Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:07,400 --> 00:00:10,699 So we're going to go through in day one or in book one. 2 00:00:10,900 --> 00:00:13,689 We're going to go through step by step what we call the 3 00:00:13,700 --> 00:00:15,999 pickerel framework that has learned recovery. 4 00:00:16,000 --> 00:00:17,999 We're going to go through all of those steps 5 00:00:18,300 --> 00:00:20,589 because when we're looking at it attack something like 6 00:00:20,600 --> 00:00:21,799 Metasploit or 7 00:00:22,100 --> 00:00:25,289 endpoint security Bypass or bypassing a firewall we have 8 00:00:25,300 --> 00:00:28,289 to put that in a frame work context of how do you prepare 9 00:00:28,300 --> 00:00:29,599 for that attack? 10 00:00:29,600 --> 00:00:31,399 How do you identify that attack? 11 00:00:31,500 --> 00:00:33,799 How do you contain that attack and so on 12 00:00:34,100 --> 00:00:37,589 so this day becomes so important because Allows you 13 00:00:37,600 --> 00:00:40,689 to start rationalizing the attack techniques and then 14 00:00:40,700 --> 00:00:43,689 developing your preparation steps the policies processes 15 00:00:43,700 --> 00:00:46,889 procedures training to get ready for that eventuality 16 00:00:46,900 --> 00:00:49,089 tack and then also going through the steps for 17 00:00:49,100 --> 00:00:52,999 identification and containment if we didn't have this day maybe 18 00:00:53,000 --> 00:00:55,689 nothing but a whole bunch of different tools that may or 19 00:00:55,700 --> 00:00:57,899 may not become outdated in a year or so. 20 00:00:58,200 --> 00:01:00,689 So talking about this as a foundational framework and 21 00:01:00,700 --> 00:01:01,999 then using the tools 22 00:01:02,500 --> 00:01:06,489 gives you the mental framework to develop defenses regardless 23 00:01:06,500 --> 00:01:06,899 of whatever. 24 00:01:07,100 --> 00:01:08,799 Attack is coming at your organization. 25 00:01:09,000 --> 00:01:10,689 So we're going to go through each one of these to these 26 00:01:10,700 --> 00:01:13,788 different sections preparation identification containment 27 00:01:13,800 --> 00:01:17,588 eradication recovery Lessons Learned and yes, there are a 28 00:01:17,600 --> 00:01:20,389 whole bunch of labs throughout this day will be covering 29 00:01:20,400 --> 00:01:23,689 Windows cheat sheet command line Kung Fu getting started 30 00:01:23,700 --> 00:01:25,299 at the command line on Windows 31 00:01:25,300 --> 00:01:28,489 is so in central essential because so many of the attacks 32 00:01:28,500 --> 00:01:29,599 Target our Windows systems. 33 00:01:29,800 --> 00:01:31,889 We're going to talk about enterprise-wide identification 34 00:01:31,900 --> 00:01:34,989 and Analysis, which is a lab that's very very near and dear 35 00:01:35,000 --> 00:01:36,099 to my heart specifically. 36 00:01:36,100 --> 00:01:36,999 I'll explain that in a bit. 37 00:01:40,100 --> 00:01:42,788 We'll talk about Espionage intellectual property attacks 38 00:01:42,800 --> 00:01:44,999 legal issues in computer security. 39 00:01:45,000 --> 00:01:48,489 And then finally we have an incident response tabletop lab 40 00:01:48,500 --> 00:01:51,489 that it really think ties together the entire day and 41 00:01:51,500 --> 00:01:55,088 the reason why this lab is so important to cap off this day 42 00:01:55,100 --> 00:01:58,288 because it gives you a framework to very quickly 43 00:01:58,300 --> 00:02:03,588 gamify tabletop exercises with your co-workers with your 44 00:02:03,600 --> 00:02:04,499 employees 45 00:02:04,500 --> 00:02:07,189 with your management at your organization to determine the 46 00:02:07,200 --> 00:02:09,899 overall Readiness at your organization for an 47 00:02:10,300 --> 00:02:11,699 Coming against your organization. 48 00:02:12,000 --> 00:02:13,499 So let's go ahead and let's get started. 49 00:02:13,500 --> 00:02:16,099 We're going to jump between the podium here 50 00:02:16,400 --> 00:02:18,799 and live sessions at an undisclosed location. 51 00:02:18,900 --> 00:02:21,889 So now let's jump over to one of those live sessions and 52 00:02:21,900 --> 00:02:25,189 I'll see you in just a little bit for our next section here 53 00:02:25,200 --> 00:02:26,399 at the podium. 54 00:02:26,500 --> 00:02:27,299 Thank you so much. 55 00:02:33,100 --> 00:02:36,799 Now as I mentioned today is all about those policies, right? 56 00:02:36,800 --> 00:02:38,889 We're going to go through that pickerel framework for 57 00:02:38,900 --> 00:02:40,789 Preparation identification containment eradication 58 00:02:40,800 --> 00:02:44,399 recovery Lessons Learned going to do all of that today. 