101 Courses - Basic level courses
NICE Cybersecurity Workforce Framework Category - Analyze
NICE Cybersecurity Workforce Framework Category - Collect and Operate
NICE Cybersecurity Workforce Framework Category - Investigate
NICE Cybersecurity Workforce Framework Category - Operate and Maintain
NICE Cybersecurity Workforce Framework Category - Oversee and Govern
NICE Cybersecurity Workforce Framework Category - Protect and Defend
NICE Cybersecurity Workforce Framework Category - Securely Provision

The NICE Cybersecurity Workforce Framework can be found at: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

FedVTE Course Catalog
Limit to NICE Cybersecurity Workforce Framework Category or subject:
101 Courses - Basic level courses Analyze Collect and Operate
Investigate Operate and Maintain Oversee and Govern
Protect and Defend Securely Provision
Show All Courses in All Categories

Expand/Collapse All
Advanced PCAP Analysis and Signature Development (APA) 1 HourSkill Level: Intermediate 
+ Description
 Advanced PCAP Analysis and Signature Development (APA)

The Advanced PCAP Analysis and Signature Development (APA) course takes users through an introduction to rules, goes over example syntax, protocols and expressions. This course contains several supporting video demonstrations as well as lab exercises writing and testing basic rules.

Training Purpose: Analyze, Protect and Defend
Specialty Areas: Cyber Defense Analysis, Cyber Defense Infrastructure Support, All Source Analysis, Cyber Operations
Training Proficiency Area: Level 2 - Intermediate

+ Course Modules/Units
 
Advanced Pcap Analysis And Signature Development
Packet Protocol Dns
Introduction To Rules
Examples Of Sourcefire Rules
Sourcefire Rule Syntax - Protocols
Sourcefire Rule Syntax - Message And Matching
Lab Exercise Writing And Testing Basic Rules
Lab Exercise Writing And Testing Basic Rules Video
Lab Exercise Writing And Testing Basic Rules Continued
Lab Exercise Continued
Regular Expressions
Editing A Poor Rule
How To Write An Ipv4 Regular Expression
Lab Exercise Writing Regular Expression
Lab Exercise Writing Regular Expression Continued
Malware Analysis Reports (Mar)
Demonstration of Mar 131751 Report
Demonstration Of Mar Report Continued
Lab Exercise Writing Rules From Malware Analysis Reports
Lab Exercise Writing Rules From Malware Analysis Reports Continued
Analysis Pipeline 6 HoursSkill Level: Intermediate  
+ Description
 This course is designed for network flow data analysts who use or are considering using Analysis Pipeline (http://tools.netsa.cert.org/analysis-pipeline5/index.html). The course aims to help the student better understand how to incorporate streaming network flow analysis into their toolkit for identifying and alerting on events of interest. The focus will be on applying Analysis Pipeline to operational use cases

Training Purpose - Protect and Defend, Collect and Operate, Operate and Maintain

Specialty Areas - Network Services, Cyber Operations, Cyber Defense Analysis

Training Proficiency Area: Level 2 - Intermediate

+ Course Modules/Units
 
Introduction
Configuration Files
Running Pipeline
Logical Schematics
Pipeline and Timing and State
Alerts
Configuration File Basics
Filters
Filters (Exercises and Solutions)
Evaluations
Evaluations (Exercises and Solutions)
Statistics
Internal Filters
List Configurations
Configuration File Basics (Exercises and Solutions)
Threshold Examples
Special Evaluations
Building an Analytic
Server Profiling Analytic
Host Discovery Analytic
Advanced Configurations
NTP Anomalies
Unknown SSH Brute Force
Choose Your Own Adventure
ICMP Surveying: Thinking it Through
ICMP Surveying: Building it Out
DDoS Detection: Thinking it Through
DDoS Detection: Building it Out
SSH Compromise: Thinking it Through
SSH Compromise: Building it Out
Analysis Pipeline 5
EC-Council Certified Ethical Hacker (CEHv9) Self-Study Prep 31 HoursSkill Level: Advanced  
+ Description
 

The CEHv9 certification prep self-study course helps prepare students to sit for the EC-Council Certified Ethical Hacker version 9 certification exam. This course contains materials to aid the student in broadening their knowledge of advanced network assessment techniques including enumeration, scanning and reconnaissance. Updates to v9 from v8 include several new tools and new module on cloud considerations. Topics include reconnaissance, hacking laws, web application hacking, social engineering, packet capture, and scanning. The course then moves on to exploitation of several types of threats and how to cover your tracks, concluding with a practice exam.

Learning Objectives

  • Review of the domains and published objectives of the CEHv9
  • Supplemental resource for preparation for the EC-Council CEHv9 certification exam

Training Purpose: Operate and Maintain, Protect and Defend, Analyze

Specialty Areas: Systems Analysis, Cyber Defense Infrastructure Support, Vulnerability Assessment and Management, Threat Analysis

