Category Archives: Training

Investigation Theory Course On Site in Augusta, GA!

I’m really excited to announce the first ever public LIVE in person offering of my Investigation Theory course. The two-day course will be taught on site in Augusta, Georgia on September 13th and 14th, right ahead of the Security Onion Conference and BSides Augusta. If you were planning on coming for those conferences, you can come in a couple of days early for training. Alternatively, you can come for the course and stay for what I think is the best defensively focused pair of security conferences in the country.

This offering of Investigation Theory is delivered in person over two days. You’ll participate in lectures, individual labs, and team exercises aimed to help you become better at the underlying processes that help you become an effective security analyst. This will be a very interactive class designed to take advantage of the fact that we are together in person. You’ll also get to use Investigation Ninja, our custom simulation platform designed to teach investigation skills in a tool-agnostic, data focused way!

Detailed course information and tickets can be found here: https://www.eventbrite.com/e/investigation-theory-2-day-training-course-tickets-34912113070

Register in the next couple of weeks to take advantage of early bird pricing. Seating is limited.

Practical Packet Analysis Photo Contest

Since the latest edition of Practical Packet Analysis has been released, so many people have been sending me pictures of their copies. It’s been so amazing that I’ve decided to make a contest of it and reward those of you who bought the book and are so enthusiastic about it!

About a month ago I shared that I am developing an online packet analysis course with the same name as the book. This course officially opens in June and is packed with over 40 hours of packet analysis videos and plenty of hands-on labs and packet captures for you to play around with. You can learn more about this course here: http://chrissanders.org/training/#ppa.

This is your opportunity to win a FREE seat in the course. But, it’s only if you’ve already purchased the book. I want you to take a picture of the book and send it to me at chris@chrissanders.org with the subject “PPA Photo Contest”. Now, it’s not quite that simple. I’m going to pick the winner based on who sends me the most creative picture. That can mean taking the book to an exotic locale, a simple action shot of you using the book to dissect some packets, or even a picture of the book with your dog. The sky is the limit, just don’t do anything illegal or dangerous 🙂

The official rules:

  • Your submission must be received by midnight EST on May 10th. If you were thinking about buying the book, this gives you a chance to purchase and receive it and still take your photo.
  • Entries must be submitted directly to me at chris@chrissanders.org with the subject line “PPA Photo Contest”
  • You must have purchased a legal copy of PPA 3rd edition
  • You must consent to allow me to share your picture on social media and my blog. I won’t share them all, but I will share some of my favorites.
  • I will pick one overall winner who will receive a free seat in the PPA online course. If you are already registered for this course, you can exchange that license for a seat in my Investigation Theory course.
  • I will pick a few “honorable mention” winners who will receive discount codes for any of my courses of your choosing, or free seats in my information security writing course.

So, what if you bought an electronic copy of the book? You can still enter! Just take your picture showing the book in your e-reader application or on your tablet. However, when you submit your entry please include a receipt showing your purchase. That can be a screenshot of your amazon order page or the e-mail receipt from No Starch Press.

That’s it! The contest begins NOW and ends at midnight May 10th. I’m looking forward to seeing how creative you can be!

Announcing the Practical Packet Analysis Online Course

I’m excited to announce my newest training course “Practical Packet Analysis”, with a portion of the proceeds supporting multiple charities.

Register Here

It’s easy to fire up Wireshark and capture some packets…but making sense of them is another story. There’s nothing more frustrating than knowing the answers you need lie in a mountain of data that you don’t know how to sift through. That’s why I wrote the first Practical Packet Analysis book a decade ago. That book is now in its third edition, has been translated to several languages, and has sold over 25,000 copies. Now, I’m excited to create an online course based on the book. The Practical Packet Analysis online course is the best way to get hands on visual experience capturing, dissecting, and making sense of packets.

Practical Packet Analysis takes a fundamental approach by exploring the concepts you need to know without all the fluff that is normally associated with learning about network protocols. Everything you’ll learn is something you can directly apply to the job you have, or the job you want. The ability to understand packets is a critical skill for network engineers, system administrators, security analysts, forensic investigators, and programmers alike. This class will help you build those skills through a series of expert-led lectures, scenario-based demonstrations, and hands-on lab exercises.

The Practical Packet Analysis course is perfect for beginners to intermediate analysts, but seasoned pros will probably learn a few useful techniques too. Whether you’ve never capture packets before or you have and you struggle to manipulate them to effectively achieve your goals, this course will help you get over the hump. You’ll learn:

  • How networking works at the packet level.
  • How to interpret packet data at a fundamental level in hexadecimal or binary.
  • Basic and advanced analysis features of Wireshark.
  • How to analyze packets on the command line with tshark and tcpdump.
  • Reducing capture files with Berkeley packet filters and Wireshark display filters.
  • Techniques for capturing packets to make sure you’re collecting the right data.
  • How to interpret common network and transport layer protocols like IPv4, IPv6, ICMP, TCP, and UDP.
  • How to interpret common application layer protocols like HTTP, DNS, SMTP, and more.
  • Normal and abnormal stimulus and response patterns for common protocols.
  • Troubleshooting connectivity issues at the packet level.
  • Techniques for carving files from packet streams.
  • Understanding network latency and how to locate the source.
  • How common network attacks are seen by an intrusion detection systems.
  • Techniques for investigating security alerts using packet data.
  • How malware communicates on the network.

Course Format

The Practical Packet Analysis course is delivered completely online using recorded video lectures that you can go through at your convenience. It is modeled like a college course and consists of lectures that overview critical concepts, demonstrations where I walk through packet captures, and lab exercises when you are given packet captures to work through on your own to practice the concepts you’ve learned. There is also a a discussion forum where you can ask questions and share tips and tricks with other students. The course includes over 40 hours of video lecture content, and can be completed at whatever pace is comfortable for you.