59 00:02:45,200 --> 00:02:47,499 And for some people that's kind of tough, 60 00:02:47,800 --> 00:02:49,199 right they come to a class. 61 00:02:49,200 --> 00:02:51,689 It's called hacker techniques exploits and incident handling 62 00:02:51,700 --> 00:02:53,689 and they somehow expect they're going to hit the ground 63 00:02:53,700 --> 00:02:56,289 immediately and start talking about hacker tools and 64 00:02:56,300 --> 00:02:57,999 techniques to breaking into things 65 00:02:58,500 --> 00:03:00,889 and they're a little bit confused by all the policy 66 00:03:00,900 --> 00:03:02,799 process and procedure that we cover in. 67 00:03:02,900 --> 00:03:03,499 A what 68 00:03:04,200 --> 00:03:05,199 but this day 69 00:03:05,500 --> 00:03:09,799 without question is the most important day of sans 504. 70 00:03:10,500 --> 00:03:12,789 This is the day that will help you contextualize and prepare 71 00:03:12,800 --> 00:03:17,589 for a tax regardless of what those attacks actually are as 72 00:03:17,600 --> 00:03:19,689 long as we know the techniques and the capabilities of 73 00:03:19,700 --> 00:03:22,989 adversaries and we know what components we can work with we 74 00:03:23,000 --> 00:03:25,299 can defend and reacts to a wide variety 75 00:03:25,300 --> 00:03:26,099 of different times. 76 00:03:26,500 --> 00:03:29,189 And as I mentioned earlier this day establishes the framework 77 00:03:29,200 --> 00:03:32,799 for us going through and covering different. 78 00:03:32,900 --> 00:03:35,889 At Trends and the different phases that an attacker will 79 00:03:35,900 --> 00:03:39,789 go through to try to gain access to your network because 80 00:03:39,800 --> 00:03:43,489 this framework is applicable to every single phase in the 81 00:03:43,500 --> 00:03:46,599 entire attack methodology that is out there today. 82 00:03:49,800 --> 00:03:52,799 Also as part of this Court's we have virtual machines 83 00:03:53,200 --> 00:03:56,189 the virtual machines have every tool that you need for this 84 00:03:56,200 --> 00:03:58,399 class built into them 85 00:03:58,900 --> 00:04:02,099 also almost all of the labs except for day six 86 00:04:02,400 --> 00:04:05,989 are able to be ran locally on your system and I want to 87 00:04:06,000 --> 00:04:07,699 explain that a little bit. 88 00:04:08,100 --> 00:04:09,889 There's a lot of classes and they have a lot of really 89 00:04:09,900 --> 00:04:13,589 really cool things will bring in all kinds of gear the front 90 00:04:13,600 --> 00:04:15,399 of the classroom for you to break into 91 00:04:16,100 --> 00:04:17,299 and that's great. 92 00:04:18,000 --> 00:04:19,898 The only problem I have with that. 93 00:04:19,899 --> 00:04:23,099 It's for a foundational class like 504. 94 00:04:23,700 --> 00:04:24,899 You can't take it home with you. 95 00:04:26,000 --> 00:04:28,799 I wanted to have every single lab in this course 96 00:04:29,100 --> 00:04:31,799 be able to run on a single machine. 97 00:04:32,100 --> 00:04:33,589 So you could continue practicing the different 98 00:04:33,600 --> 00:04:36,689 techniques that we cover in this course moving forward 99 00:04:36,700 --> 00:04:39,099 into the future without needing to have a lab 100 00:04:39,500 --> 00:04:42,799 now the Bible for VMS are 7-Zip compressed. 101 00:04:43,400 --> 00:04:44,999 We have seven zipper windows 102 00:04:45,300 --> 00:04:46,799 on the course USB. 103 00:04:47,000 --> 00:04:50,089 If you're using a Mac, you have to go to the App Store and 104 00:04:50,100 --> 00:04:51,699 download a 7 zip utility. 105 00:04:51,700 --> 00:04:54,289 There's a bunch of them out there pick one install it and 106 00:04:54,300 --> 00:04:54,999 run it I used to. 107 00:04:55,200 --> 00:04:56,399 Hand out caki 108 00:04:56,800 --> 00:05:00,389 the keka would work for one specific version of OS X and 109 00:05:00,400 --> 00:05:02,199 it wouldn't work on anything else. 110 00:05:02,300 --> 00:05:03,989 So it's better just to get it from the app store because it 111 00:05:04,000 --> 00:05:06,989 gets you the right version of the tool that you need to 112 00:05:07,000 --> 00:05:09,699 extract the virtual machines in this course. 113 00:05:10,300 --> 00:05:12,589 Now whenever you open up the virtual machine, it's going to 114 00:05:12,600 --> 00:05:16,199 say if you moved or copied, please select copy 115 00:05:16,500 --> 00:05:19,799 that causes the virtual machine to generate a new Mac address. 