1 / 57

Red Team VS Blue Team LIVE Cybersecurity Battle | CySA & PenTest Skills

Watch Video on Cybersecurity Battle - http://tiny.cc/frxmqz<br><br>When discussing cybersecurity, the terms "Red team" and "Blue team" are often mentioned. Long associated with the military, these terms are used to describe teams that use their skills to imitate the attack techniques that "enemies" might use, and other teams that use their skills to defend. In cybersecurity, there isn't much difference.<br><br>In this session, the exciting Red Team & Blue team concept will be discussed and DEMO'ed using the knowledge, skills and abilities found in the CompTIA PenTest and CySA workforce skills certifications. Register now to watch this battle!<br><br>Agenda<br><br>Cybersecurity Landscape<br>"What's in" for Penetration testers & security analysts<br>EXCITING DEMO! Red team VS blue team concept<br>How to become a Cybersecurity Analyst (CySA )<br>How to become a Penetration Tester (PenTest )<br>Q&A session with the speaker

Netcomlearning11
Télécharger la présentation

Red Team VS Blue Team LIVE Cybersecurity Battle | CySA & PenTest Skills

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Red Team VS Blue Team LIVE Cybersecurity Battle CySA+ & PenTest+ Skills © 1998-2019 NetCom Learning Patrick Lane NetCom Learning | | www.netcomlearning.com info@netcomlearning.com 1-888-563-8266

  2. AGENDA Introductions Red team / blue team concept and penetration tester / security analyst job roles Cybersecurity Analyst job role (CySA+) Penetration Tester job role (PenTest+)

  3. WHY ARE RED TEAM / BLUE TEAM ACTIVITIES A NECESSITY?

  4. Red Team / Blue Team: The Relationship Why does the red team exist in the first place? To improve the blue team To create the right thresholds Responsible Why else would you pen test? Adjust tactics / strategy Penetration Testing / Vulnerability Assessment & Management Security Analysts vs

  5. Seminal Event: Target Hack of 2014 • Wake up call for the IT security world • Brought widespread attention to the “Advanced Persistent Threat” • Demonstrated that traditional security tools, such as firewalls and anti-virus, do not alone protect networks • Recent high-profile attacks at Yahoo! and Democratic National Committee (DNC)

  6. ITIL® V3 - All Processes • Characteristics: • Never stop • Often highly coordinated / state sponsored • Bad actors lurk on systems and networks • Hard to detect

  7. Lessons Learned We must apply behavioral analytics to IT networks to improve the overall state of cybersecurity We must focus on network behavior in an organization’s interior network We must identify network anomalies that indicate bad behavior We must train IT security professionals security analyst skills, which include: Threat management Vulnerability management Cyber incident response Security and architecture tool sets

  8. Lessons Learned (cont’d) We must be proactive with cybersecurity Go on the offensive against your own network. Use penetration testing to find system vulnerabilities before the bad actors do. Based on the penetration testing results, fix and manage the vulnerabilities. We must train IT security professionals penetration skills, which include: Planning and Scoping Information Gathering Vulnerability Identification Attacks and Exploits Penetration Testing Tools Reporting and Communication 16%

  9. Red Team / Blue Team Example Penetration testing (red team) and security analyst (blue team) hands-on cybersecurity skills are needed. For example: Red team Blue team vs

  10. Red Team / Blue Team Example (cont’d) Red team launches a Denial of Service (DoS) attack Blue team detects the attack Exploit Blue team Red team

  11. RED TEAM / BLUE TEAM EXAMPLE

  12. LOGRHYTHM: FINANCIAL SERVER HACK DISCOVERED

  13. Source: https://logrhythm.com/products/security-intelligence-platform/

  14. Source: https://logrhythm.com/products/security-intelligence-platform/

  15. SPLUNK: DATABASE HACK DISCOVERED

  16. Source: https://www.splunk.com/en_us/products/premium-solutions/splunk-enterprise-security.html

  17. Source: https://www.alienvault.com/products

  18. THE COMPTIA CYBERSECURITY CAREER PATHWAY INCLUDES RED TEAM / BLUE TEAM SKILLS

  19. CompTIA Cybersecurity Career Pathway Red team / blue team skills are a component of the pathway.

  20. Job Role Growth - Security Analyst & Penetration Tester TOTAL NUMBER OF JOB POSTINGS: In an analysis of U.S. Bureau of Labor Statistics data, information security analysts, which includes pen testing, saw an 8% bump in growth over the first three months of 2016. That’s a BLS record. Demand remains high in 2018: 120,000 U.S. job ads were posted for security analyst between Sept. 2017-2018. Public APT attacks Source: Burning Glass Technologies Labor Insights, January 2016