Training Proficiency Area: Level 3 - Advanced

Capture Date: 2016

+ Course Modules/Units
 
Certified Ethical Hacker v9 Intro
Ethical Hacking Intro and Security Reports
Security Reports Statistics
Ethical Hacking Terminology
IR in Ethical Hacking
Laws and Regulations
Ethical Hacking and Threats
Types of Attacks and Attack Vectors
Hacking Phases and Vul Research
Reconnaissance
Passive Footprinting
DEMO: WHOIS with BackTrack
Passive WHOIS Queries
Google Hacking
Active Footprinting
DEMO: Nslookup Example
Active Footprinting Cont
DEMO: Active Footprinting with Traceroute
Network Mapping and Web Mirroring
Active Footprinting Countermeasures
Scanning Essentials
Scanning Essentials Continued
Port Scanning
Vulnerability Scanning
DEMO: Banner Grabbing with Telnet
Covert Scanning
DEMO: Scanning with Nmap Demo
Additional Covert Scanning
Enumeration Overview Part 1 of 2
Enumeration Overview Part 2 of 2
Enumeration Tools
Operating System Account Enumeration
Protocol Enumeration
DEMO: NetStat Enumeration and Countermeasures
Authentication Techniques
Microsoft Authentication
Password Cracking
Password Cracking Techniques
Privilege Escalation
DEMO: Rainbow Table Lookup Sites
Keyloggers
Spyware and Activity Monitoring
Packet Sniffing Attacks
Rootkits
Covert Hacking
Covering Tracks
Virus Examples and Symptoms
Virus Classifications and Characteristics
Virus Types and Terminology
Virus Making Tools
Famous Worms
Trojan Terminology and Techniques
Trojans and Backdoors
DEMO: Shell Connections via Netcat and BackTrack
Trojan Analysis
DEMO: Trojans and Rootkits
Malware Countermeasures and Tools
DEMO: Strings Analysis
Other Malicious Code Types
Sniffers Terminology and Overview
Network Overview for Sniffer Placement
Basic Packet Analysis
DEMO: Viewing ARP Packets with Packet Builder
Attacks and Protocols Vulnerable to Sniffing
Spoofing and Flooding Sniffing Attacks
MITM Attacks Ports Vul to Sniffing
Wireshark Overview and Examples
Evasion in Network Sniffing
Sniffing Countermeasures and Tools
DEMO: Hping3
DEMO: Wireshark
Social Engineering Background and Examples
Human-based Social Engineering
Additional Human-based SE
Computer Based Social Engineering
Computer-Based SE - Social Networking
Mobile-based Social Engineering
SE and Identity Theft Countermeasures
DEMO: Social Engineering Toolkit Demo
Denial of Service Part 1 of 2
Denial of Service Part 2 of 2
Categories of Denial of Service
DEMO: HW and Mobile DoS Options
Buffer Overflow Terminology and Background
DEMO: Stack Overflow Testing wil OllyDbg
Session Hijacking Overview and Examples
Cross Site Scripting and Other Session Attacks
Session Hijacking Techniques
IPSec and Session Hijacking
Hacking Webservers Terminology and Background
Webserver Architecture
Webserver Hacking Tools
Web Server Attacks
OWASP Top 10
Webserver Hacking Countermeasures
SQL and Command Injection Web App Hacking
Non SQL Injection Errors
Parameter and Form Tampering Web App Hacking
Cross-site Scripting and Obfuscation Web App Hacks
Cross-Site Request Forgery and Cookies
Web Application Methodology
Web App Attack Tools and Countermeasures
Buffer Overflow Tools and Countermeasures
DEMO: BurpSuite
DEMO: XP cmdshell Demo
SQL Terminology and Example Statements
SQL Enumeration
SQL Injection Attacks
SQL Injection Tools and Countermeasures
DEMO: SQL Injection
Wireless Terminology and Standards
Wireless Terminology and Antennas
Wireless Authentication
Wireless-based Attacks
Wireless Attack Methodology
Wireless Attack Methodology Continued
WEP WPA and Other Wireless Attacks
Bluetooth Communication Basics
Wireless Protocols and Signal Modulation
DEMO: SSID and Channels
DEMO: WiFi Analyzer Using Mobile Device
Wireless Hacking Tools and Countermeasures
Mobile Platform Overview
Mobile Device Operating Systems
Hacking Mobile Platforms
IDS Overview and Detection Methods
DEMO: Published Snort Rules
Firewalls and Honeypots
Firewall Configurations
Signs of Intrusions
Evasion Techniques
IDS Evasion Techniques
Evasion Testing Techniques
DEMO: Intrusion Signs
Cryptography Background and Terminology
Crypto Keys and Algorithms
SHA and TLS Algorithms
DEMO: Hashing with MD5 Sum
Crypto Keys and Algorithms Continued
Cryptography Implementations
Public Key Infrastructure (PKI)
Cryptanalysis Techniques
Cryptanalysis Tools
Cryptographic Attacks
Steganography Tools
Security Testing and Assessments
Penetration Testing Terminology
Risk Management and Penetration Testing
Penn Testing Phases and Methodology
Penetration Testing Walkthrough
Penetration Testing Tools
DEMO: Exploits with Armitage
DEMO: Intro to Armitage
DEMO: v3 RunningExploitFrom Code
Introduction to Cloud Computing
Cloud Security
Cloud Architectures
Cloud Testing Tools
Cloud Threats and Attacks
CEHv9 Prep Practice Exam
CDM Module 1 : Overview 2 HoursSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course provides a high level overview of the CDM program. Topics covered include basic CDM concepts, how CDM relates to NIST 800-53 and other NIST SPs, CDM Concept of Operations, the CDM Environment, and CDM’s Phases and Capabilities.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is the CDM program?
What problem does CDM address?
How does the CDM program support Departments and Agencies
Why does CDM focus on Automation?
What is the CDM "Desired State" Specification?
What is the Actual State?
What is a Defect Check?
What is an Assessment Object?
What is a Defect instance?
What is an Object Container?
What is a CDM Security Capability?
How Do 800-53 Controls Map to CDM Security Capabilities?
How do I use the CDM Security Capabilities to Improve Security?
How does CDM relate to NISTs 800-53 Catalogue of Controls?
How does CDM relate to NISTs 800-53 Suggested Control Assessment Methods?
How does CDM relate to NISTs guidance on ISCM (800-137)?
How does CDM relate to NIST guidance on Risk Management 800-30 and 800-39?
How does CDM relate to NISTs RMF?
How does CDM operate in a department or agency?
What is the CDM Concept of Operations?
Where does the "Desired State" Specification come from?
What does the actual state concept in CDM mean for our department or agency?
Where does the Actual State Data come from?
How does CDM discover defects?
How does Scoring work with CDM and how am I affected?
How does CDM know who is responsible for fixing defects?
Will the CDM "System(s)" be A&Aed?
How will CDM sensors affect my Network(s)? Performance? Security?
What are CDM shared services?
Why is CDM divided into phases?
How do the security capabilities fit into phases?
What are the Phase 1 capabilities?
What are the Phase 2 capabilities?
What are the Phase 3 capabilities?
What does the CDM D/A Dashboard provide?
How Does the CDM D/A Dashboard Work with Other D/A Dashboards?
How Do I Get the Information My D/A Needs from the CDM D/A Dashboard?
CDM Module 2: Hardware Asset Management 1 HourSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by defining Hardware Asset Management (HWAM) and why it is critical to the implementation of a robust cybersecurity program. The training highlights the criteria for monitoring and managing hardware assets using CDM. It then transitions into HWAM implementation criteria and discusses the generic CDM concept of operations specific to HWAM. Topics covered include Actual State, Desired State, and Defects.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is Hardware Asset Management (HWAM)?
What Are the Purpose and Results?
What Types of Attacks Does HWAM Thwart for Our Organization?
What Objects Does HWAM Assess?
How Does the HWAM Concept of Operations (CONOPS) work?
How Does HWAM Relate to Other Phase 1 Capabilities?
What HWAM Roles and Responsibilities Will My Organization Implement?
How Does an Organization Use the HWAM Capability?
What Techniques Are Used to Search for HWAM Devices?
What Types of Data Does the HWAM Actual State Collect?
What Types of Data Are Used to Identify Network Addressable Devices?
How Do Agencies Get Desired State Specification Data for the HWAM Capability?
What Types of Data Does the HWAM Desired State Specification Collect?
Can Agencies Specify How to Group Results?
What Are the HWAM Defect Checks?
Which HWAM Defect Checks Are at the Federal Level?
Which HWAM Defect Checks Are at the Local Level?
CDM Module 3: Software Asset Management 1.5 HoursSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by defining SWAM and why it is critical to the implementation of a robust cyber-security program. It covers new roles and responsibilities which the department or agency (D/A) must implement. It then transitions into SWAM implementation criteria, and discusses the generic CDM concept of operations specific to SWAM Actual State, Desired State, and Defects. It includes high level discussions of software lists (white, gray, black) and how software can be identified and tracked in CDM through the use of Common Platform Enumeration (CPE) and Software Identification (SWID) tags by Software package down to executables.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is the Software Asset Management (SWAM) Capability?
What Purpose Does SWAM Serve?
What Types of Results Will SWAM Accomplish?
What Types of Attacks Does SWAM Thwart?
What Objects Does SWAM Assess?
How Does the SWAM Concept of Operations (CONOPS) Work?
How Does SWAM Relate to Other Phase 1 Capabilities?
How Does SWAM Block Many Zero Day and APT Attacks?
What Techniques Are Used to Search for SWAM Devices?
How Does CDM Identify Software Products and Executables?
How Does CDM Use Digital Fingerprints?
What Is a Whitelist?
How Do I Use a Software Whitelist?
What Is a Graylist?
How Do I Use a Software Graylist?
What Is a Blacklist?
How Do I Use a Software Blacklist?
What Does Locational Whitelisting Mean to Me?
What Is a Trust Library and How Does SWAM Use It?
How Is Desired State Specification Determined for Mobile Code in CDM?
How Does SWAM Use Hashes?
How Does SWAM Use Common Platform Enumeration (CPE)?
How Does SWAM Use Software IDs (SWIDs)?
What Are the SWAM Defect Checks?
Which SWAM Defect Checks Are at the Federal Level?
Which SWAM Defect Checks Are at the Local Level?
What Mitigation Options Might My Department or Agency Use with SWAM?
CDM Module 4: Configuration Settings Management .5 HoursSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by outlining the Cyber Security Manager position (CSM) and highlighting the types of attacks CSM can help prevent. It then transitions into CSM methods and criteria, where it reviews Actual State, Desired State, and Defect Checks specific to the capability area. It explains how CSM builds upon the other capabilities and how defect checks differ at the local and federal levels.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What Is the Configuration Settings Management Security Capability?
What Types of Results Will CSM Accomplish?
How Does CSM Thwart Attacks?
What Objects Does the CSM Security Capability Assess?
How Does CSM Work?
How Does HWAM and SWAM Support CSM?
What Methods Will CSM Use to Determine Actual State Information?
What Elements Does the Organization Require to Define the Actual State?
How Does CSM Define the Desired State?
What Methods Will CSM Use to Determine Desired State?
What Is a Common Configuration Enumeration (CCE)?
What Is a CSM Defect Check?
Which CSM Defect Checks Are at the Federal Level?
Which CSM Defect Checks Are at the Local Level?
CDM Module 5: Vulnerability Management .5 HoursSkill Level: Basic  
+ Description
 The course aims to help the student better understand how vulnerability management (VULN) identifies the existence of vulnerable software products in the boundary to allow an organization to mitigate and thwart common attacks that exploit those vulnerabilities.