116 00:05:20,000 --> 00:05:21,799 So we don't have mac address collisions. 117 00:05:22,100 --> 00:05:24,999 So we want to extract that now because it's going to take some 118 00:05:25,300 --> 00:05:28,089 I'm the passwords in the user IDs for the virtual machines 119 00:05:28,100 --> 00:05:33,699 are SEC 504 for the user ID and the password is SEC 504 120 00:05:34,000 --> 00:05:36,789 and then for becoming root on the Linux machine it's to do 121 00:05:36,800 --> 00:05:38,499 su space - 122 00:05:38,800 --> 00:05:43,089 that - is incredibly important to make sure loads properly 123 00:05:43,100 --> 00:05:46,789 and I wouldn't worry about this too much because in a lot 124 00:05:46,800 --> 00:05:48,899 of our Labs we give you these exact commands. 125 00:05:48,900 --> 00:05:50,099 You don't have to memorize them. 126 00:05:50,300 --> 00:05:52,389 The only thing that you really need to memorize the user ID 127 00:05:52,400 --> 00:05:54,589 and the password for logging in which is pretty 128 00:05:54,600 --> 00:05:54,999 straightforward. 129 00:05:55,100 --> 00:05:58,099 Forward it just so happens to be the class version as well. 130 00:05:58,400 --> 00:05:59,199 If you're 131 00:05:59,600 --> 00:06:00,199 from 132 00:06:00,500 --> 00:06:03,189 another country and you have a different keyboard layout you 133 00:06:03,200 --> 00:06:05,489 can go into the virtual machines and change your 134 00:06:05,500 --> 00:06:08,799 keyboard layout from within the virtual machine as well. 135 00:06:12,200 --> 00:06:13,989 All right, as I mentioned earlier in one of the earlier 136 00:06:14,000 --> 00:06:17,299 videos a key component to being successful in Sands. 137 00:06:17,300 --> 00:06:20,789 504 On Demand is actually doing the labs in order to do the 138 00:06:20,800 --> 00:06:21,399 labs. 139 00:06:21,400 --> 00:06:23,489 You've got to get the virtual machines extracted and we've 140 00:06:23,500 --> 00:06:24,799 already talked about that 141 00:06:25,100 --> 00:06:28,789 but the other key part is the awesome day six or books X 142 00:06:28,800 --> 00:06:30,899 Capture the Flag event. 143 00:06:31,600 --> 00:06:34,789 It's common for many students that are just getting started 144 00:06:34,800 --> 00:06:38,889 with on-demand kind of put this part off until later you 145 00:06:38,900 --> 00:06:40,099 need to do this right now 146 00:06:40,500 --> 00:06:41,699 the capture the flag. 147 00:06:41,900 --> 00:06:45,289 On Demand is special and the reason why it's special is you 148 00:06:45,300 --> 00:06:48,389 get access to the on-demand VPN with a full capture-the-flag 149 00:06:48,400 --> 00:06:49,799 experience 150 00:06:50,100 --> 00:06:50,899 for months. 151 00:06:51,300 --> 00:06:52,799 Whereas in a live setting 152 00:06:53,400 --> 00:06:55,599 and set up for one day and that's it. 153 00:06:55,600 --> 00:06:58,489 You need to get set up you need to get configured and on this 154 00:06:58,500 --> 00:07:00,199 slide slide number eight. 155 00:07:00,200 --> 00:07:02,489 We have step-by-step instructions on how you're 156 00:07:02,500 --> 00:07:05,389 supposed to do that more importantly you're going to 157 00:07:05,400 --> 00:07:08,399 receive an email from Sands. 158 00:07:08,700 --> 00:07:10,289 And in that email it's going to give you step-by-step 159 00:07:10,300 --> 00:07:13,189 instructions and And links to download specific 160 00:07:13,200 --> 00:07:19,099 configuration files to do the capture the flag for Sands 504. 161 00:07:19,300 --> 00:07:21,389 So when you get that email don't just ignore it or send 162 00:07:21,400 --> 00:07:24,289 it to spam or send it to trash you want to pull that email up 163 00:07:24,300 --> 00:07:26,399 you want to go through those Instructions? 164 00:07:26,400 --> 00:07:30,789 Make sure the virtual machines can connect into the Sands VPN 165 00:07:30,800 --> 00:07:32,889 so that you can enjoy the full Capture the Flag experience 166 00:07:32,900 --> 00:07:35,489 when you do the capture the flag and I'll talk about this 167 00:07:35,500 --> 00:07:36,599 more in book six. 168 00:07:36,900 --> 00:07:37,899 Don't just do it. 169 00:07:37,900 --> 00:07:41,089 Once you want to be able to go through that CTF almost as 170 00:07:41,100 --> 00:07:43,589 though so it's cold like you can just do it without 171 00:07:43,600 --> 00:07:47,089 thinking and you'll get that opportunity because you're 172 00:07:47,100 --> 00:07:49,699 doing this on demand and you get access for this VPN 173 00:07:50,000 --> 00:07:52,499 for months after you get started in this class. 13785