Security+Cloud+ML for Security Engineers 온라인 코스 커리큘럼

아직 완전히 정리되지 않았지만, 올해 3월 초에 런칭할 Security+Cloud+ML for Security Engineers 온라인 코스 커리큘럼을 소개합니다. 2019년 7월에 개설했던 오프라인 코스를 조금 더 다듬어서 3개월 온라인 코스로 개편하고 있습니다. Zoom 등의 컨퍼런스콜 솔루션을 통해서 매주 2시간의 라이브 캐스팅을 통한 이론 수업과 함께 매번 exercise homework을 부여하고, 그에 대한 풀이를 다음 번 세션에서 훑어보고, 풀이를 제공하는 형태로 진행할 예정입니다. 라이브 캐스팅 세션에 참가하지 못한 분들을 위한 레코딩 또한 영구적으로 수강생들에게 제공할 예정입니다.

중간 과정부터는 70 GB에 달하는 실습 데이타를 포함하고 있는 ElasticSearch 서버에 대한 억세스와 함께 해당 서버에 접근 가능한 Jupyter Notebook 서버를 제공할 예정입니다. 과정의 특성상 중간 난이도 정도의 Threat Hunting을 실습하는 과정도 거치게 됩니다. 실제 인더스트리에서 어떻게 수집된 데이타에 대한 머신러닝 접근법을 진행하는지에 대한 좋은 실습이 될것으로 보입니다.


Chapter 1: APT/Threat Intelligence/MITRE ATT&CK Matrix/Threat Analysis

  • Objectives:
    • Understanding current APT landscape, Threat Intelligence
    • Understanding threat modelling approach with MITRE ATT&CK Matrix
    • Investigating real world malware/APT attacks and investigate and match them with MITRE ATT&CK Matrix for deeper understanding
Session Duration Name Description
Session 1 0.5 hour Introduction Introduction, overview of the courses and exercise preparations
Session 1 0.3 hour Threat Intelligence APT vs Commodity Malware
Session 1 0.3 hour Threat Analysis PE vs Non-PE/Living-off-the-land Attacks
Session 1 0.3 hour Threat Modelling MITRE ATT&CK Matrix
Session 1 Homework Exercise Malware sample analysis

Chapter 2: Endpoint – Windows Events/Telemetry Collection/Event Hunting

  • Objectives:
    • Understanding Windows Events collecting methods
      • Learn using basic Windows Events tools (focusing on PowerShell cmdlets)
    • Learning Windows Events hunting
      • Based upon our knowledge on recent threat landscape, hunt for useful Windows events
Session Duration Name Description
Session 2 2 hours Windows Events Windows Events – concepts and tools
Session 2 Homework Exercise Collect Windows events from test systems
Session 3 2 hours Advanced Windows Events PowerShell/WMI/Sysmon/AMSI
Session 3 Homework Exercise Run and analyze PowerShell malware with various sensors
Session 4 2 hours Exercise Windows Events Hunting & Investigations
Session 4 Homework Exercise Run various malware and find useful events

Chapter 3: Cloud + Threat Hunting

  • Objectives:
    • Understanding cloud storage/distributed computing technology
    • Acquiring and store telemetry data from Windows Events
    • Performing threat hunting upon the collected telemetry data sets – understanding methodology and limitations
Session Duration Name Description
Session 5 2 hours Cloud Introduction to various cloud storage and distributed processing platforms (Hadoop/Spark/Azure Data Lake/ElasticSearch/Kibana)
Session 5 Homework Exercise Use Hadoop/Spark/ADL for basic exercise
Session 6 2 hours Exercise Telemetry collections and threat hunting using ElasticSearch & Kibana – Setup ElasticSearch/Kibana environment/hunt threats
Session 6 Homework Exercise Use ES/Kibana installations and exercise various basic tools & queries

Chapter 4: Heuristics

  • Objectives:
    • Understanding heuristics approach for malware/APT detections and limitations
    • Introduction to data-scientific approach to real world problems
Session Duration Name Description
Session 7 2 hours Data Science Machine Learning Algorithms
Session 7 Homework Exercise Exercise basic examples
Session 8 2 hours Exercise Timeline reconstruction (Python+Jupyter Notebook)
Session 8 Homework Exercise Construct timelines for various timeframe to find and analyze malicious actitivies
Session 9 2 hours Exercise Command line analysis
Session 9 Homework Exercise Build command line parser for basic analysis

Chapter 5: Data Science

  • Objectives:
    • Applying various data science methodologies to security problems (focusing on the machine telemetry)
    • Understanding importance of data clean-up
    • Understanding process of feature set selections and extraction methods
Session Duration Name Description
Session 10 2 hours Exercise Introduction to Machine Learning methods/concepts/exercise
Session 10 Homework Exercise Exercise basic data science examples
Session 11 2 hours Exercise Building Machine Learning Models
Session 11 Homework Exercise Exercise basic security data science examples
Session 12 2 hours Exercise Building Machine Learning Models
Session 12 Homework Exercise Exercise intermediate security data science examples

댓글 남기기