Prerequisites

This course has no prerequisites, but a basic understanding of networking is helpful. It is delivered in English.

Cost

Introductory pricing for the course is $797 for a single user license. Bulk discounts are available for organizations that want to purchase multiple licenses (please contact me to discuss payment and pricing). A portion of the purchase price will go to support multiple charities including the Rural Technology Fund, the Against Malaria Foundation, and others.

You’ll receive:

  • 6 month access to course video lectures and lab exercises
  • A Certification of Course Completion
  • Continuing Education Credits (CPEs/CEUs)

Sign Up Now!

This course is only taught periodically and space is limited.

Summer 2017 Session – Begins June 12 (Registration Deadline 6/9)

Training Course Scholarships

I’m glad to announce that I’m offering full scholarships for my online training courses to individuals employed by non-profit human services organizations. These are given out based on availability, and each application is evaluated individually by me. This covers the courses listed on my training page, and is my way of serving those who are helping others.

To apply, visit this link and fill out the application:

https://www.surveymonkey.com/r/HQCW5ZN

Announcing the Investigation Theory Online Course

Investigation Theory LogoI’m excited to announce my newest training course, with a portion of the proceeds supporting multiple charities.

Register Here

When I first started out, learning how to investigate threats was challenging because there was no formal training available. Even in modern SOCs today, most training is centered around specific tools and centers too much around on the job training. There has never been a course dedicated exclusively to the fundamental art and science of the investigation process…until now.

If you’re a security analyst responsible for investigating alerts, performing forensics, or responding to incidents then this is the course that will help you gain a deep understanding how to most effectively catch bad guys and kick them out of your network. Investigation Theory is designed to help you overcome the challenges commonly associated finding and catching bad guys.

  • I’ve got so many alerts to investigate and I’m not sure how to get through them quickly.
  • I keep getting overwhelmed by the amount of information I have to work with an investigation.
  • I’m constantly running into dead ends and getting stuck. I’m afraid I’m missing something.
  • I want to get started threat hunting, but I’m not sure how.
  • I’m having trouble getting my management chain to understand why I need the tools I’m requesting to do my job better.
  • Some people just seem to “get” security, but it just doesn’t seem to click for me.

Course Format

Investigation Theory is not like any online security training you’ve taken. It is modeled like a college course and consists of two parts: lecture and lab.  The course is delivered on-demand so you can proceed through it at your convenience. However, it’s recommended that you take a standard 10-week completion path, or an accelerated 5-week path. Either way, there are ten modules in total, and each module typically consists of the following components:

  • 1 Core Lecture: Theory and strategy is discussed in a series of video lectures. Each lecture builds on the previous one.
  • 1 Bonus Lecture: Standalone content to address specific topics is provided in every other module.
  • 1 Reading Recommendation: While not meant to be read on pace with the course, I’ve provided a curated reading list along with critical questions to consider to help develop your analyst mindset.
  • 1 Quiz: The quiz isn’t meant to test your knowledge, but rather, to give you an opportunity to apply it to reinforce learning through critical thinking and knowledge retrieval.
  • 1 Lab Exercise: The Investigation Ninja system is used to provide labs that simulate real investigations for you to practice your skills.

Investigation Ninja Lab Environment

This course utilizes the Investigation Ninja web application to simulate real investigation scenarios. By taking a vendor agnostic approach, Investigation Ninja provides real world inputs and allows you to query various data sources to uncover evil and decide if an incident has occurred, and what happened. You’ll look through real data and solve unique challenges that will test your newly learned investigation skills. A custom set of labs have been developed specifically for this course. No matter what toolset you work with in your SOC, Investigation Ninja will prepare you to excel in investigations using a data-driven approach.

This slideshow requires JavaScript.

Get stuck in a lab? I’m just an e-mail away and can help point you in the right direction. Enjoy the labs and want to go farther? You can purchase additional access to more labs, including our upcoming “Story Mode” where you create a character and progress through eight levels of investigation scenarios while trying to attain the rank of Investigation Ninja!

Instructor Q&A

This isn’t a typical online course where we just give you a bunch of videos and you’re own your own. The results of your progress, quizzes, and labs are reviewed by me and I provide real time feedback as you progress. I’m available as a resource to answer questions throughout the course.

Syllabus

  1. Metacognition: How to Approach an Investigation
  2. Evidence: Planning Visibility with a Compromise in Mind
  3. Investigation Playbooks: How to Analyze IPs, Domains, and Files
  4. Open Source Intel: Understanding the Unknown
  5. Mise en Place: Mastering Your Environment with Any Toolset
  6. The Timeline: Tracking the Investigation Process
  7. The Curious Hunter: Finding Investigation Leads without Alerts
  8. Your Own Worst Enemy: Recognizing and Limiting Bias
  9. Reporting: Effective Communication of Breaches and False Alarms
  10. Case Studies in Thinking Like an Analyst

Plus, several bonus lectures!

Cost

The course and lab access are $597 for a single user license. Discounts are available for multiple user licenses where at least 10 seats are purchased (please contact me to discuss payment). A significant portion of the purchase price will go to support multiple charities including the Rural Technology Fund, the Against Malaria Foundation, and others.

You’ll receive:

  • 6-mo Access to Course Videos and Content
  • 6-mo Access to Investigation Ninja
  • A Certification of Course Completion
  • Continuing Education Credits (CPEs/CEUs)

Sign Up Now!

This course is only taught periodically and space is limited.