  21. Additional Indicators The U.S. Bureau of Labor Statistics predicts that information security analysts, which includes penetration testing, will be fast growing, with 28% overall growth between 2016 and 2026. The U.S. Bureau of Labor Statistics (BLS) classifies both job roles under Information Security Analysts, which includes: • 2017 Median Pay: $96,000 per year • Number of Jobs Available: 82,900 • Job Outlook: 28% growth by 2026 (Much faster than average) 8 in 10 managers indicate that IT security certifications are very valuable (38%) or valuable (42%) in terms of validating security-related knowledge/skills or evaluating job candidates.* * International Trends in Cybersecurity, CompTIA, 2016

  22. PENTEST+ EXAM DETAILSRED TEAM SKILLS

  23. CompTIA PenTest+Red Team Skills CompTIA PenTest+ is a certification for intermediate skills level cybersecurity professionals who are tasked with hands-on penetration testing to identify, exploit, report, and manage vulnerabilities on a network. PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks. Successful candidates will have the intermediate skills and best practices required to customize assessment frameworks to effectively collaborate on and report findings and communicate recommended strategies to improve the overall state of IT security. • Skills competence for key job roles: • Application Security Engineer • Penetration Tester • Vulnerability Tester • Security Analyst (II) • Network Security Operations • Application Security Vulnerability

  24. Job Task Analysis (JTA) Participants Key JTA participants Brotherhood Mutual Global Cyber Security SecureWorks North State Technology Solutions BlackFire Consulting TransUnion Las Vegas Sands Corporation Integra Life Sciences Enterprise Holdings Paylocity Johns Hopkins University Applied Physics Laboratory ASICS Corporation

  25. PenTest+ Exam Information

  26. Metasploit Example

  27. SET (Social Engineering Toolkit) Example

  28. PenTest+ Domain Objectives 15% 1.0 Planning and Scoping 1.1 Explain the importance of planning for an engagement. 1.2 Explain key legal concepts. 1.3 Explain the importance of scoping an engagement properly. 1.4 Explain the key aspects of compliance-based assessments.

  29. PenTest+ Domain Objectives 2.0 Information Gathering and Vulnerability Identification 22% 2.1 Given a scenario, conduct information gathering using appropriate techniques. 2.2 Given a scenario, perform a vulnerability scan. 2.3 Given a scenario, analyze vulnerability scan results. 2.4 Explain the process of leveraging information to prepare for exploitation. 2.5 Explain weaknesses related to specialized systems.

  30. PenTest+ Domain Objectives 30% 3.0 Attacks and Exploits 3.1 Compare and contrast social engineering attacks. 3.2 Given a scenario, exploit network-based vulnerabilities. 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities. 3.4 Given a scenario, exploit application-based vulnerabilities. 3.5 Given a scenario, exploit local host vulnerabilities. 3.6 Summarize physical security attacks related to facilities. 3.7 Given a scenario, perform post-exploitation techniques.

  31. PenTest+ Domain Objectives 17% 4.0 Penetration Testing Tools 4.1 Given a scenario, use Nmap to conduct information gathering exercises. 4.2 Compare and contrast various use cases of tools. 4.3 Given a scenario, analyze tool output or data related to a penetration test. 4.4 Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).

  32. PenTest+ Domain Objectives 16% 5.0 Reporting and Communication 5.1 Given a scenario, use report writing and handling best practices. 5.2 Explain post-report delivery activities. 5.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities. 5.4 Explain the importance of communication during the penetration testing process.