The course begins by defining VULN, how it applies to the target environment, and how a fully implemented VULN capability impacts a Department or Agency. It then transitions into VULN criteria and methods, where it reviews Actual State, Desired State, and Defect Checks specific to the capability area. It explains how VULN builds upon the other capabilities areas, the types of defects, and how those defect checks differ at the local and federal levels.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What Is the Vulnerability Management (VULN) Capability?
What Is a CVE (Common Vulnerabilities and Exposures)?
What Is a CWE (Common Weakness Enumeration)?
What Types of Results Will VULN Accomplish?
How Can VULN Thwart Attacks?
What Types of VULN Objects Are Assessed?
How Does the VULN Capability Work?
How Does VULN Relate to SWAM?
How Will My Organization Use the VULN Capability?
What Methods Will VULN Use to Determine Actual State?
What Is the CDM Actual State?
How Does VULN Define the Desired State?
What Methods Will VULN Use to Determine Desired State?
What Is the National Vulnerability Database (NVD)?
What Are the VULN Defect Checks?
Which VULN Defect Checks Are at the Federal Level?
Which VULN Defect Checks Are at the Local Level?
CDM Dashboard Course 1 HourSkill Level: Basic
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to familiarize the student with operational concepts of the CDM Dashboard, prior to using it in a production environment.

Training Purpose: Skill Development

Specialty Areas: Computer Network Defense Analysis, Computer Network Defense, Infrastructure Support, Incident Response, Vulnerability Assessment and Management

Training Proficiency Area: Level 1 - Basic

Capture Date:

2017
+ Course Modules/Units
 
CDM Dashboard Course - Monolith Version
CMaaS Transition Classroom Sessions 5 HoursSkill Level: Basic 
+ Description
 This course is part of the CMaaS transitional webinar series conducted via WebEx. Each video focuses on a single tool within the CMaaS solution stack, and includes two major Use Cases for each tool.

Training Proficiency Level: Level 1 - Basic

Capture Date: 2018

+ Course Modules/Units
 
Session 1
Session 2
Session 3
Session 4
New Course OfferingCompTIA Cybersecurity Analyst (CySA+) Prep 12.5 HoursSkill Level: Intermediate  
+ Description
 The CompTIA Cybersecurity Analyst (CySA+) self-study certification prep course is designed to help prepare candidates to sit for the CySA+ exam, as well as reinforce concepts for work roles such as Systems Security Analyst, Threat Analyst, and Vulnerability Assessment Analysts. This intermediate-level course focuses on analysis and defense techniques leveraging data and tools to identify risks to an organization, and apply effective mitigation strategies. They CySA+ is an approved baseline certification of the DoD Directive 8570.
Learning objectives:
  • Provide a review of the following four skills: threat management, vulnerability management, security architecture and tool sets, and cyber incident response.
  • Supplemental self-study preparation resource for the CompTIA CySA+ exam.
  • Understand how to configure and use threat detection tools, perform data analysis, identify vulnerabilities, threats and risks, and secure and protect applications and systems within an organization.
Training Purpose: Skill Development
Specialty Areas: (Protect and Defend, Operate and Maintain, Securely Provision) Vulnerability Assessment and Management, Systems Analysis, Cyber Defense Analysis
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2018
+ Course Modules/Units
 
