Live Training Classes
Training week is 9/30 – 10/3. This year, there will be four live training classes at the new Georgia Cyber Center. Hurry! Seats are limited. You can buy your tickets on this site, except where noted. Click any link to learn more about the course.
Class Requirements
See the individual class descriptions for pre-requisites and items you need to bring to training.
Included with Each Class
  • Coffee through 2 PM
  • Bottled water all day
  • Validated parking at the Georgia Cyber Center parking deck
  • Free non-transferable ticket to Security Onion Conference October 4
  • Free non-transferable ticket to BSidesAugusta October 5
Training Cancellation
Individual classes may be cancelled if they do not meet a minimum enrollment. See the individual class websites for their cancellation policies and dates. Training refunds (for the cost of the training only) are available through 9/23/2019. Contact us using “Contact the Organizer” to request a training refund.


Course Name: Intrusion Operations by FortyNorth Security

Date: September 30 – October 3

Training Time: 9 AM – 5 PM

Trainer Name(s): Chris Truncer (@christruncer)

Course Description: Modern day attackers are tirelessly developing new tradecraft and methodologies that allow them to successfully compromise hardened targets. While it may look easy from the outside, there are many steps hidden from view that attackers take to ensure their success. This class is will cover the advanced challenges that red teamers consistently face and provide techniques to succeed in formidable scenarios. You will start with no information, build a profile on your target, persist within their environment, bypass modern defenses, and achieve the goals of your test.
Target Audience: This course is designed for attendees who have experience performing red team assessments and want to take their skillset to the next level. You will learn the latest techniques that modern attackers are using today and test yourself in an environment that is based off of real-world networks and defenses.
What attendees need to bring: A laptop with the ability to use an OpenVPN connection. The laptop should be able to run one Windows virtual machine or a Linux virtual machine.

REGISTER HERE


Course Name: Malware Traffic Analysis Workshop by Brad Duncan

Date: October 3

Training Time: 9 AM – 5 PM

Trainer Name(s): Brad Duncan (@malware_traffic)

Course Description: This workshop provides a foundation for investigating packet captures (pcaps) of malicious network traffic. Participants identify victim hosts, review indicators of compromise, and determine the root cause of an infection. Participants also practice writing incident reports. The training focuses on Windows infections and uses alerts from Security Onion to help identify suspicious activity.
Target Audience: This training helps prepare people for roles as security analysts who review alerts on suspicious network activity. Participants should have a solid knowledge of network traffic fundamentals.
What attendees need to bring: A laptop with a recent version of Wireshark, preferably running a non-Windows environment (a VM of something like Ubuntu or Kali Linux would be fine on a Windows laptop).

REGISTER HERE


Course Name: SANS Institute SPECIAL: The Essentials of Automating Information Security with Python

Date: October 2-3

Training Time: 9 AM – 5 PM

Trainer Name(s): Mark Baggett (@markbaggett)

Course Description: Python is a simple, user-friendly language that is designed to make automating the tasks that security professionals perform quick and easy. If you are new to coding and looking for the right course to cut your teeth on, this is it. This self-paced course starts from the very beginning, assuming you have no prior experience or knowledge of programming. We cover all of the essentials of the language in this two day course. If you already know the essentials, you will find that the pyWars lab environment allows advanced developers to quickly accelerate to self-taught advanced material that is taught in the full six day course.
This course is designed to give you the skills you need for tweaking, customizing, or outright developing your own tools. We put you on the path of creating your own tools, empowering you to better automate the daily routine of today’s information security professional and to achieve more value in less time. Again and again, organizations serious about security emphasize their need for skilled tool builders. There is a huge demand for people who can understand a problem and then rapidly develop prototype code to attack or defend against it. Join us and learn Python in-depth and fully weaponized.
Target Audience: This two day course starts with the most basic fundamentals of Python programming. There is no aspect of programming or Python that must be understood before attending this course. The lab environment is self-paced and this allows students who have had some experience coding to advance more quickly than those who have not. You are provided a Virtual Machine that gives you the ability to complete the labs that are in your course book after the live course has finished.
What attendees need to bring: Students are required to bring their own laptop so that they can connect directly to the workshop network we will create, and thus get the most value out of the course. It is the student’s responsibility to make sure that the system is properly configured with all drivers necessary to connect to an Ethernet network. Some of the course exercises are based on Windows, while others focus on Linux. VMware Player or VMware Workstation is required for the class. If you plan to use a Macintosh, please make sure you bring VMware Fusion, along with a Windows guest virtual machine. See the website for more specific OS information.

