Training

Course Library

Learn the process of conducting security investigations regardless of the toolset.

  • A simple investigation framework to ensure you’ll never get stuck or overwhelmed by data when pursuing leads.
  • The characteristics of evidence and which sources will provide the most value.
  • A formula for building investigation playbooks that will help you get to the right conclusion faster and consistently.
  • Useful techniques for building timelines, making threat hunting observations, and optimizing your workflow through the principle of mise en place.

* This course is available online and on-site at your organization.


Get hands-on experience capturing, dissecting, and making sense of packets.

  • 5 techniques for capturing packets in any scenario and how to know which one is appropriate
  • A tutorial on using packet maps to navigate protocols along with color-coded printable maps for all the most common protocols you’ll encounter.
  • Learn all of Wireshark’s analysis features including how to create graphs, traverse protocol hierarchy charts, and generate stats that are simple AND useful.
  • My tips for customizing your analysis environment by using features like Wireshark profiles, custom columns, and individual packet color coding.
  • Techniques for extracting complete files from network communication via multiple protocols — even custom malware command and control.
  • How to use tshark and tcpdump to perform packet analysis on the command line.
  • How to approach and dissect these protocols: IPv4, IPv6, TCP, UDP, DHCP, DNS, HTTP, SMTP, and ICMP.
  • Learn what normal looks like so you can spot abnormal when you encounter it.


Master your data by learning how to centralize, parse, and analyze it using the popular open source ELK toolkit.

  • Store, index, and search data in a centralized location with Elasticsearch.
  • Explore the most useful Logstash plugins to effectively collect and manipulate structured and unstructured data.
  • Techniques for searching data and building useful visualizations and dashboards with Kibana.
  • Step-by-step guides for building data pipelines for common data sources: HTTP proxy logs, file-based logs, Windows events and Sysmon data, netflow, and IDS alerts.


Learn my system for writing that communicates a clear message, keeps your reading engaged, and creates meaningful change.

  • My repeatable system for faster, more effective security writing through storytelling and empathy development.
  • Techniques to bridge the gap between technical and non-technical audiences.
  • The critical components of a penetration testing report and how to write one so that network owners will finally take your findings and recommendations to heart.
  • How to write compromise reports that aren’t boring, and help stakeholders understand the scope of an attack that has occurred.
  • How to write more effective short-form communication, including e-mails, case notes, and chat messages.


Find your passion as this free introduction to information security takes you through a real investigation from the popular “Cuckoo’s Egg” book by Cliff Stoll.

  • Journey through the story of Cliff Stoll and compare his experience with information security in the modern day.
  • Explore a wide array of topics touching nearly every information security specialty. IF you’re new to the field, this is a great way to figure out what interests you.
  • Stretch your mind by considering tough questions that practitioners struggle with on a daily basis.
  • Watch an interview with Hans “Pengo” Hubner, one of the hackers responsible for the events in the book.

 

In addition to the courses I personally teach, I also help produce courses for others at https://networkdefense.io.

Be sure and check out some of these other great courses!