CyberOps Professional 300-220 CBRTHD
CyberOps Professional 300-220 CBRTHD
Eğitim Hakkında
Sertifika:
Eğitimlerimize %80 oranında katılım gösterilmesi ve eğitim müfredatına göre uygulanacak sınav/projelerin başarıyla tamamlanması durumunda, eğitimin sonunda dijital ve QR kod destekli “BT Akademi Başarı Sertifikası” verilmektedir.
Ön Koşul
.Eğitim İçeriği
- 1 Apply the Threat Hunting Maturity Model to an organization's environment, as it relates to the Pyramid of Pain
- 2 Describe threats and how to model them with standards such as MITRE ATT&CK, MITRE CAPEC, TaHiTI, and PASTA
- 3 Describe the limiting factors of detection tools for malware behavior, propagation, and detection
- 4 Describe the advantages and disadvantages of automation (such as artificial intelligence and machine learning) in the operation of a SOC
- 5 Determine differences in tactics, techniques, and procedures of an advanced persistent threat and threat actor using logs
- 6 Interpret a threat intelligence report and draw conclusions about a threat actor (known advanced persistent threat/commodity human-driven/commodity machine-driven)
- 6.a tactics
- 6.b techniques
- 6.c procedures
- 1 Select the threat modeling approach for a given scenario
- 2 Use MITRE ATT&CK to model threats (tactics, techniques, and procedures or changes in tactics, techniques, and procedures)
- 3 Describe the uses of structured and unstructured threat hunting
- 4 Determine the priority level of attacks based on the Cyber Kill Chain and MITRE ATT&CK
- 5 Determine the priority level of attacks based on the MITRE CAPEC model
- 6 Perform threat intelligence handling: gathering, cataloging, utilizing, and removing
- 1 Determine attack tactics, techniques, and procedures using logs
- 2 Interpret tactics, techniques and procedures of a given threat actor
- 3 Select the delivery method, payload, tactic, or timeline that indicates an authorized assessment or an attack (threat actor or penetration tester)
- 4 Determine usable artifacts for detection of advanced persistent threat actors at all levels of the Pyramid of Pain
- 4.a tactics
- 4.b techniques
- 4.c procedures
- 1 Use scripting languages (such as Python and PowerShell) to augment detection or analytics
- 2 Perform a cloud-native threat hunt
- 3 Determine undetected threats using endpoint artifacts
- 4 Determine the C2C communications to and from infected hosts using endpoint applications, processes, and logs
- 5 Select suspicious activity using session and protocol data
- 6 Determine the stage of infection within C2 communications using traffic data
- 7 Select weakness in code using code-level analysis tools (such as PE Checker, BURP Suite, and SEM Grep)
- 8 Describe the analysis process for applications and operating systems used by IoT devices
- 9 Describe memory-resident attacks and how to perform analysis using memory-specific tools (such as Volatility)
- 10 Construct a signature for detection or analysis
- 11 Recognize the likelihood of attack by an attack vector within a given environment
- 1 Describe the process to identify memory-resident attacks
- 2 Determine compromises by reverse engineering
- 3 Determine known and unknown gaps in detection
- 3.a vulnerabilities
- 3.b configuration errors
- 3.c threats
- 4 Interpret data from memory-specific tools
- 5 Construct a runbook or playbook to address a detectable scenario
- 6 Recommend tools, configurations, detection, and deception techniques for a given scenario
- 7 Recommend attack remediation strategies based on the results of a threat assessment
- 8 Recommend changes to improve the effectiveness and efficiency of a threat hunt
- 9 Recommend security countermeasures and mitigations for identified risks
- 1 Describe how multiproduct integration enhances data visibility within a product and accelerates analysis
- 2 Diagnose analytical gaps using threat hunting methodologies
- 3 Recommend a mitigation strategy to block C2 traffic
- 4 Recommend changes in hunt capability to advance to the next Threat Hunting Maturity Model phase
- 5 Recommend changes to a detection methodology to augment analytical and process gaps
- 6 Use presentation resources to convey findings and direct environmental change
Kazanımlar
.