CySA Course Introduction
Reconnaissance
Port Scanning for Active Reconnaissance
Environmental Reconnaissance Tools
Social Engineering for Reconnaissance
Network Mapping for Active Reconnaissance
Syslog
Reviewing Alerts/Detecting Attack Phases
Common Tasks in Environmental Reconnaissance
Environmental Reconnaisannce Variables
Basic Packet Analysis
Methods of Network Traffic Analysis
Network Traffic Analysis
Netflows
Working with Netflows
Netflow Tools
Examining Log Files
Data Correlation and Analytics
Analyzing Device Data
SIEM
DEMO: Wireshark Packet Analyzer
Hardening Network Devices
Network Segmentation and Design
Honeypot
Endpoint Security
Windows Group Policy
Access Control Models
Remote Authentication - Radius and Tacacs+
Hardening Host and Networked Systems
Compensating Controls
Corporate Penetration Testing
Reverse Engineering Purpose and Practice
Team Training and Exercises
Risk Evaluation and Security Controls
Vulnerability Assessment Introduction
Vulnerability Management Requirements
Vulnerability Scanner Configuration
Vulnerability Assessment Tools
Scanning and Enumeration with Nmap
Intro to Vulnerability Scanning with Nessus
Vulnerability Remediation
Scanning and Report Viewing with OpenVAS
Endpoint and Protocol Analysis
Logging Strategies and Sources
Reviewing, Analyzing and Correlating Logs
Network Vulnerabilities
System Vulnerabilities
Web Application Vulnerabilities
Wireless Network Vulnerabilities
Virtual Infrastructure Vulnerabilities
Threats to Mobile Devices
ICS and SCADA Systems Security
Malware and Social Engineering Threats
Preparing for Impact Analysis
Forensics Kit and Incident Response
Forensic Investigation Suite
Setting Up an Analysis Environment
Communication During Incident Response
Common Symptoms of Host Infection
Incident Response and Recovery Part 1 of 2
Incident Response and Recovery Part 2 of 2
Regulatory Compliance and Frameworks
Control Selection Tailoring and Implementation
Verification and Quality Control
Procedures Supporting Policy
Enterprise Network Authentication Part 1 of 2
Enterprise Network Authentication Part 2 of 2
Cross-site Scripting and Other Exploits
Privilege Escalation Exploit
Technical Processes and Controls
Software Development Models and SDLC
Code Review and Testing
Secure Coding Best Practice Resources
Preventative Cyber Tools
Collective Cyber Tools
Analytical Cyber Tools
Exploit Cyber Tools
Forensics Cyber Tools
CySA Prep Practice Quiz
New Course OfferingCompTIA Security+ (SY0-501) Certification Prep 17.5 HoursSkill Level: Basic 
+ Description
 The CompTIA Security+ (SY0-501) Certification Prep is a self-study resource to help candidates prepare for the Security+ (SY0-501) certification exam. The topics covered are categorized into the six domain areas of the SY0-501 exam objectives: Threats and Vulnerabilities, Technology and Tools, Architecture and Design, Identity and Access Management, Risk Management, and Cryptography.

Learning Objectives:
  • Supplemental preparation for the CompTIA Security+ SY0-501 Certification Exam
  • List common cyber threats and how scanning and assessment tools and techniques identify potential vulnerabilities
  • Explain how various tools and technologies are configured or deployed to support an organization's security posture
  • Detail risk management best practices and mitigation strategies
NICCS Specialty Areas:
  • Systems Analysis (Operate and Maintain)
  • Systems Administration (Operate and Maintain)
  • Network Services (Operate and Maintain)
  • Vulnerability Assessment and Management (Protect and Defend)
Training Purpose Skill Development
Training Proficiency Area Level 1- Basic
+ Course Modules/Units
 
Security+ (SY0-501) Course Introduction
Malware: Viruses
Malware: Rootkits, Trojans, Botnets
MITM, DoS, Packet Flooding and Other Attacks
Backdoor, Spoofing, Replay and Other Attacks
Password, Birthday, Crypto and Application Attacks
Social Engineering Techniques
Wireless Attacks
Application Attacks
Threat Actors
Assessment Tools and Techniques
Active and Passive Reconnaissance
Security Testing and Assessment
Firewall Implementations
Proxy Server Implementations
Hubs and Switches
Routers and Routing Protocols
Remote Access and VPNs Part 1 of 2
Remote Access and VPNs Part 2 of 2
Network Intrusion Detection Systems
Host-Based Intrusion Detection Systems
Password Cracking Categories and Tools
Password Cracking Techniques
DEMO: Local Information Gathering Tools
DEMO: Network Connectivity Testing Tools
DEMO: Remote Information Gathering Tools
Mobile Device Security
Mobile Device Deployment
Network Security Protocols
Network Services and Protocols
Frameworks and Reference Architectures
Network Zones
Demilitarized Zones (DMZ) Implementations
Security Device and Technology Placement
Host Security: OS Hardening and Firewalls
Host Security: Anti Virus, Malware and Spam
Host Security: Pop Ups and Patch Management
Secure Static Environment
Secure Staging Deployment Concepts
Cloud and Virtualization Concepts
Cloud Architectures
Host Security: Virtualization
Resiliency and Automation to Reduce Risk
Physical Security and Environmental Controls
Access Control Categories
Authentication Services
Access Control Models
Authentication and Authorization Concepts
Biometric Authentication
Account Management
Identity Management
Security Awareness and Training
Risk and Related Concepts
Risk and Asset Identification
Threat and Risk Calculation
Risk Control Types
Security Control Types and Categories
Basic Forensics Procedures
Incident Handling and Forensics
Incident Response Preparation
Risk Management: Business Continuity
Risk Management: Redundancy and Fault Tolerance
Risk Management: Disaster Recovery
Risk Mitigation Strategies
Data Security
Data Destruction and Disposal Methods
Data Sensitivity and Handling
Mitigation and Deterrence: Logging
Mitigation and Deterrence: Hardening
Mitigation and Deterrence: Network Security
Mitigation and Deterrence: Attack Countermeasures
Cryptography Part 1 of 2
Cryptography Part 2 of 2
Wireless Security Evolution
Wireless Security Best Practices
Cryptographic Keys and PKI
Security+ (SY0-501) Certification Prep Exam
Cyber Security Investigations 9 HoursSkill Level: Basic  
+ Description
 This course discusses the basic concepts of cyber security and digital forensics investigation practices. Topics include performing collection and triage of digital evidence in response to an incident, evidence collection methodologies, and forensic best practices. This is an introductory course reviewing the processes, methods, techniques and tools in support of cyber security investigations.

Training Purpose: Skill Development

Specialty Areas: Digital Forensics, Cyber Operations, Incident Response, Investigation

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
Purpose of Computer and Network Forensics
Digital Forensics Tools
Forensics Team Staffing Considerations
Digital Forensics Guidelines, Policies, and Procedures
Digital Forensics Life Cycle
Digital Forensics Best Practices
Digital Forensics Concepts
Locard's Exchange Principle
Incident Response Phases Part 1 of 3
Incident Response Phases Part 2 of 3
Incident Response Phases Part 3 of 3
Computer Forensics Process Part 1 of 2
Computer Forensics Process Part 2 of 2
Digital Forensic Planning and Preparation
IR and Digital Forensics Tools
Forensically Prepared Media, Tools and Equipment
Incident Response Information Gathering
Incident Response Acquisition Considerations
Incident Response Notes and Documentation
Auditing Windows Event Logs
Volatile Data Collection
Storage Media Collection
Network Data Collection
Log Collection
Data Carving using FTK
Digital Forensic Triage Overview
Incident Triage Process
Incident Triage Methodology
Attacker Methodology Overview Part 1 of 3
Attacker Methodology Overview Part 2 of 3
Attacker Methodology Overview Part 3 of 3
Triage: Light and General Collections
Triage Analysis
Triage Analysis of Volatile Data
Program Execution
Analyzing Services
Malware Vectors and Detection
Mobile Device Triage Analysis
IR: Following a Trail
Hash and File Signature Analysis
Time Analysis
Registry Analysis
File Analysis Demonstration
Hashing with md5deep
Hash Analysis with Autopsy
Lessons Learned from an Incident
Lessons Learned from Objective and Subjective Data
Evidence Retention and Information Sharing Post Incident
Cyber Security Investigations Exam
Demilitarized Zone (DMZ) with IDS/IPS 9 HoursSkill Level: Intermediate 
+ Description
 This course introduces the concept of a network Demilitarized Zone (DMZ) and the security benefits it can provide. Best practices for designing and implementing a DMZ is followed with a section on IDS and IPS systems that includes an in-depth look at SNORT for network monitoring. The course concludes with log analysis and management best practices.

