Visão Geral

O curso Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) - 300-215 está associado ao Cisco CyberOps Professional Certification. A certificação Cisco® Certified CyberOps Professional dá-lhe conhecimentos e competências para além de simples firewalls e software antivírus, permitindo-lhe tornar-se um profissional CyberOps especializado. Para obter a sua certificação Cisco Certified CyberOps Professional, deve passar no exame principal, 350-201 Performing CyberOps Using Cisco Security Technologies (CBRCOR), e no exame de concentração 300-215 Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR).

Objetivo

Após concluir o Curso Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR), você será capaz de:

• Processo de resposta a incidentes e livros didáticos
• Resposta avançada a incidentes
• Ameaçar a inteligência
• Conceitos forenses digitais
• Recolha e análise de provas
• Princípios da engenharia inversa

Publico Alvo

• Centro de Operações de Segurança - Analista de Segurança
• Defesa da Rede Informática - Analista
• Defesa de Redes de Computadores - Pessoal de Apoio à Infra-estrutura
• Futuros Responsáveis por Incidentes e pessoal do Centro de Operações de Segurança (SOC)
• Estudantes que iniciam uma carreira entrando no campo da ciber-segurança
• Pessoal de TI que procura saber mais sobre a área de operações de ciber-segurança
• Parceiros do Canal Cisco

Informações Gerais

Carga Horária: 40h

• Se noturno este curso é ministrado de Segunda-feira à sexta-feira, das 19h às 23h
• Se aos sábados este curso é ministrado das 9h às 18h
• Se in-company por favor fazer contato para mais detalhes.

Formato de entrega: 

• 100% on-line ao vivo, via Microsoft Teams na presença de um instrutor/consultor ativo no mercado.
• Nota: não é curso gravado. 

Lab:

• Laboratório + Exercícios práticos

Materiais

Conteúdo Programatico

Fundamentals

1. Analyze the components needed for a root cause analysis report
2. Describe the process of performing forensics analysis of infrastructure network devices
3. Describe antiforensic tactics, techniques, and procedures
4. Recognize encoding and obfuscation techniques (such as, base 64 and hex encoding)
5. Describe the use and characteristics of YARA rules (basics) for malware identification, classification, and documentation
6. Describe the role of:
7. Describe the issues related to gathering evidence from virtualized environments (major cloud vendors)

Forensics Techniques

1. Recognize the methods identified in the MITRE attack framework to perform fileless malware analysis
2. Determine the files needed and their location on the host
3. Evaluate output(s) to identify IOC on a host
4. Determine the type of code based on a provided snippet
5. Construct Python, PowerShell, and Bash scripts to parse and search logs or multiple data sources (such as, Cisco Umbrella, Sourcefire IPS, AMP for Endpoints, AMP for Network, and PX Grid)
6. Recognize purpose, use, and functionality of libraries and tools (such as, Volatility, Systernals, SIFT tools, and TCPdump)

Incident Response Techniques

1. Interpret alert logs (such as, IDS/IPS and syslogs)
2. Determine data to correlate based on incident type (host-based and network-based activities)
3. Determine attack vectors or attack surface and recommend mitigation in a given scenario
4. Recommend actions based on post-incident analysis
5. Recommend mitigation techniques for evaluated alerts from firewalls, intrusion prevention systems (IPS), data analysis tools (such as, Cisco Umbrella Investigate, Cisco Stealthwatch, and Cisco SecureX), and other systems to responds to cyber incidents
6. Recommend a response to 0 day exploitations (vulnerability management)
7. Recommend a response based on intelligence artifacts
8. Recommend the Cisco security solution for detection and prevention, given a scenario
9. Interpret threat intelligence data to determine IOC and IOA (internal and external sources)
10. Evaluate artifacts from threat intelligence to determine the threat actor profile
11. Describe capabilities of Cisco security solutions related to threat intelligence (such as, Cisco Umbrella, Sourcefire IPS, AMP for Endpoints, and AMP for Network)

Forensics Processes

1. Describe antiforensic techniques (such as, debugging, Geo location, and obfuscation)
2. Analyze logs from modern web applications and servers (Apache and NGINX)
3. Analyze network traffic associated with malicious activities using network monitoring tools (such as, NetFlow and display filtering in Wireshark)
4. Recommend next step(s) in the process of evaluating files based on distinguished characteristics of files in a given scenario
5. Interpret binaries using objdump and other CLI tools (such as, Linux, Python, and Bash)

Incident Response Processes

1. Describe the goals of incident response
2. Evaluate elements required in an incident response playbook
3. Evaluate the relevant components from the ThreatGrid report
4. Recommend next step(s) in the process of evaluating files from endpoints and performing ad-hoc scans in a given scenario
5. Analyze threat intelligence provided in different formats (such as, STIX and TAXII)