Corporate Laboratories: Identifying Information Security Incidents

“Corporate laboratories” is a training program in the field of information security, consisting of theoretical (webinar courses) and practical training (work in pentest laboratories). This article will consider the content of the practical base, which constitutes about 80% of the total training program.

In this article, I will look at examples of skills acquired at Corporate Laboratories to solve problems of identifying information security incidents.

Learning process

The learning process is based on the principle: 20% of the theoretical part and 80% of the practice for securing the material. The theoretical parts are given in portions, after which students have access to practical laboratories.
')
One of the distinguishing features of "Corporate laboratories" is the relevance of the material. The absence of a lengthy process of coordinating the training program with different instances allows us to update the course with each set (once every 2 months).

Theory

The course is completely remote. For maximum comfort of students, we have developed a specialized webinar platform, a convenient personal account and a virtual lab environment, which is connected via a VPN connection.

The program "Corporate Laboratories" is developed taking into account the materials and practices used by both hackers and employees of the information security departments of various companies. Listening to the wishes of specialists attending our training, we regularly update the course content so as to ensure comfortable and high-quality training.

To obtain theoretical knowledge, our specialists have developed a specialized webinar site, where theoretical classes are held. Also, at any time of training you can review any of the webinars in the recording.

Information for webinars in the form of teaching aids and practical tasks, class schedules and notifications from the group curator is published in a private office.

Practice

The consolidation of knowledge gained through the unique courses of ethical hacking and penetration testing from Pentestit is carried out by performing practical tasks.

The course program has developed several assignments that provide practical skills for investigating information security incidents.

Examples of practical tasks:

• Determine which of the dismissed employees is responsible for data leakage.
• Determine which user tried to get root user rights.
• Determine which user deleted the file.
• Determine who last accessed the file before deleting it (excluding the user who deleted the file).

Anomalous behavior was detected on one of the machines on the network. It was possible to quickly remove the memory dump and network traffic. It is necessary to investigate the received dumps and identify:

• way to compromise the machine;
• what IP address it was attacked from;
• identify the actions of the attacker on the attacked car.

There are also tasks related to the direction of mobile forsenics of iOS and Android applications - it is necessary to analyze the applications as part of practical work.

In the new program of the course Red Team, more attention will be paid to investigating incidents and building a chain of evidence:

• incident response and investigation;
• analysis of malicious activity;
• detection and neutralization of threats;
• identification of the systems involved in the incident.

Specialists undergoing the course will gain practical skills in working with utilities of apktools, binutils, Volatility Framewrok, operating system magazines, etc.

These skills will allow you to quickly respond to security incidents, identify its scope, affected systems and consequences, as well as apply objectively protective measures and means.

---

Specialists trained in Corporate Laboratories gain invaluable practical experience in working with modern methods and tools to penetrate the system, study the psychology of intruders, investigate cybercrime, and, based on this, learn to develop the most effective defense mechanisms.

Learn more and sign up for the next courses can be on the link .