REGISTER HERE


Course Name: Security Onion Basic Course by Security Onion Solutions

Date: September 30 – October 3

Training Time: 8 AM – 5 PM

Trainer Name(s): Dustin Lee (@_dustinlee)

Course Description: “I started Security Onion in 2008 to provide a comprehensive platform for intrusion detection, network security monitoring, and log management. Today, Security Onion has over 775,000 downloads and is being used by organizations around the world to help monitor and defend their networks. This class is the culmination of years of lessons learned while building Security Onion and best practices developed while deploying Security Onion to real networks and doing real incident response with it.” -Doug Burks
The class will cover the following topics:
● Network Security Monitoring (NSM) methodology
● Security Onion Installation
● Configuration
      ● Setup Phase 1 – Network configuration
      ● Setup Phase 2 – Service configuration
      ● Evaluation Mode vs Production Mode
      ● Verifying services
● Analyzing Alerts
      ● Replaying traffic
      ● Squert
      ● Sguil
      ● Kibana
            ● Hunting with Kibana
            ● Create custom dashboards in Kibana
      ● Pivoting between interfaces
      ● Pivoting to full packet capture
● Bro
      ● Introduction
      ● Bro Programming Language
      ● Bro-IDS
      ● Bro Logs
      ● Bro Scripts
      ● Bro Intel Framework
● Production Deployment
      ● Advanced Setup
      ● Master vs sensor
      ● Node types – Master, Forward, Heavy, Storage
      ● Command line setup with sosetup.conf
      ● Architectural recommendations
      ● Sensor placement
      ● Hardening
      ● Administration
      ● Maintenance
● Tuning
      ● Using PulledPork to disable rules
      ● BPFs to filter traffic
      ● Spinning up additional Snort/Suricata/Bro workers to handle higher traffic loads
● Case Studies
      ● 1-2 Case Studies on Day 1
      ● 1-2 Case Studies on Day 2
      ● 2-4 Case Studies on Day 3
      ● 3-4 Case Studies on Day 4
● Wrap-up/Q&A
Target Audience: Network defenders, analysts, administrators and operators who want to learn to effectively operate, maintain, and use Security Onion to defend their enterprises.
What attendees need to bring:
Students must bring a laptop meeting the following minimum requirements:
● At least 12-16 GB RAM on the machine, so that a full 8 GB RAM that can be dedicated to one virtual machine (VM). More is better.
● At least 4 total CPU cores on the machine, so that 2 cores can be dedicated to one VM. More is better.
● One internal hard drive should have at least 50 GB free disk space. More is better. Solid State Drives are preferred, but not required.
● Virtualization software must be installed. We recommend VMWare Workstation, Workstation Player, or Fusion. Oracle VirtualBox works also. Please, no ESXi or similar platforms. Each student machine will only run one VM, which students install in class from the Security Onion ISO image. The VM will not interconnect with VMs on other student machines.
● The hardware and operating system must be capable of running a 64 bit VM. Note: Some 64 bit machines don’t automatically support a 64 bit VM. This should be tested ahead of class.  See https://securityonion.net/wiki/installation
● Students need administrator/root access to the host operating system on the student machine. They should need this only once to add a virtual sniffing NIC to the VM.
● Must have an adequately sized screen. Note: Tablet computers such as the Microsoft Surface usually do not meet this requirement.
● Must be able to connect to a wireless network for Internet access.

REGISTER HERE