated to analyzing Sysmon events. Participants learn techniques for efficiently processing and interpreting the rich data provided by Sysmon, including process creations, network connections, and file system activities. This knowledge enables SOC analysts to detect sophisticated threats and anomalous behaviors that might otherwise go unnoticed.
Sysmon Feature
Threat Hunting Application
Process Creation
Detect malicious executables and unusual process relationships
Network Connections
Identify suspicious outbound connections and potential C2 activity
File Creation
Monitor for unauthorized file modifications and potential malware drops
Registry Modifications
Detect persistence mechanisms and system configuration changes
Programmes Cyberium
The final section of the Threat Hunting module introduces YARA, a powerful tool for pattern matching and malware classification. Participants learn the structure and syntax of YARA rules, enabling them to create custom rules for identifying specific malware families or suspicious file characteristics. The training covers best practices for writing effective and efficient YARA rules that can be applied across various threat hunting scenarios.
A key focus of this section is on practical application, with participants gaining hands-on experience in using YARA for active threat hunting. The module covers techniques for integrating YARA rules into existing security workflows and tools, enhancing the SOC team's ability to detect and respond to sophisticated threats. By mastering YARA, analysts can significantly improve their capability to identify and classify both known and unknown malware.
Rule Structure
Learn the syntax and components of effective YARA rules for precise threat detection.
Pattern Matching
Master techniques for creating patterns to identify specific malware or suspicious files.
Threat Hunting
Apply YARA rules in active threat hunting scenarios to uncover hidden threats.
Integration
Incorporate YARA into existing security tools and workflows for enhanced detection capabilities.
Incident Response and Playbooks
This section of the SOC Operation module focuses on Incident Response (IR) and the development of IR playbooks. Participants learn the critical components of effective incident response, including preparation, identification, containment, eradication, recovery, and lessons learned. The training emphasizes the importance of well-defined processes and procedures to ensure a consistent and efficient response to security incidents.
A significant portion of this section is dedicated to creating and maintaining IR playbooks. These playbooks serve as step-by-step guides for handling various types of security incidents, from malware outbreaks to data breaches. Participants learn best practices for developing clear, actionable playbooks that can be easily followed during high-stress incident situations, ensuring a coordinated and effective response from the SOC team.
Preparation
Develop incident response plans and ensure necessary tools and resources are in place.
Identification
Detect and analyze potential security incidents using various monitoring tools and techniques.
Containment
Implement measures to isolate and mitigate the impact of the security incident.
Eradication
Remove the threat and eliminate any persistence mechanisms or vulnerabilities.
Recover
Restore affected systems and data to normal operations, ensuring security measures are in place.
Lessons Learned
Conduct post-incident analysis to improve future response capabilities and prevent similar incidents.