Training Purpose: Skill development

Specialty Area: Computer Network Defense Infrastructure Support, Network Services, Systems Security Analysis, System Administration

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2013

+ Course Modules/Units
 
Demilitarized Zone (DMZ) Introduction
DMZ Architecture
DMZ Components: Firewalls Part 1 of 2
DMZ Components: Firewalls Part 2 of 2
Setting up a DMZ using IPTables Demo
DMZ Components: IDS
DMZ Components: IDS/IPS Placement
DMZ Components: Proxy Servers
DMZ Components: Network Servers
DMZ Architectures
Attacking the DMZ Part 1 of 2
Attacking the DMZ Part 2 of 2
DMZ Attack Types Part 1 of 2
DMZ Attack Types Part 2 of 2
DMZ: Open Source vs Commercial Implementations
DMZ: Software Subscription Services
Open Source DMZ Tools Part 1 of 2
Open Source DMZ Tools Part 2 of 2
Proxy Concepts
DNS Concepts
Web Server Concepts
E-mail Relay and VPN Concepts
DMZ and Commercial Software - Part 1
DMZ and Commercial Software - Part 2
Security Capabilities in a DMZ
Security Capabilities in Procmail Demo
Network Security Appliances IDS
Snort Intro and Overview
Using BASE w Snort DB
Snort Demo
Log Mgmt and Analysis Concepts
SYSLOG Basics
Using Swatch Overview
Log Management Best Practices
Proxy and DNS Log File Concepts
Analyzing Proxy and DNS Log Files
DMZ with IDS/IPS Course Quiz
New Course OfferingThe Election Official as IT Manager 4 HoursSkill Level: Basic  
+ Description
 In this course, you will learn why Election Officials must view themselves as IT systems managers, and be introduced to the knowledge and skills necessary to effectively function as an IT manager. The course includes a review of Election Systems, Election Night Reporting, and Interconnected Election Systems vulnerabilities and liabilities. The course also covers Social Media and Website best practices, vulnerabilities, and liabilities, and will also address Procuring IT, Vendor Selection, Testing and Audits, Security Measures, and Risk Assessments. In addition, the course also includes a review of resources available to the election community from the Department of Homeland Security.

Training Purpose: Management Development

Specialty Areas: Cybersecurity Management, Incident Response, Risk Management

Training Proficiency Area: Level 1 - Basic

Capture Date: 2018

+ Course Modules/Units
 
Professionalizing Election Admin Intro
Being an IT Manager
Election Systems
Technology and the Election Office
Procuring IT
Testing and Audits
Election Security
Principles of Information Security
Physical Security
Cybersecurity and Elections
Human Security
Risk Management and Elections
Incident Response Scenarios and Exercises
Phishing and Elections
DDOS Attacks and Elections
Website Defacing
Election Infrastructure Security
DHS Cyber Security Tools and Services
EAC Resources
Emerging Cyber Security Threats 12 HoursSkill Level: Intermediate  
+ Description
 This course covers a broad range of cyber security elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. This course will cover what policy is, the role it plays in cyber security, how it is implemented, and cyber security laws, standards, and initiatives. Topics include cyber security policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.

Training Purpose: Skill Development

Specialty Areas: System Administration, Technology Demonstration, Vulnerability Assessment and Management, Strategic Planning and Policy Development, Cyber Threat Analysis

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2010

+ Course Modules/Units
 
Introduction to Cybersecurity Policy
Types of Security Policy
Policy Education and Implementation
Cybersecurity Laws
Proposed Legislation
NIST Cybersecurity Standards
Other Cybersecurity Standards
Comprehensive National Cybersecurity Initiatives (CNCI)
Other Federal Cybersecurity Initiatives
Implementing Cybersecurity Initiatives
SPAM
Malware Trends
Botnets
Monetization
Cyber Attack Profiles
Cyber Crime
Cyberwarfare
Cyber Attack Attribution
Cyber Threat Mitigation
Mobile Device Trends
Mobile Device Threats
Mobile Device Countermeasures
Exploited Threats
What is Cloud Computing?
Technical Risks
Operational Risks
Risk Mitigation Strategies
DISA Cloud Solutions
RFID Introduction
RFID Threats
RFID Countermeasures
Exploited Threats
Introduction and MAC Address Monitoring
MAC Address Spoofing
Managing Traffic Flows
VLANs and Security
802.1x Port Authentication
Network Admission Control
Securing STP
Securing VLANs and VTP
Introduction and Edge Security Traffic Design
Blocking DoS and DDoS Traffic
Specialized Access Control Lists
Routers with Firewalls
Beyond Firewalls: Inspecting Layer 4 and Above
Securing Routing Protocols and Traffic Prioritization
Securing Against Single Point of Failures
Physical and Operating System Security
Management Traffic Security
Device Service Hardening
Securing Management Services
Device Access Hardening
Device Access Privileges
Name Resolution Introduction
Name Resolution and Security
DNS Cache
DNS Security Standards and TSIG
DNSSEC
Migrating to DNSSEC
Issues with Implementing DNSSEC 1
Issues with Implementing DNSSEC 2
IPv6 Concepts
IPv6 Threats
IPv6 Network Reconnaissance
DEMO: IPv6 Network Reconnaissance
IPv6 Network Recon Mitigation Strategies
IPv6 Network Mapping
DEMO: IPv6 Network Mapping
IPv6 Network Mapping Mitigation Strategies
IPv6 Neighbor Discovery
DEMO: IPv6 Address Assignment
IPv6 Attacks
DEMO: IPv6 Alive Hosts
DEMO: IPv6 Duplicate Address Detection (DAD)
DEMO: IPv6 DAD Denial of Services (DOS)
DEMO: IPv6 Fake Router Advertisement
DEMO: IPv6 Man-in-the-middle
IPv6 Attack Mitigation Strategies
IPv6 Tunneling
IPv6 Windows Teredo Tunneling
IPv6 Tunneling Mitigation Strategies
IPv6 Best Practices
Foundations of Incident Management 10.5 HoursSkill Level: Basic 
+ Description
 This course provides an introduction to the basic concepts and functions of incident management. The course addresses where incident management activities fit in the information assurance or information security ecosystem and covers the key steps in the incident handling lifecycle with practices to enable a resilient incident management capability.

