Hacking incident analysis know-how learned through practice

Rookie
3 chapters · 3 hours 6 minutes
English · Japanese · Korean|Audio Korean

Skills You’ll Learn

IDS log analysis training

Practice of analyzing attack activity logs detected in commercial security products

Web log analysis training

Attack techniques and attack log analysis exercises conducted on web servers

Network packet analysis training

Practice analyzing attack targets and damage ranges by analyzing captured packets

Anomaly detection using Elasticsearch (Elasticsearch) M/L

Practice how to use machine learning to automate analysis




Note) An example link to a well-written selling page

Photographer Chosun Hee's perspective on the subject <flower>

Monthly profit of 5 million won! Epoxy line construction that anyone can do

Class introduction

Example) Please enter as much detail as possible about what you learn in the class and about the creator.

Final Cut Pro announces the latest Hangul version of the 2022 class. I share all the know-how I've gained from practicing video editing, with 4 years on YouTube, over 500 Final Cut Pro edits alone. Edit videos using Final Cut Pro, which has an intuitive interface and overwhelming work speed compared to comparable PCs! I'll teach you the basics in detail so that even beginners can easily follow along.


Hello, this is Song Dae-geun.

The AhnLab (AhnLab) CERT team was responsible for investigating various hacking incidents that occurred in private companies and public institutions. I was in charge of the SOC construction project and operation project PM at IBM Korea. If a hacking incident occurs through a class, I will tell you the know-how to analyze the cause of the attack.

The causes of hacking incidents occur for a variety of reasons. It uses weak settings on the web server to intercept important information or leak customer information. There are also a wide variety of types and purposes, including service attacks that paralyze IT services for the purpose of stopping a company's business.

Security professionals in companies that respond to hacking incidents must recover quickly from hacking incidents. They must identify hacking techniques used in attacks from various types of hacking attacks and establish recovery measures after damage analysis. I will tell you about the types and causes of hacking incidents that cause serious damage to companies. We will explain our capabilities to fundamentally resolve the security vulnerabilities that cause hacking incidents.

We will tell you what core competencies are required for security experts to analyze the causes of incidents related to cybersecurity incidents and what damage occurs depending on the type of attack, along with practical examples.


Course effect

Example) “Please write 3 or more course effects in the bullet points below.”

  • Even beginners who don't know anything about video editing can easily learn the video editing process and skills.

  • You can learn about the chroma key functions that are commonly used in private broadcasts.

  • You can create more colorful videos in a short time through paid template purchase sites and usage methods.


  • You can learn how to distinguish between normal logs and hacking incident logs.

  • Learn how to explain and fix SQL Injection code vulnerabilities.

  • You can learn how to detect anomalies using the Elasticsearch (Elasticsearch) machine learning (M/L) function.

  • Learn examples of PHP code injection application vulnerability attack analysis.

  • You can learn about the packet structure and IPS pattern matching techniques using packet data.

  • You can learn practical examples of hacking incidents that often occur through practice.

Recommended target



  • If you are curious about the cause of a hacking incident

  • If you are curious about the types of hacking incidents that often occur

  • If you are curious about a tool to efficiently analyze web logs

  • Those who are interested in security tools required to analyze hacking incidents

Pre-course notes



  • You must proceed directly with the Wireshark (Wireshark) installation used in the class.

  • The Elasticsearch (Elasticsearch) installation file used by the class must be downloaded and installed directly from the Elastic website.

  • The LogParser (LogParser) installation file used by the class must be downloaded and installed directly from the MS website.

  • The Splunk (Splunk) product used in the class is a paid tool. A free version is available on Splunk's official website.

  • The sample log used in the lab is for lab purposes only and redistribution or unauthorized reproduction is restricted.


N reasons why this class is special


❶ I will teach you an analysis method that is not dependent on hacking techniques.

The causes of hacking incidents are caused by various attacks. You don't need to be familiar with all types of attacks to analyze hacking incidents. Understanding the key information that separates normal logs from attack logs can be used for various log analyses.

