Zveme vás na Security Day* Ultimate Hacking and Forensics Experience for IT Pros, který proběhne 17. 9. 2019 pod vedením mezinárodně uznávané bezpečnostní expertky Pauly Januszkiewicz.
Security Day* není součástí HackerFestu.
Are there any attacks that are effective, reliable and almost always work? Of course! Even though an organization manages well the infrastructure, patches are regularly installed, network is monitored – there are attacks that are still working perfectly as it is really a matter of misconfiguration rather than serious security vulnerability. Could cloud technologies help it? Are Office 365, Azure secure? How to measure it? Is it worth to move some of the services to the cloud and mitigate the risk of breach? The problem is that some infrastructure mechanisms relay on type of communication used within the attacks and they use it for the normal communication: single sign-on authentication, service accounts, network sharing etc. and in vast majority of organizations that can be leveraged! Join Paula during this seminar to become familiar what are the biggest mistakes in infrastructure security that from the attacker perspective can be pretty much always exploited and leave the conference with suggestions & ideas how to reach the next level of security in your workspaces.
Note: Security Day is seminar BYOD type (nothing pre-installed is needed, no virtual labs), students will have an opportunity to follow Paula’s live hacking demos and after the Security Day participants receive certificate and recognition from world renowned CQURE Academy. There is a recommendation to participants to have some knowledge of security concepts, such as operating system services and architecture. However, all required concepts will be covered throughout the Security Day.
Authors’ unique tools, presentation slides with notes, seminar instructions. Materials will be sent till the end of October 2019.
Network administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.
At the end participants will receive the online Certificate of attendance signed by the CQURE Speaker.
08:30 - 09:00 Registration
09:00 - 10:00 Module 1
10:00 - 10:15 Coffee break (drinks & snack)
10:15 - 11:15 Module 2
11:15 - 12:15 Lunch MAPKA RESTAURACÍ A OBCHODŮ V OKOLÍ KE STAŽENÍ ZDE
12:15 - 13:15 Module 3
13:15 - 13:30 Coffee break (drinks)
13:30 - 14:30 Module 4
14:30 - 14:45 Coffee break (drinks & snack)
14:45 - 15:45 Module 5
15:45 - 16:00 Coffee break (drinks)
16:00 - 16:30 Module 6
Module 1: Defining the Role of Security Solutions in the Infrastructure
This module highlights the role of security in digital transformation initiatives and allows for better understanding of the impact that mobility and cloud have on the organization.
1. Security in hybrid environments
2. Zero trust networks as a new network security paradigm
3. Security management automation
4. Windows Subsystem for Linux
5. Exploit Guard
5. Aspects of security monitoring and incident response
Module 2: The meaning of the Kill-Chain
In Module 2, you will learn techniques used by modern malware. For ransomware and other types of malware observed in the wild, the whole kill chain has changed over years to reach its current form. And your defense should change too.
1. Application Whitelisting (AppLocker, Device Guard)
2. Whitelisting implementation best practices
3.Code signing techniques
4.Cloud-based protection against malware
5. Supporting attacks detection with Machine Learning
6.Implementing account scoping
7. Good practices for implementing Local Admin Password Solution
8. Cloud based monitoring
Module 3: Identity as a perimeter. Attacks and defense.
This module involves various attacks on identity, mitigations and risk assessment factors.
1. Decrypting passwords from storage locations
2. Credential Guard (Virtual Secure Mode)
3. Multi-factor Authentication
4. Stealing passwords and tokens from OS memory
5. Meaning of SYSTEM and SECURITY registry hives
6. Extracting hashes from SAM and NTDS.dit databases
7. Kerberos and NTLMv2 issues
8. Performing the Pass-The-Hash attack
9. Cached logons (credentials) security
10. Data Protection API (DPAPI) as a foundation for Windows cryptography
Module 4: Implementing threat prevention and detection through a comprehensive platform in the Hybrid environments
In this module you will become familiar with important aspects of cloud security including easy to use solutions, integration with the current environment and monitoring tools.
1. Information Protection issues
2. Classification and protection of data
3. Azure Information Protection
4. Microsoft Operations Management Suite
5. Active Directory and Azure AD security
6. Azure AD Privileged Identity Management
7. Multi Factor Authentication with Azure
8. Cloud Access Security Broker (CASB)
9. Windows Defender Advanced Threat Protection
10. Advanced Threat Analytics
11. Azure Advanced Threat Protection
12. Office Advanced Threat Protection
13. Protecting against virtualization platform issues – Shielded VMs
14. Storage Encryption
15. Azure Key Vault
16. Just Enough Administration
17. Desired State Configuration
18. ESAE: Red Forest
19. Privileged Access Management
Module 5: Securing Monitoring Operations and Forensics
Starting from analysis of available monitoring solutions, ending up with designing the secure monitoring process.
1. Industry Best Practices
2. Critical Security Controls
3. Host, Port and Service Discovery
4. Vulnerability Scanning
5. Monitoring Patching, Applications, Service Logs
6. Detecting Malware via DNS logs
7. Monitoring Change to Devices and Appliances
8. Leveraging Proxy and Firewall Data
9. Configuring Centralized Windows Event
10. Log Collection
11. Monitoring Critical Windows Events
12. Detecting Malware via Windows Event Logs
13. Scripting and Automation
14. Importance of Automation
15. Role of Forensics Analysis in Incident Response
16. Forensic Readiness and Business Continuity
17. Computer Forensics Process
18. Collecting Electronic Evidence
19. Challenging Aspects of Digital Evidence
Module 6: Windows and Cloud Security Summary
Module covers discussion about solutions and implementations with top priorities. In this module we will focus especially on Hybrid environment and its security. Also, on how to combine different solutions on premise and cloud to get the most functionality and flexibility together with high security.
|Multikino CineStar Praha – Černý Most
Obchodní centrum Černý Most
Metro: Černý Most
Autobus: 240, 250, 296 – Černý Most
Zobrazit na mapě
|Microsoft Czech Republic and Slovakia
Zasedací místnost Praha
Vyskočilova 1561/4a, 140 00 Praha 4
Autobus č. 118, 124, 170 – zastávky Vyskočilova / Brumlovka
Zobrazit na mapě
|Venkovní i kryté parkoviště je ZDARMA.
|Na workshop doporučujeme příjezd MHD,
parkování není zajištěno.