Learning Objectives:

  • Explain the role of incident management
  • Distinguish between incident management and incident handling
  • Outline the incident handling lifecycle
  • Identify key preparations to be established to facilitate incident handling
  • Distinguish between triage and analysis
  • Identify the basic steps in response
Training Purpose: Functional Development

Specialty Areas: Computer Network Defense Analysis, Incident Response, Threat Analysis

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
Foundations of Incident Management Course Intro
Framing The Need For Incident Management
Incident Management Terms and Processes
Institutionalizing Incident Management Capabilities
Stakeholders in Incident Management
CERT and Other’s Perspective on Threats and Trends
Incident Management Terminology
Incident Management Attack Classes and Actors
Incident Management Malware and DoS Examples
Incident Management Prevention, Detection, and Response
Incident Handling Lifecycle - Prepare
Incident Handling Information
Analyzing Attack Information
Incident Management Monitoring Tools
Incident Management Detection Process
Process to Support Incident Detection and Reporting
What is Situational Awareness?
Non Technical Elements of Situational Awareness
Technical Elements of Situational Awareness
Using Sensors for Requirements Gathering
Incident Handling Lifecycle: Analysis
Incident Handling Lifecycle: Triage
Questions Addressed in Triage
Objectives of Incident Analysis
Tasks of Incident Analysis Part 1 of 2
Tasks of Incident Analysis Part 2 of 2
Data Sources for Analysis
Examples of Data Sources for Analysis
Incident Analysis Exercise Scenario
Preparing For Impact Analysis
Conducting Impact Analysis
Response and Recovery Part 1 of 2
Response and Recovery Part 2 of 2
Mission of the Response Process
Coordinating Response Part 1 of 2
Coordinating Response Part 2 of 2
Sample Attack Mitigations
Benefits and Motivations of Information Sharing
Methods of Information Sharing
Data Models for Information Sharing
STIX/TAXII Protocol
Foundations of Incident Handling Course Summary
Foundations of Incident Management Course Exam
Introduction to Threat Hunting Teams 1.5 hoursSkill Level: Basic  
+ Description
 This course provides basic definitions, activities, and examples of teams hunting threats in the cyber domain. The course addresses the differences between hunting team activities and those of incident management teams or penetration testing teams. The content covers how hunting teams establish goals, methods used by threat hunting teams, and sources available to help read and interpret the threat landscape.

Training Purpose: Skill development

Specialty Areas: Computer Network Defense Analysis, Threat Analysis, Vulnerability Assessment and Management

Training Proficiency Area: Level 1 - Basic

Capture Date: 2016

+ Course Modules/Units
 
Defining Threat Hunting
Examples and Goals of Threat Hunting
Differences Between Hunt Teams and Other Cyber Teams
Threat Landscape
Types of Threat Modeling
Hunting Methods on Networks
Teaming and Automation Example
Threat Hunting Teams Course Exam
New Course OfferingISACA Certified Information Security Manager (CISM) Prep 11 HoursSkill Level: Intermediate  
+ Description
 The ISACA Certified Information Security Manager (CISM) certification prep self-study resource helps prepare candidates to sit for the management-focused CISM exam, and strengthens students information security management expertise through in-depth lecture topics, reinforcing demonstrations, and practice exam. The course includes concepts from the four job practice areas of the 2017 CISM certification: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.
Learning Objectives:
  • Explain how information security governance and supporting processes are used to align security strategy with organizational goals and objectives.
  • Detail strategies to manage risk to an acceptable level in support of organization goals and objectives.
  • Describe the information security program's role in the organization's security posture by managing and protecting assets while supporting goals.
  • Detail means to minimize the impact to operations in the event of a security incident through establishing detection, response and recovery capabilities.
Training Purpose: Skill Development
NICCS Specialty Areas:
  • Cybersecurity Management (Oversee and Govern)
  • Systems Analysis (Operate and Maintain)
  • Program/Project Management and Acquisition (Oversee and Govern)
  • Vulnerability Assessment and Management (Protect and Defend)

Training Proficiency Area: Level 2- Intermediate
+ Course Modules/Units
 
CISM Course Introduction
IS Governance Domain Overview
Information Security (IS) Management
Importance of IS Governance Part 1 of 2
Importance of IS Governance Part 2 of 2
IS Management Metrics
ISM Strategy Part 1 of 2
ISM Strategy Part 2 of 2
Elements of IS Strategy
IS Action Plan for Strategy
DEMO: Key Goal, Risk, Performance Indicator
Risk Management Overview and Concepts
Risk Management Implementation
Risk Assessment: Models and Analysis
DEMO: Calculating Total Cost of Ownership
DEMO: Recovery Time Objective (RTO)
Compliance Enforcement
Risk Analysis: Threat Analysis
IS Controls and Countermeasures
Other Risk Management Considerations Part 1 of 2
Other Risk Management Considerations Part 2 of 2
DEMO: Cost Benefit Analysis
Information Security Program Development
Information Security Program Management
Outcomes of Effective Management
IS Security Program Development Concepts
Scope and Charter of IS Program Development
IS Management Framework
IS Framework Components
IS Program Roadmap
Organizational Roles and Responsibilities
Information Security Manager Responsibilities
Other Roles and Responsibilities in IS
Information Security Program Resources
IS Personnel Roles and Responsibilities
IS Program Implementation Part 1 of 2
IS Program Implementation Part 2 of 2
Implementing IS Security Management Part 1 of 2
Implementing IS Security Management Part 2 of 2
Measuring IS Management Performance
Common Challenges to IS Management
Determining the State of IS Management
Incident Management and Response
Incident Management Part 1 of 2
Incident Management Part 2 of 2
IMT IRT Members
Incident Response Planning Part 1 of 2
Incident Response Planning Part 2 of 2
DEMO: Phishing Emails
DEMO: Incident Management Workflow
Recovery Planning Part 1 of 2
Recovery Planning Part 2 of 2
DEMO: RTIR Incident Response Tool Part 1 of 2
DEMO: RTIR Incident Response Tool Part 2 of 2
CISM Practice Exam
(ISC)2 (TM) CAP Certification Prep Self Study 2014 11 HoursSkill Level: Intermediate 
+ Description
 This certification prep course is designed to help prepare students for the Information Security Certification (ISC)2 Certified Authorization Professional (CAP) certification exam as well as strengthen their knowledge and skills in the process of authorizing and maintaining information systems. Topics include understanding the Risk Management Framework (RMF), selection, implementation, and monitoring of security controls as well as the categorization of information systems. The course includes a practice exam.