  33. CYSA+ EXAM DETAILS BLUE TEAM SKILLS

  34. CompTIA CySA+ (Cybersecurity Analyst)Blue team skills Seamlessly following Security+, CompTIA Cybersecurity Analyst (CySA+) applies behavioral analytics to greatly improve network threat visibility. As attackers have learned to evade traditional signature-based solutions, an analytics-driven cyber defense has become critical. • Skill competencies: • Configure and use threat detection tools • Perform data analysis • Interpret results to identify vulnerabilities, threats and risk to an organization CySA+ Exam Domains: • Job roles: • Security Analyst • Security Operations Center (SOC) Analyst • Vulnerability Analyst • Cybersecurity Specialist • Threat Intelligence Analyst • Security Engineer • Information Systems Security Engineer

  35. Organizations that Assisted in CySA+ Development The CySA+ certification has been reviewed by nearly 2,200 security analysts and/or IT pros, including those who took the beta exam. It has received feedback from organizations and partners across the globe to reach its current status. Some of the contributors in the process are listed below.

  36. CySA+ Exam Information

  37. Tools of the Trade – Open Source ExamplesBlue team

  38. CySA+ Domain Objectives 27% • 1.0 Threat Management • 1.1: Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes. • 1.2: Given a scenario, analyze the results of a network reconnaissance. • 1.3: Given a network-based threat, implement or recommend the appropriate response and countermeasure. • 1.4: Explain the purpose of practices used to secure a corporate environment.

  39. CySA+ Domain Objectives 26% 2.0 Vulnerability Management • 2.1 Given a scenario, implement an information security vulnerability management process. • 2.2 Given a scenario, analyze the output resulting from a vulnerability scan. • 2.3 Compare and contrast common vulnerabilities found in the following targets within an organization.

  40. CySA+ Domain Objectives 23% 3.0 Cyber Incident Response • 3.1 Given a scenario, distinguish threat data or behavior to determine the impact of an incident. • 3.2 Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation. • 3.3 Explain the importance of communication during the incident response process. • 3.4 Given a scenario, analyze common symptoms to select the best course of action to support incident response. • 3.5 Summarize the incident recovery and post-incident response process.

  41. CySA+ Domain Objectives 24% 4.0 Security Architecture and Tool Sets • 4.1 Explain the relationship between frameworks, common policies, controls, and procedures. • 4.2 Given a scenario, use data to recommend remediation of security issues related to identity and access management. • 4.3 Given a scenario, review security architecture and make recommendations to implement compensating controls. • 4.4 Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC). • 4.5 Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies.

  42. COMPTIA OFFICIAL CONTENT

  43. CompTIA now has Official Content! Books, eLearning, labs, and exam prep software to support CompTIA certifications

  44. Official CompTIA Content • Instructor-Led Training • Official CompTIA PenTest+ Instructor Guide (print or eBook) • Official CompTIA PenTest+ Student Guide (print or eBook) • LogicalLABS • CompTIA CHOICE Platform • Self-Paced Training • CertMaster Learn • CertMaster Practice • CertMaster Labs • Self-study guide (eBook and print) Visit store.comptia.org

  45. The CertMaster Suite

  46. Features of Official Content Comprehensive Instructional Tools Robust Instructor Guide with presentation planners, helpful tips, and solutions in the margin Class tested with real instructors before publication Resources within CompTIA Choice including PPT slides Focused on Job Roles and 100% Coverage of Objectives Lessons in the book align with real world job objectives and scenarios Activities require students knowledge into practice (some align with Labs) Appendix aligns content to exam objectives Flexible and Customizable Content Based on Course Format Instructor Guide references different course formats and how presentation should be tailored The CompTIA Choice platform is the one stop shop for all resources for course including eBook, instructor files, videos, assessments and labs (if applicable) Students get lifetime access

  47. CertMaster Learn The first comprehensive eLearning product from CompTIA Videos

  48. CertMaster Learn The first comprehensive eLearning product from CompTIA Assessments

  49. CertMaster Learn The first comprehensive eLearning product from CompTIA Performance Based Questions

  50. RECORDED WEBINAR VIDEO To watch the recorded webinar video for live demos, please access the link:http://bit.ly/2OSTuOk

More Related