Date: TBA
Time: 9.00am – 5.00pm
Duration: 9 Days
Course Overview
Due to a rise in the number of cyber-attacks and as organisations become more dependent on well-functioning network services, there is a growing need for qualified cybersecurity professionals to be able to respond to suspicious incidents in the network, as well as investigate and understand security breaches and attackers’ activities in the network. These skills are crucial assets that organisations need today.
In the last module of the training, participants will continue learning how to conduct full investigations, as well as define sets of rules and alarms to identify potential attacks.
Participants will also learn to apply what they’ve learnt to real-life case studies based on national-level attacks.
This module is part of Higher Certificate of Cyber Security (Advanced).
Learning Outcomes
With a good comprehension of the SIEM system and IR investigation tools, cybersecurity analysts can then participate in full IR investigations. He/she will know how to perform any part of the technical investigation and how to write a summary report.
This course will teach the learner how to set rules and alerts based on all kinds of artifacts to monitor the organisation’s network and assets, as well as to identify potential cyber-attacks.
The course will teach learners on:
- Obtaining a good understanding of using SIEM systems
- Gaining practical experience in IR investigation tools, techniques and reports.
- Knowing how to define a set of rules and alarms to identify potential attacks
Topic
- SIEM systems (e.g. Splunk)
- Powershell IR
- Eventlog analysis
- Sysmon
- Splunk IR
- IR storytelling
- MFT analysis
- Memory forensics
- Sandboxes
- Incident response reporting methodology
- Yara
- Malware analysis
Who Should Attend
- Cyber Security Analyst, SOC/CIRT
Prerequisites
- Python programming experience
- Networking experience
- Operating system experience
- Network Forensics experience
- Network PT experience
- Linux experience
Insight from Instructor
“This course provides a comprehensive deep-dive into all aspects of incident response and is quintessential for all cyber practitioners who aspire to be incident responders (IR). Existing IR practitioners should also take this course to be acquainted with the latest best practices and techniques.
The participants will learn and practice setting alerts, monitoring and investigating using Splunk (as an example for SIEM system), get familiar with the different artifacts they will have to look for and analyze as sysmon logs, eventlogs, registry values and prefetch to understand the attackers TTPs and detect malwares, practice memory forensics to dissect suspicions activity. Finally, they will learn the art of IR storytelling (also known as storyboarding) – how to assemble an accurate timeline to a “full picture” of the incident, based on their findings (and also identify the gaps and by that, know what else is missing) and how to summarize the investigation into an IR report.”
Rony Munitz
Course Conveners
(Click their photos to view their short biographies)
Mr Dvir Chikvashvili
Mr Dvir Chikvashvili
Mr Dvir Chikvashvili is a cyber security professional specializing in cloud security and currently is the Program Manager at DART.
He started programing at 13 and attained the CCNA certification at 14. He also wrote his first malware at the age of 15.
He has varied experiences both from the IDF and Israel’s wider tech industry.
During his career, he has consistently found a way to integrate his tech skills with his passion for teaching. He has lectured and trained other cyber security professionals in the IDF, Israeli colleges and more recently in Singapore.
He is interested in artificial intelligence, philosophy, woodworking, and biking.
Mr Gur Sharon
Mr Gur Sharon
Mr Gur Sharon is a cyber defense expert with practical experience in SOC, IR, forensics, threat assessment and is a Senior Trainer at DART.
He has a deep passion for network security, with extensive knowledge in network protocols, network security products and network traffic analysis.
After several years in the IDF’s cyber units leading Incident Response and Threat Hunting operations, Gur retired and dedicated himself to cyber security training, coaching hundreds of cyber experts all over the world.
In his free time, Gur solves puzzles, plays different instruments and enjoys exploring Singapore on his bicycle.
Mr Rony Munitz
Mr Rony Munitz
After a decade of different operational roles in red teams, incident response, and threat hunting operations, both as an expert and a team leader, Rony dedicated his time training the next generation of cyber experts. He is currently a Program Manager at DART.
As a researcher, he found several vulnerabilities and developed attack techniques on Windows, Mac and IoT devices. During his career he was a researcher and team leader in IDF Intelligence Corps top cybersecurity unit, Accenture, Novartis and XM Cyber.
Rony is a Japanese food enthusiast and a K-drama fan.
Mr Ron Suhodrev
Mr Ron Suhodrev
Mr Ron Suhodrev is a cybersecurity professional with over 10 years of experience. His first exposure to programming was at 12 years old at Ben Gurion University. At 16, Ron started working as a freelance developer and at 18 joined a prestigious cybersecurity unit in the Intelligence Crops in the IDF.
After his time in the unit, Ron worked as a researcher in leading cybersecurity companies as Trusteer (IBM) and Perception Point while on his spare time tutored computer science university students.
Before moving to Singapore, Ron was the founder of two different startups – one in medical education and another in cybersecurity training and recruitment.
In Singapore, Ron successfully led a two-year-long cybersecurity program and is now acting as Chief Scientist in DART.
Ron’s interests include cutting-edge technology, education, longevity research, philosophy, and diving.
Mr Zhuang Weiliang
Mr Zhuang Weiliang
Mr Zhuang Weiliang has more than 10 years of experience in Intelligence, Weiliang started out in Singapore Armed Forces (SAF) as an Intelligence Officer specializing in analyzing information and production of Intelligence products related to the region.
He transited to the Defence Cyber Organisation (DCO) in MINDEF later in his career, dealing with intelligence collection and analysis of cyber threats pertaining to Singapore. He has also set up the collection and analysis systems while he was there.
He later joined Ensign as a Lead Consultant where he started the Cyber Threat Intelligence (CTI) team providing intelligence products to clients and kept abreast of potential cyber threats. He was also involved in Incident Response and Malware Analysis during his time in Ensign.
As a Lead Trainer at DART, Weiliang’s focus is to train new cyber experts and researchers.
Outside of work Weiliang spends most of his time in Crossfit, Ultimate Frisbee, and keeping up to date with the latest technologies.
Insight from Instructor
“This course provides a comprehensive deep-dive into all aspects of incident response and is quintessential for all cyber practitioners who aspire to be incident responders (IR). Existing IR practitioners should also take this course to be acquainted with the latest best practices and techniques.
The participants will learn and practice setting alerts, monitoring and investigating using Splunk (as an example for SIEM system), get familiar with the different artifacts they will have to look for and analyze as sysmon logs, eventlogs, registry values and prefetch to understand the attackers TTPs and detect malwares, practice memory forensics to dissect suspicions activity. Finally, they will learn the art of IR storytelling (also known as storyboarding) – how to assemble an accurate timeline to a “full picture” of the incident, based on their findings (and also identify the gaps and by that, know what else is missing) and how to summarize the investigation into an IR report.”
–Rony Munitz
Course Fees
Total Nett Programme Fee Payable, Including GST, after additional funding from the various funding schemes
Participants must fulfill at least 75% attendance and pass all assessment components to be eligible for SSG funding.
To enquire, email soc-ace@nus.edu.sg
To register, click Register
For members of public and NUS Alumnus (without R&G Voucher), please follow the steps below:
Select Short Course / Modular Course -> Apply for Myself -> Browse Academic Modules / Short Courses-> Module/Course Category -> Short Courses -> Browse Courses-> Advanced Computing for Exe (Faculty/Department / Unit)
Please download the user guide for NUS Online Application Portal after you click ‘Apply for Myself’ if you need assistance.
Course Fee Breakdown
Singapore Citizens
39 years old or youngerSingapore Citizen
40 years old or older