Training Purpose: Skill development

Specialty Areas: Cybersecurity Management, Cyber Defense Infrastructure Support, Vulnerability Assessment and Management

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2014

+ Course Modules/Units
 
CAP Course Introduction
Risk Management Approach to Security Authorization
Risk Management Framework Steps
Risk Management Framework Phases
RMF Roles and Responsibilities
Organization Wide Risk Management
Managing Risk
Assessor Independence and External Environments
System Development Life Cycle
Alignment of RMF with SDLC Review
RMF Legal and Regulatory Requirements
NIST Publications
Continuous Monitoring Strategies
RMF Guidance Review
Defining Categorization
Categorization Examples
Categorization Process
Security Plans and Registration
Categorize
Selection Step Tasks
Selection Step Definitions
Security Controls Guidance
Privacy and Security Controls
Control Selection and Supplemental Guidance
Tailoring Security Controls
Control Assurance and Monitoring
Control Assurance and Monitoring - Continued
Select
Implementing Security Controls Overview
Integrating Implementation
Implement
Preparing for Control Assessments
Conducting Control Assessments
Security Assessment Report
Remediation Actions and Process Review
Assess
Authorization Documentation
Risk Determination and Acceptance Part 1 of 3
Risk Determination and Acceptance Part 2 of 3
Risk Determination and Acceptance Part 3 of 3
Authorization Decisions
Prioritized Risk Mitigation and Authorization Review
Authorize
Assessments and Configuration Management
Ongoing Security Control Assessments
Monitor
CAP Certification Prep Practice Exam
LAN Security Using Switch Features 2 HoursSkill Level: Intermediate 
+ Description
 In this course, students learn different methods of how to secure Local Area Networks (LANs) at the connectivity level. Topics include: monitoring media access control (MAC) addresses and port security, limiting MAC & IP spoofing, controlling traffic flows, implementing and enhancing security in virtual local area netorks (VLANs), enabling authentication on connection points, and determining host security health. Examples are used throughout to reinforce concepts

Training Purpose: Skill Development

Specialty Areas: System Administration, Systems Security Analysis, Vulnerability Assessment and Management, Cyber Threat Analysis

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2010

+ Course Modules/Units
 
Introduction and MAC Address Monitoring
MAC Address Spoofing
Managing Traffic Flows
VLANs and Security
802.1x Port Authentication
Network Admission Control
Securing STP
Securing VLANs and VTP
Linux Operating System Security 9 HoursSkill Level: Advanced 
+ Description
 This course introduces students to the security features and tools available in Linux as well as the considerations, advantages, and disadvantages of using those features. The class will be based on Red Hat Linux and is designed for IT and security managers, and system administrators who want to increase their knowledge on configuring and hardening Linux from a security perspective.

Training Purpose: Skill Development

Specialty Areas: Vulnerability Assessment and Management, Systems Security Analysis, System Administration

Training Proficiency Area: Level 3 - Advanced

Capture Date: 2013

+ Course Modules/Units
 
Linux OS Security Introduction
Booting Linux
Linux Recovery
Linux Startup Scripts
Linux Startup Processes
Linux Runlevels Demo
Chkconfig_and_Upstart Demo
Linux Processes and Signals
Linux Process Monitoring
PS_and_Netstat Demo
Linux PS and TOP Demo
Working with Linux PIDs
Linux File System Overview
Linux File Security
Linux File Access Controls
File Integrity Demo
Linux Kernel Tuning
Linux Host Access Controls
Linux User and Group Definition
User Management
Linux Privilege Escalation
Sudoers Demo
Linux Authentication Methods
Linux Viruses and Worms
Linux Trojan Horses
Linux Rootkits
Linux Misconfigurations
Linux Software Vulnerabilities
Linux Social Engineering
Linux Automated Installation
Managing Linux Packages
Package Management Tools Demo
Repositories and System Management
Custom Repository Demo
Linux IPv4 and IPv6
Linux Network Configuration
Linux Tunneling
Kernel Tuning Demo
Linux X11 Forwarding
Linux File Sharing
Linux Grand Unified Bootloader (GRUB)
Configuring GRUB Demo
Security Enhanced Linux
Introduction to IPTables
IPTables Rules
IPFilter
Linux Packet Sniffers
Linux NIDS
Linux HIDS
Linux Antivirus
Linux Secure Shell
Linux Log Management
Linux Scripting Basics
BASH Scripting Demo
IF Statements
Pipes and Redirection
Variables and Regular Expressions
Custom Scripting
Linux Hardening
NSA Hardening Guides
National Vulnerability Database (NVD)
Common Vulnerabilities and Exposures (CVE)
Vulnerability Scanning
Linux Operating System Security Quiz
Radio Frequency Identification (RFID) Security 1 HourSkill Level: Intermediate 
+ Description
 This course will cover securing radio frequency identification (RFID), different components of RFID, how it works, applications in which it is being used, benefits and weaknesses, and the communication range over which it works will be reviewed. Students will learn specific concerns with RFID, recommendations for RFID, and security issues that have come to light.

Training Purpose: Skill Development

Specialty Areas: System Security Analysis, Vulnerability Assessment and Management

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2010

+ Course Modules/Units
 
RFID Introduction
RFID Threats
RFID Countermeasures
Exploited Threats
Securing Infrastructure Devices 1 HourSkill Level: Intermediate  
+ Description
 This course covers physical security, operating system security, management traffic security, device service hardening, securing management services and device access privileges.

Training Purpose: Skill Development

Specialty Areas: Enterprise Architecture, Network Services, System Administration, Computer Network Defense Infrastructure Support, Systems Security Analysis

Training Proficiency Level: Level 2 - Intermediate

Capture Date: 2010

+ Course Modules/Units
 
Physical and Operating System Security
Management Traffic Security
Device Service Hardening
Securing Management Services
Device Access Hardening
Device Access Privileges
Securing the Network Perimeter 1 HourSkill Level: Intermediate 
+ Description
 This course covers edge security traffic design, blocking Denial of Service / Distributed Denial of Service (DoS/DDoS) traffic, specialized access control lists, routers and firewalls, securing routing protocols, securing traffic prioritization and securing against Single Point of Failure (SPOF).

Training Purpose: Skill Development

Specialty Areas: Network Services, Computer Network Defense, Incident Response, Digital Forensics, Systems Security Analysis

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2010

+ Course Modules/Units
 
Introduction and Edge Security Traffic Design
Blocking DoS and DDoS Traffic
Specialized Access Control Lists
Routers with Firewalls
Beyond Firewalls: Inspecting Layer 4 and Above
Securing Routing Protocols and Traffic Prioritization
Securing Against Single Point of Failures
Security and DNS 1 HourSkill Level: Advanced 
+ Description
 This course discusses name resolution principles, name resolution and security, DNS security standards, securing zone transfers with Transaction Signature (TSIG), and DNS Security Extension (DNSSEC) principles, implementation and resources.

Training Purpose: Skill Development

Specialty Areas: Enterprise Architecture, Network Services, System Administration

Training Proficiency Area: Level 3 - Advanced

Capture Date: 2010

+ Course Modules/Units
 
Name Resolution Introduction
Name Resolution and Security
DNS Cache
DNS Security Standards and TSIG
DNSSEC
Migrating to DNSSEC
Issues with Implementing DNSSEC 1
Issues with Implementing DNSSEC 2
SiLK Traffic Analysis 7 HoursSkill Level: Intermediate 
+ Description
 This course is designed for analysts involved in daily response to potential cyber security incidents, and who have access to the Einstein environment. The course begins with an overview of network flow and how the SiLK tools collect and store data. The next session focuses specifically on the Einstein environment. The basic SiLK tools are covered next, giving the analyst the ability to create simple analyses of network flow. Advanced SiLK tools follow, and cover how to create efficient and complex queries. The course culminates with a lab where students use their new skills to profile a network.

