你将学到什么
Describe the current enterprise security landscape
Define the Assume Compromise approach
Practice Red team versus Blue team exercises
Develop organizational security preparation, processes, and responses
课程概况
According to the Wall Street Journal, “All IT Jobs Are Cybersecurity Jobs Now.”
In this course, we examine the concept of Red team – Blue team security professionals. You will practice Red team versus Blue team exercises, where one group of security pros–the red team–attacks some part or parts of a company’s security infrastructure, and an opposing group–the blue team–defends against the attack. Both teams work to strengthen a company’s defenses.
You’ll learn how both the red and blue teams help the business attain a higher level of security, something the securityindustry is now calling the Purple team.
课程大纲
Module 1 Understanding the cybersecurity landscape
The current cybersecurity landscape
The evolution of attacks
Understanding "Assume Compromise"
Examples of compromises
Module 2 Red Team: Penetration, lateral movement, escalation, and exfiltration
Red Team versus Blue Team
Red Team kill chain
Beachhead
Lateral movement
Privileged escalation
Execution of attacker's mission
Module 3 Blue Team: Detection, investigation, response, and mitigation
The Blue Team kill chain
Restricting privilege escalation
On-premises network security
Restrict lateral movement
Attack detection
Module 4
Organizational preparations
Processes
CIA Triad
Developing a strategic roadmap
Microsoft Security Response Center Exploitability Index
预备知识
A understanding of the current cybersecurity ecosystem.