Training Courses

Satisnet Ltd offer in-depth training courses designed to strengthen your SOC team and improve their effectiveness. Details on these courses can be found below.

IBM QRadar Cyber Defence and SOC Simulation Training

The Basic Idea

In the unique training concept, typical IT attacks are simulated in “real” corporate networks.

It is the goal of the IBM QRadar Cyber Defence and SOC Simulation Training to create a deep understanding of how attacks on corporate networks work, using Gartner leading SIEM IBM QRadar:

  • Understand the underlying technical principles of common attacks
  • Learn how to “think like an attacker” in regard to corporate network security
  • Understand the limits of common security products, such as antivirus solutions
  • Prioritise hardening measures correctly
Target Audience

The IBM QRadar Cyber Defence and SOC Simulation Training is suitable for the following groups:

  • System and Network Administrators
  • Operations Engineers
  • IT Security Manager and non-technical IT Security Consultants who want to broaden their technical understanding
  • IT Forensic staff and Security Operations Centre (SOC) staff who are just starting out in the field
Prerequisites

SIEM knowledge or hacking experience is not required. However, an affinity for the subject IT security should exist. The required fundamentals are explained in detail at the beginning of each exercise.

Agenda

QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalisation, correlation, and secure storage of events, flows, assets, topologies, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses.

In this knowledge transfer, you learn how to navigate QRadar SIEM to detect anomalies and unusual behaviour. Using the skills taught in this course, you can identify and investigate threats and attacks, with hands-on exercises to reinforce the skills learned.

You will also learn how to create Universal DSM and create event, flow and anomaly rules. You will analyse the offenses created by rules and if necessary fine-tune them. Using the skills taught in this course, you can identify and investigate threats and attacks.

This basic course is for:

  • Security Analysts
  • Network Administrators
  • System Administrators
Day One – Introduction and basic attacks, bespoke ransomware demo

1. Introduction

  • Overall infrastructure introduction
  • Advanced tool introduction
    • Exploit net API
    • Exploit vsftPd

Lunch break

2. Reconnaissance

  • High noise scans
  • Low noise scans
  • Limitations of security tools (Optional but has worth if placed correctly)

3. Ransomware: Crypto Trojans on Share

Day Two – Man in the middle attacks

4. Man in the Middle Attacks

  • ARP spoofing 1 – Request
  • ARP spoofing 1 – Response

Lunch break

4. Man in the Middle Attacks

  • SSL/TLS – MITM attacks

4. Man in the Middle Attacks

  • SSL strip V2
Day Three – Windows domain security + botnet use case

5. Windows Domain Security

  • Steal NTLM hashes + cracking
  • Use NTLM hash to move to get creds for next machine

Lunch break

5. Windows Domain Security

  • Use NTLM hash to move to get creds for DC

6. Botnet – Use Case

IBM QRadar CyberKombat Training Course

How can you be a pilot if you don’t try to fly – How can you be a SOC Analyst if you never handle offenses?
At last a real IBM QRadar SIEM training course!

Powered by CyberKombat, a brand new experience designed to replicate serious cyber attacks on an organisation, giving real life SOC teams the opportunity to test their abilities and gain a wealth of new skills in the process.

Training Course Overview
  • 1 day, delivered via the web using the CyberKombat Cloud
  • QRadar training content covering the functionality of QRadar with lab exercises
  • Attack based lab exercises delivered by CyberKombat
Attendee Requirements

No previous SIEM or security knowledge is required.

Morning Session

QRadar Fundamentals

  • Data and Log Sources
  • Rules and Building Blocks
  • Reference Sets
  • Offenses
    • Offenses Tab
    • Investigation Events
    • Filtering Events
    • Grouping Events
    • Investigating Flows
  • Dashboards and Reports
  • Reference Data
  • Deployment and Tuning
Afternoon Session

Portal login to CyberKombat environment, giving access to a Software Defined Network of red ‘attack’ and blue ‘defence’ machines. These offer a security stack that includes QRadar (SIEM), Carbon Black (Endpoint forensics), Palo Alto Networks (Layer 7 firewall and advanced threat detection), and SOCAutomation (Automation and incident response platform).

Attacks launched in the following categories:

  • SQL Injection
  • AD Attack
  • XSS Attack
  • Botnet
  • Port Scan

Documentation and Feedback Learning

During the labs the attendees are constantly monitored and prompted if they require assistance, or Nano-Learning is used to provide succinct refresher learning as required. All attacks and defences are documented for reference and future re-use.

Interested?

If you or your team are interested in experiencing CyberKombat, please get in touch using the link below and we’ll help tailor a training package around your needs.