Building on the skills developed in the NFI1 course, students will learn how to use advanced features in tools such as Elastic, Wireshark, Zeek and Suricata, how to apply threat intelligence to enrich analysis and direct response actions, and how to identify and investigate more complex or hard-to-detect intrusions. This course covers malicious actions from across the attacker lifecycle, from initial reconnaissance and access through to activities such as data exfiltration and command-and-control traffic attributed to botnets or APTs.
- Identify and analyze events at all stages of the attack lifecycle
- Apply threat intelligence feeds to focus monitoring, investigation, and hunt activities
- Detect and investigate tunneling, botnet command and control traffic, and other forms of covert communications being employed in a network
- Use fingerprinting techniques to detect the use of encrypted traffic flows by malware or an active intruder
- Accurately correlate and reconstruct multiple stages of malicious activity in order to build a complete picture of the scope and impact of complex network intrusions