[轉]藍隊訓練
目錄
介紹
這邊列出了藍隊會需要知道的幾個Modules
SIEM的部份主要以Azure Sentinel 跟 ELK來說明
共24個Modules
Modules
- Module 1- Incident Response and Security Operations Fundamentals
- Module 2- TOP 20 Open-source tools every Blue Teamer should have
- Module 3- How to deploy your Elastic Stack (ELK) SIEM
- Module 4- Getting started using Microsoft Azure Sentinel (Cloud-Native SIEM and SOAR)
- Module 5- Hands-on Wazuh Host-based Intrusion Detection System (HIDS) Deployment
- Module 6- Threat Intelligence Fundamentals:
- Module 7- How to Install and use The Hive Project in Incident Management
- Module 8- Incident Response and Threat hunting with OSQuery and Kolide Fleet
- Module 9- How to use the MITRE PRE-ATT&CK framework to enhance your reconnaissance assessments
- Module 10- How to Perform Open Source Intelligence (OSINT) with SpiderFoot
- Module 11- How to perform OSINT with Shodan
- Module 12- Using MITRE ATT&CK to defend against Advanced Persistent Threats
- Module 13- Hands-on Malicious Traffic Analysis with Wireshark
- Module 14- Digital Forensics Fundamentals
- Module 15- How to Perform Static Malware Analysis with Radare2
- Module 16- How to use Yara rules to detect malware
- Module 17- Getting started with IDA Pro
- Module 18- Getting Started with Reverse Engineering using Ghidra
- Module 19- How to Perform Memory Analysis
- Module 20- Red Teaming Attack Simulation with “Atomic Red Team”
- Module 21- How to build a Machine Learning Intrusion Detection system
- Module 22- Azure Sentinel - Process Hollowing (T1055.012) Analysis
- Module 23- Azure Sentinel - Send Events with Filebeat and Logstash
- Module 24- Azure Sentinel - Using Custom Logs and DNSTwist to Monitor Malicious Similar Domains