SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling Practice Exam

SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling Practice Exam

The SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling Exam allows candidates to understand tactics and strategies for handling attacks, offering hands-on experience for locating vulnerabilities and discovering intrusions, and equipping them with a comprehensive incident handling plan. The exam will assist in understanding the process to design, build, and operate their systems to handle attacks.

Who should take the exam?

The SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling Exam is suitable for candidates who are responsible to work with the incident handling team. The exam is suitable for candidates working as -

• General security practitioners
• System administrators
• Security architects 

Skills Acquired

The SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling exam covers the following topics - 

• Learn to  prepare for an eventual breach
• Understand the process and approach used by computer attackers
• Explain Proactive and reactive defences performed for each stage of a computer attack
• Learn to identify and respond to active attacks and compromises
• Overview of the latest computer attack vectors and how to handle them
• Learn to properly contain attacks
• Strategize and ensure to stop the attackers from returning
• Learn to recover from computer attacks and restore systems for business
• Learn and understand the use of hacking tools and techniques
• Overview of the strategies and tools for detecting each type of attack
• Learn about application-level vulnerabilities, attacks, and defences
• Understand and develop an incident handling process
• Learn to prepare a team for battle
• Understand the legal issues in incident handling

Course Outline

The SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling exam covers the following topics - 

Module 1 - Describe Incident Response and Computer Crime Investigations

1.1 Understand Incident Response

• Learn Common incident response mistakes
• Learn about incident goals and milestones
• Overview of Post-incident activities

1.2 Understand Digital Investigations

• Learn to ask and answer the right questions
• Learn the process of pivoting during an investigation
• Learn to take notes and writing reports
• Overview of Artifact and event-based timelines

1.3 Understand Live Examination

• Learn to start, even with less information
• Learn to examine a live environment
• Learn to identify abnormal activity

1.4 Understand Digital Evidence

• Learn digital evidence and process to collect 
• Learn the role and elements of a chain of custody
• Learn to collect digital evidence

1.5 Understand Network Investigations

• Learn to analyze packet captures using tcpdump
• Learn to handle Web proxy logs

1.6 Understand Memory Investigations

• Learn investigating memory images using the Volatility framework
  

1.7 Understand Malware Investigations

• Learn basic approaches for investigating malware
• Learn practices for working with malware
• Learn to monitor the environment using snapshot and continuous recording tools

Module 2 - Describe Recon, Scanning, and Enumeration Attacks

2.1 Understand the MITRE ATT&CK Framework

• Learn the attacker evolution and the network for tool, technique, and practice (TTP) mapping
• Learn to use the MITRE ATT&CK Framework for smarter adversary assessment
• Learn to integrate SEC504 with the MITRE ATT&CK Framework

2.2 Understand Reconnaissance

• Learn about network reveal
• Understand about leaking too much information
• Learn to use certificate transparency for pre-production server identification
• Overview of Domain Name System harvesting
• Learn the process of data gathering from job postings, websites, and government databases
• Overview of identifying publicly compromised accounts
• Overview of FOCA for metadata analysis
• Learn about Aggregate OSINT data collection with SpiderFoot
• Learn to master SHODAN searches for target discovery

2.3 Understand the process of Scanning

• Learn the techniques attackers use to enumerate your networks
• Learn to locate and attack personal and enterprise Wi-Fi
• Learn to identify and exploit proprietary wireless systems
• Learn about port scanning: small and large-scale enumeration tasks
• Learn about quick and effective intel collection from web servers
• Learn about characterizing network targets by OS, service, patch level
• Learn about vulnerability scanning and finding prioritization

2.4 Understand Enumerating Windows Active Directory Targets

• Learn about Windows Active Directory domain enumeration with BloodHound, SharpView
• Learn about windows Command and Control with PowerShell Empire
• Learn about operating system bridging from Linux to Windows targets
• Learn to defend against SMB attacks with sophisticated Windows networking features
• Learn about SMB security features through Windows Server 2019

2.5 Understand Defense Spotlight: DeepBlueCLI

• Learn to use PowerShell to enumerate Windows systems
• Learn about fast and effective Windows event log analysis
• Learn to leverage PowerShell output modifiers for reporting, analysis
• Learn to characterize common Windows scans and attacks against Windows servers

Module 3: Describe Password and Access Attacks

3.1: Understand Password Attacks

• Learn the process to bypass account lockout policies
• Learn to choose a target protocol for password guessing attacks
• Learn the techniques for choosing password lists
• Learn to reuse compromise password lists against your organization
• Learn the techniques for password cracking
• Overview and recommendations for password cracking in your organization

3.2 Understand Defense Spotlight: Log Analysis with Elastic Stack (formerly ELK)

• Lear to establish a lightweight log analysis system with Elasticsearch, Logstack, Beats, and Kibana
• Overview of Linux and UNIX authentication logging data
• Learn to configure Filebeat for simple log ingestion
• Learn to use Kibana to identify password attack events
• Learn to customize Kibana visualization for effective threat hunting

3.3 Overview of Password Hashes

• Overview of Hashing algorithms, processes, and problems
• Learn about Windows hashing function through Windows Server 2019
• Learn about Password hash function strength and quality metrics
• Learn to extract Windows domain password hashes using built-in tools
• Learn how to get password hashes from Windows 10 systems
• Learn to decode UNIX and Linux password hashes
• Learn to mitigate GPU-based cracking: PBKDF2, bcrypt, and script

