Skills You’ll Learn
Tips for analyzing network packets using Wireshark (Wireshark)
An introduction to tools for analyzing massive network packet logs
Web log analysis using Elasticsearch (Elasticsearch)
Introduction to how to use Elasticsearch, an open source-based high-volume log analysis tool
Snot-detection edge structure description (header/body)
I will explain Snort (Snort) as an intrusion detection system engine.
Note) An example link to a well-written selling page
Photographer Chosun Hee's perspective on the subject <flower>
Monthly profit of 5 million won! Epoxy line construction that anyone can do
Class introduction
Hello, this is Song Dae-geun.
The AhnLab (AhnLab) CERT team was responsible for investigating various hacking incidents that occurred in private companies and public institutions. I was in charge of the SOC construction project and operation project PM at IBM Korea. If a hacking incident occurs through a class, I will tell you the know-how to analyze the cause of the attack.
When a cybersecurity incident, or hacking incident, occurs in an enterprise, an infringement incident response specialist in the corporate security team performs incident response work. Business impact must be minimized by quickly identifying the extent of damage and rectifying incidents.
Infringement incident response experts quickly rectify and normalize damage according to established incident response processes. If activities required to comply with laws or regulations required by the industry are omitted, penalties or additional implementation items may occur under relevant laws or regulations.
Explain corporate incident response procedures through classes. Also, when a hacking incident occurs, personal information is leaked. If a personal information leak occurs, we will let you know how the procedures for dealing with the infringement incident are carried out.
Companies conduct annual or quarterly training through simulated training for essential activities necessary to respond in the event of a security incident. In the training process, training is conducted to analyze the cause of the accident using various security tools. When a hacking incident actually occurs, an infringement incident response specialist uses a security solution to analyze the cause of the incident. Let's take a look at the analytical tools used by analysts like you.
Course effect
You can learn about response procedures for damage recovery in the event of a hacking incident.
You can learn how to respond to a personal information breach incident.
I would like to tell you about network intrusion detection systems (IDS).
Here are tips for analyzing network packets using Wireshark (Wireshark).
I will show you how to analyze web logs using Elasticsearch (Elasticsearch).
Recommended target
Those who are curious about the response process in the event of a hacking incident
Those who are interested in security tools required to analyze hacking incidents
If you have questions about the Snort (Snort) intrusion detection tool
If you are curious about a tool to efficiently analyze web logs
Pre-course notes
You must proceed directly with the Wireshark (Wireshark) installation used in the class.
The Elasticsearch (Elasticsearch) installation file used by the class must be downloaded and installed directly from the Elastic website.
What makes this class special
❶ Learn analytical tools and methods used by infringement response/analysis practitioners
If you don't have much experience analyzing breaches, it can be difficult to know where to start the analysis and how to perform log analysis when investigating an incident. I will tell you the response process carried out by an analyst who analyzes hacking incidents through classes.
We will share sample logs for analysis and analysis know-how through practical examples so that you can quickly find the cause of the incident and identify attack paths. You'll learn how to analyze efficiently.
<video or photo>
❶ Method and know-how of using Wireshark for network packet analysis
The hacking path is traced through stored packet analysis. We'll show you how to apply network packet filtering to find internal systems infected with malware or to find attackers that have attempted attacks using vulnerabilities.
❷ How to use Elasticsearch for mass log analysis and know-how
I will teach you the basic concepts for analyzing web logs using Elasticsearch Engine, a log analysis tool of Daeyongrang, an open source project. Sample logs for practical exercises are provided for concept learning.
<Attack log sample generation using ChatGPT>
<Elastic Search Log Analysis Using Sample Logs>
Curriculum
Creator
BIGROOT SECURITY
We analyzed and responded to security breaches by private companies and public institutions, and carried out various types of security incident responses, including 3.20 cyber attacks, community portals, and online shopping mall infringement incident investigations.
While in charge of technical work in the security division of IBM and Cisco (Cisco), a global security company, I carried out security projects for corporate customers. We share the knowledge and competencies required by corporate security personnel based on experience in dealing with various security issues and project construction/operation experience.
Key work experience
Security consultant: design/construction/operation of security enhancement strategies through security infrastructure consulting
Security Control Consulting: Conducting SOC construction consulting and operation tasks
Security Service Product Development: Next Generation Security Control Solution & Service Development
Response to infringement incidents: many military, public, private companies, etc.
2014 KISA K-Shield Security Course Instructor (Instructor in charge of AhnLab network forensics training)
2016 Personal Information Security (PIS) FAIR/ Presentation Topic 'Security Intelligence'
gregsong1918