Know-how to analyze key events is explained, and you can learn directly through practice. In particular, when performing security analysis tasks, various logs and analysis tools are used. I would like to explain the basic concepts and practical techniques of threat analysis for those who want to analyze intrusion detection system logs, web server logs, and network packets. We would like to help you improve your abilities by explaining basic concepts, techniques, and know-how learned through practical examples.

Typical information analyzed for incident analysis includes web logs, IDS/IPS logs, and network packet logs. We plan to conduct incident response drills while analyzing the logs of the system where the actual security incident occurred.


Screenshot 2023-01-22 at 1.30.22 PM.png

Screenshot 2023-08-10 at 5.43.57 PM.png

<video or photo>

❶ OWASP Top 10 - SQL Injection Attack Analysis

Some of the attack activity logs detected by commercial security products are filtered and provided for practice. The attack event name, attack time, and other information are structured in the same way as actual incident cases.

In the web log analysis exercise, you analyze your own logs by modifying the logs left on the actual attack target server according to the purpose of the training. Analysis identifies weak settings on web servers and identifies sources of incidents.

Screenshot 2023-08-10 at 5.52.13 PM.png

Screenshot 2023-08-10 at 5.47.43 PM.png


<insert 2 or more images or videos>

  • The image should focus on the result after creating the class.

  • If you would like to add a personal portfolio, please fill in the details below.

  • Example) Chapter 1-3. Example image of creating a portfolio

❷ Learn about web log analysis through practical examples

Practice analyzing web logs. It directly analyzes the attack techniques performed on the web server and the logs left on the target server. Analysis identifies weak settings on web servers and identifies sources of incidents.


Screenshot 2023-03-21 at 11.17.17 AM.png


Screenshot 2023-07-23 at 12.38.12 PM.png

<insert 2 or more images or videos>

  • The image should focus on the result after creating the class.

  • If you would like to add a personal portfolio, please fill in the details below.

  • Example) Chapter 1-3. Example image of creating a portfolio

❸ Understanding packet structure and IPS pattern matching techniques using packet data

Network packet analysis is an essential competency when analyzing hacking incidents. You can practice practical examples through classes. An actual hacking incident was reproduced under the same conditions in a lab environment, and the process of web hacking from the perspective of an attacker is learned through a demonstration.

Network packets that capture the process of attacking a system are analyzed from the perspective of an incident response expert.

Screenshot 2023-08-10 at 5.58.19 PM.png

Screenshot 2023-08-10 at 5.58.58 PM.png


Curriculum

Creator

BIGROOT SECURITY

BIGROOT SECURITY

We analyzed and responded to security breaches by private companies and public institutions, and carried out various types of security incident responses, including 3.20 cyber attacks, community portals, and online shopping mall infringement incident investigations.


While in charge of technical work in the security division of IBM and Cisco (Cisco), a global security company, I carried out security projects for corporate customers. We share the knowledge and competencies required by corporate security personnel based on experience in dealing with various security issues and project construction/operation experience.


Key work experience

  • Security consultant: design/construction/operation of security enhancement strategies through security infrastructure consulting

  • Security Control Consulting: Conducting SOC construction consulting and operation tasks

  • Security Service Product Development: Next Generation Security Control Solution & Service Development

  • Response to infringement incidents: many military, public, private companies, etc.

  • 2014 KISA K-Shield Security Course Instructor (Instructor in charge of AhnLab network forensics training)

  • 2016 Personal Information Security (PIS) FAIR/ Presentation Topic 'Security Intelligence'

gregsong1918

gregsong1918

View similar classes you might also like

Park Chanam demonstrates white-hat hacking techniquesSecurity · Network  |  Chanam Park

Notes on Copyright Protection

  • All videos and materials included in the class are protected intellectual property under relevant laws.
  • You may face legal action if you copy, distribute, transmit, modify or edit the videos or materials included in the class without permission.
CLASS 101, LLC.
1201 North Market St. Suite 111, Wilmington, DE, 19801
support@101.inc