3.4 Understand Password Cracking Attacks

• John the Ripper: single, wordlist, incremental, and external cracking modes
• Cracking hashes with Hashcat: straight and combinator attacks
• Effective hash computation using mask attacks
• Breaking user password selection weaknesses with Hashcat rules
• Three simple strategies for defeating password cracking

3.5 Understand Defense Spotlight: Domain Password Auditing

• Learn to enumerate Windows domain settings with simple PowerShell one-line scripts
• Learn to characterize systemic behavior in user password selection
• Learn to identify bad password offenders in your organization
• Learn to mitigate password sharing in Windows domains

3.6 Understand Netcat: The Attacker's Best Friend

• Learn to transfer files, creating backdoors, and shoveling shells
• Learn Netcat relays to obscure the source of an attack
• Learn to replay attacks with Netcat

Module 4: DescribePublic-Facing and Drive-By Attacks

4.1 Understand Using Metasploit for System Compromise

• Learn to use the Metasploit framework for specific attack goals
• Learn to match exploits with reconnaissance data
• Learn to deploy Metasploit Meterpreter Command & Control
• Learn to identify Metasploit exploit artifacts on the system and network

4.2 Understand Drive-By and Watering Hole Attacks

• Learn to examine the browser attack surface
• Learn to identify browser vulnerabilities with JavaScript
• Learn about Code-executing Microsoft Office attacks
• Learn about backdooring legitimate code with attacker payloads

4.3 Understand Defense Spotlight: System Resource Usage Monitor (SRUM)

• Learn to assess attacker activity with Windows 10 app history
• Learn to extract useful data from the protected SRUM database
• Learn to convert raw SRUM data to useful post-exploit analysis

4.4 Understand Web Application Attacks

• Learn about account harvesting for user enumeration
• Overview of command injection attacks for web server remote command injection
• Learn about SQL Injection: Manipulating back-end databases
• Learn about Session Cloning: Grabbing other users' web sessions
• Learn about Cross-Site Scripting: Manipulating victim browser sessions

4.5 Understand Defense Spotlight: Effective Web Server Log Analysis

• Learn about Elastic Stack (ELK) tools for post-attack log analysis
• Learn to configure Filebeat for web server log consumption
• Learn to use the Kibana Query Language (KQL) to identify custom web attacks
• Learn about hunting for common SQL Injection attack signatures
• Learn to decode obfuscated attack signatures with CyberChef

Module 5 - Evasion and Post-Exploitation Attacks

5.1 Understand Endpoint Security Bypass

• Learn to evade EDR analysis with executable manipulation: ghostwriting
• Learn to manipulate Windows Defender for attack signature disclosure
• Learn to use LOLBAS to evade application whitelisting
• Learn to adapt Metasploit payloads on protected platforms

5.2 Understand Pivoting and Lateral Movement

• Learn to pivot from initial compromise to internal networks
• Learn about Effective port forwarding with Meterpreter payloads
• Learn to leverage compromised hosts for internal network scanning, exploitation
• Learn about Windows netsh and attacker internal network access

5.3 Understand Privileged Insider Network Attacks

• Learn about Leveraging initial access for network attacks
• Learn to deploy packet sniffers, MITM attack tools
• Learn about native packet capture on compromised Windows hosts
• Learn about abusing weak protocols: DNS, HTTP
• Learn about network service impersonation attacks with Flamingo\
• Learn about abusing Windows name resolution for password disclosure

5.4 Understand Covering Tracks

• Learn to maintain access by manipulating compromised hosts
• Learn about editing log files on Linux and Windows systems
• Learn about hiding data in Windows ADS
• Learn about network persistence through hidden Command & Control

5.5 Understand Defense Spotlight: Real Intelligence Threat Analytics (RITA)

• Learn to characterize advanced Command & Control activity over the network
• Learn to capture and processing network data with Zeek
• Learn about Network threat hunting: beacons, long connections, strobes, and DNS analysis

5.6 Understand Post-Exploitation Data Collection

• Learn about Harvesting passwords from compromised Linux hosts
• Overview of Password dumping with Mimikatz and EDR bypass
• Learn about defeating Windows and macOS password managers
• Learn about windows keystroke logging attacks
• Learn about data exfiltration over blended network protocols

5.7 Understand Where To Go From Here

• Learn about techniques for solving the problem of needing time for study
• Learn and understand the Forgetting Curve dilemma
• Learn about the techniques for developing long-term retention from what you have learned
• Learn to build study strategies for certification, applying your knowledge

Module 6: Describe Capture the Flag Event

6.1 Understand Hands-on Analysis

• Learn to exploit user password misuse
• Overview of scanning, reconnaissance analysis
• Learn to use OSINT resources to collect information about a target network
• Learn to match reconnaissance data with public exploits
• Overview of privilege escalation on Linux and Windows systems
• Learn to exploit common Windows Domain vulnerabilitiesPillaging data on compromised systems
• Learn the process of pivoting from initial compromise to internal network access
• Learn to identify attacker artifacts following a network compromise