Training Purpose: Skill Development:

Specialty Areas: Cybersecurity Management, Cyber Defense Infrastructure Support, Vulnerability Assessment and Management

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2013

+ Course Modules/Units
 
Introduction to SiLK
iSiLK
What is Network Flow?
Interpreting SiLK Network Flow
SiLK Flows
SiLK Traffic Analysis Quiz 1
The SiLK Repository
Basic SiLK Tools
SiLK Traffic Analysis Quiz 2
rwfilter
rwfilter Examples
rwfilter Demo
rwfilter Continued
SiLK Traffic Analysis Quiz 3
rwcount
rwcount Demo
rwstats
rwstats Demo 1
rwstats Continued 1
rwstats Demo 2
rwstats Continued 2
rwuniq
SiLK Traffic Analysis Quiz 4
PySiLK
Python Expressions and SilkPython
SiLK Traffic Analysis Quiz 5
IP Sets
Bags
SiLK Traffic Analysis Quiz 6
Prefix Maps
Tupples
SiLK Traffic Analysis Quiz 7
rwgroup
rwmatch
SiLK File Utilities
IPv6 in SiLK
SiLK Traffic Analysis Quiz 8
Network Profiling Introduction
Windows Operating System Security 16 HoursSkill Level: Intermediate 
+ Description
 This course introduces students to the security aspects of Microsoft Windows. The class begins with an overview of the Microsoft Windows security model and some of the key components such processes, drivers, the Windows registry, and Windows kernel. An overview of the users and group permission structure used in Windows is presented along with a survey of the attacks commonly seen in Windows environments. Patching, networking, and the built-in security features of Windows such as the firewall, anti-malware, and BitLocker are all covered in light detail.

Training Purpose: Skill Development

Specialty Area: Vulnerability Assessment and Management, Systems Security Analysis, System Administration

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2012

+ Course Modules/Units
 
Windows OS Security Course Introduction
Windows Security Module Introduction
Windows Architecture Overview
Windows Subsystems Part 1 of 2
Windows Subsystems Part 2 of 2
Windows Security Development Lifecycle
Windows API
Windows Registry
Viewing Windows Registry Demo
Windows Services Part 1 of 2
Windows Services Demo
Windows Services Part 2 of 2
Multi-tasking
Sessions, Windows Stations and Desktops
Programs and Drivers Part 1 of 2
Reviewing Drivers in Windows
Programs and Drivers Part 2 of 2
Updating Widows Drives Demo
Applications, Processes, and Threads
Buffer Overflow Protection
Authenticode Part 1 of 2
Digital Certificate Details Demo
Authenticode Part 2 of 2
Windows Action Center
Windows Users and Groups Introduction
User Account Control
Windows Users and Groups Part 1 of 2
Windows Users and Groups Part 2 of 2
Windows Interactive Logon Process
NTLM Authentication Overview
Kerberos Authentication Overview
Types of Authentication
File Permissions
Dynamic Access Controls
Threats and Vulnerabilities Introduction
OS Vulnerabilities
CVE Details Demo
CVE Samples
Misconfigurations
Password Configuration Options
Password DDOS Demo
Common Misconfigurations
CCE and the NVD Demo
Social Engineering
Viruses and Worms
Impersonation
Microsoft Updates and Patching Process Part 1 of 2
Double Decode
Microsoft Updates and Patching Process Part 2 of 2
Securing the Update Process
Update Process Circumvention
Windows Server Update Service
Internet Explorer Patching
Windows Network Connectivity
Windows Network Profiles
Windows Network Adapter Settings
Windows Wireless Settings
Windows Networking Protocols
Other Windows Protocols
Microsoft VPN Part 1 of 2
Microsoft VPN Part 2 of 2
Microsoft Network Access Protection Part 1 of 2
Microsoft Network Access Protection Part 2 of 2
How to Configure Windows Update Settings Demo
Windows Security Features Introduction
Windows Firewall
Windows Firewall Wizard Demo
Windows Firewall with Advanced Security
Windows Firewall with Advanced Security Demo
Configuring Windows Firewall Demo
Windows Defender
Windows AD and PKI Demo
Windows Active Directory Certificate Services
Windows Group Policy
Windows AppLocker
Configuring And Using App Locker Demo
Windows BitLocker
Configuring And Using Bitlocker Demo
Windows Secure Boot
Windows Security Auditing
Windows Audit Settings and Examples
SCW Introduction
Hardening Windows Introduction
Windows Templates
Microsoft Baseline Security Analyzer
Microsoft Security Configuration Wizard
Microsoft Security Compliance Manager
Hardening with Group Policy
NVD Search Demo
Other Guidelines and Recommendations
Using Windows Mgmt Intstrumentation Demo
Using The Security Config Wizard Demo
PowerShell Introduction
PowerShell Key Commands
PowerShell Demo
Administrative Functions with PowerShell
Computer and Network Management with PowerShell
Basic Scripts in PowerShell
PowerShell Security Settings and Configurations
Using Powershell Demo
Windows OS Security Quiz
Wireless Network Security (WNS) 9 HoursSkill Level: Intermediate 
+ Description
 The purpose of the Wi-Fi Communications and Security course is to teach the technologies of the 802.11 family of wireless networking, including the principles of network connectivity and network security.

Training Purpose: Skill Development

Speciality Areas: Enterprise Architecture, Network Services, System Administration, Customer Service and Technical Support, Computer Network Defense Infrastructure Support

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2013

+ Course Modules/Units
 
Wi-Fi Communication and Security Intro
How Wi-Fi Became Ubiquitous
Wi-Fi Standards - 802.11b
Wi-Fi Standards - 802.11a
Wi-Fi Standards - 802.11g n and ac
Bluetooth Standards
WiMAX Standards
LTE HSPA EvDO Network Types
Spread Spectrum Technology
802.11 Transmissions and Wireless Channels
802.11 Data Rates
Wireless Network Topologies
Wireless Network Hardware
RF Propagation Principles
Impacts on Signal Radiation
Signal Propagation and Objects
Additional Signal Effects
Measuring Signal Strength
Signal Strength and Antennas
Wireless Coverage and Frequency Reuse
Wireless Network Design Issues
Wireless Modes and Service Sets
Wireless Authentication and Association
Wireless and Roaming 1 of 2
Wireless and Roaming 2 of 2
Enterprise 802.11 Solutions
Key Points of CAPWAP
Advantages of CAPWAP
CAPWAP Demo
802.11 Security Flaws
Fixing 802.11 Security
802.1x Authentication Protocols
Additional Issues with 802.11 Encryption
Additional 802.11 Security Measures
Other Wireless Threats
Wireless Best Practices
Wireless Network Assessment Part 1 of 2
Wireless Network Assessment Part 2 of 2
Wireless Network Security Quiz