Cyber Network Defense is a critical and evolving requirement for organizations large and small in the 21st century. There are a number of component courses available for various disciplines in the realm of CND; however, there are very few options for a CND crash-course bootcamp that covers topics relevant to the overarching mission of defending the home network. Many courses teach the fundamentals of incident response utilities, malware analysis, and reverse engineering. In practice, we find many “detection” tools have limited success rates and can be quite misleading – from basic antivirus to highly specialized memory and hooking analysis tools.
This course will cover the holistic approach to CND, beginning with intelligence ingestion and easing into network anomaly detection and advanced network forensics. Following the understanding of the network layer, the course will introduce key concepts of incident analysis by providing an in-depth introduction into incident response device forensics using freely available and commercially licensed tools of the trade. With incident analysis and network forensics under their belts, students will then immerse themselves in nearly a full day of static and dynamic reverse engineering to include topics like manual unpacking and deobfuscation of command and control protocols. To round out the training, students will be given a short training in incident reporting and will learn how to present technical findings to managerial and executive level personnel in a clear and concise manner.
Students should have an understanding of networking, and a basic concept of computer programming.
Laptop with Linux or OSX with a windows XP virtual machine.
Adam Meyers is a Senior Principal with the Products and Offerings Division of SRA International. Mr. Meyers serves as a senior subject matter expert for cyber threat and cyber security matters for a variety of SRA projects. Mr. Meyers provides both technical expertise at the tactical level and strategic guidance on overall security program objectives. Mr. Meyers has extensive experience in Penetration Testing, Security Engineering and Architecture, Wireless Communication, and Reverse Code Engineering. Mr. Meyers is a recognized speaker who has presented on topics ranging from high level business solutions to deep technical training including industry conferences such as RSA and CSI. He currently supports the Department of State Bureau of Diplomatic Security leading a reverse engineering and cyber threat analysis team charged with investigation and mitigation.
Gary Golomb is a Senior Research and Development Engineer at NetWitness Corporation, and has previously served as the founder and CEO of Proventsure, Director of R&D and Security Competitive Intelligence at Enterasys Networks, and lead IT Forensics Investigator for the George Washington University (GWU). At GWU, Mr. Golomb led projects analyzing thousands of the university's computers for Personally Identifiable Information, security configuration, and policy compliance, and network detection of malware and policy and regulation violations. Academically, Mr. Golomb worked in the field of bioinformatics, proteomics, and pharmacogenomics, and created algorithms for protein identification used in synthetic biomaterials and genome mapping. Mr. Golomb served in the U.S. Marine Corps as a Recon Marine in a direct action platoon in the 2nd Force Recon Company and deployed internationally as part of the Special Operations team of the 24th Marine Expeditionary Unit. Mr. Golomb has developed a number of patent-pending techniques for detecting various types of data and activity in data in motion and data at rest.
Brian Jack leads the research and development team at Sunbelt/GFI Labs for their malware analysis tools, CWSandbox/GFI Sandbox and ThreatTrack. His focus is on building automated analysis, detection, and prevention tools for web and non-executable threats. He is responsible for building GFI's internal automated high interaction honeyclient system, which can detect thousands of exploits and phishing sites per day. Prior to joining Sunbelt/GFI, he worked for Raytheon and PricewaterhouseCoopers focusing on cyber security, information operations, and compliance. Brian has presented at several conferences regarding automated malware and internet threat analysis. Brian currently holds CISSP, CEH, and GREM certifications.
Early: |
Regular: |
Late: |
Onsite: |
$2200 |
$2400 |
$2600 |
$3500 |