Phoenix TS

Essential Defense Tactics Training

This training introduces attacks that completely compromises systems and networks, and how to design defensive mechanisms to either prevent the attack or isolate it when prevention is not possible.

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Course Overview

In this hands-on training you will learn the foundation of security and defending architectures from attack. You will look at the concept of “thinking like a hacker” to learn techniques to defend from the types of attacks that are commonly conducted against the IT corporate networks as well as industrial control networks. You will learn powerful methods to analyze the risk of both the IT and corporate network. Once your foundation has been set you will look at the best practices recommendations when it comes to reducing the attack surface. You will learn a systematic process of intrusion and memory analysis.


Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 301-258-8200.


Not seeing a good fit?

Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.

Contact Us

Learn more about custom training

Course Outline

Challenges of Vulnerability Management

  • Selecting a stance on risk
  • The impossible task of tracking vulnerabilities
  • The patch system is broken 
  • Conducting self assessment
  • Essential vulnerability steps
    • Sites of interest
    • Analysis of attack surface
    • System hardening
  • XCCDF and OVAL 
  • LAB: Hardening Systems
    • In this lab the method of using the security compliance manager to reduce the attack surface will be reviewed. The process for mitigating the attacks with the basic fundamentals of defense and how to configure simple application whitelisting techniques.

Emerging Threats and Advanced Attacks

  • Mobile
  • Critical infrastructure
  • Social
  • Malware 
  • Data loss 
  • LAB: Emerging Threats
    • In this lab, the student will research the latest threats and attacks to include Advanced Persistent Threat (APT), Mobile and Hacking the Human.

Essentials of Defense

  • Perimeter configuration and security
  • Router hardening
  • Turning off services not required
  • Routing protocol weaknesses 
  • LAB: Basic Filtering
    • In this lab, the students will learn best practices for ingress filtering and the RFC guidance for configuring DDOS protection, the ingress filtering will include the configuration and setup of the bogon filtering. The best practices guide with respect to an enterprise malware strategy and egress filtering will introduced 
    • Segmentation and isolation
    • Establishing security zones
    • Establishing secure segments within the enterprise architecture 
  • LAB: Advanced Filtering
    • In this lab, the student will configure and design network segments and establish security zones that are based on risk, the coordination and correlation of the segments to support the required services will be explored.

Malware and Memory Analysis

  • Basic process analysis
  • Advanced process analysis
  • LAB: Process analysis
    • In this lab, the students will learn how to follow the hooks and handles of a process that is running on a machine, at the completion of this they will perform basic infections of memory and analyze them applying the process they have learned 
    • Rootkits
    • Analysis of live memory
    • RAM analysis
  • LAB: Memory analysis
    • In this lab, the student will perform live memory analysis of compromised machines and determine methods to identify the infection, they will review the strings from the process to classify what the process is being used for. The memory will be infected by rootkits and then memory images captured and analyzed to determine what happened by following a proven process and methodology.

Proven Defense Measures

  • Success Stories – Modern filtering
  • Network segmentation and isolation
  • Internal honeypots, sinkholes and black holes 
  • LAB: Modern Filtering and segmentation
    • In this lab, the student will learn the implementation to support the concepts of segmentation, isolation and security zones. The networks will be setup for sinkhole and black hole routing. Simple honeypots will be configured to help identify any anomalous traffic that could represent an attack o Ingress o Egress o Deploying time-based access control.
  • LAB: Tactical Filtering
    • In this lab, the student will build a multi-segmented architecture and configure filtering and time-based access control to restrict the amount of the network segment attack surface thereby reducing the amount of risk to the network.

Creating an External Attack Architecture

  • Establishing the layers
  • Configuring the perimeter devices
    • Router
    • Firewalls 
  • LAB: Configuring perimeter devices to support public services
    • In this lab, the student will configure the perimeter devices and firewalls to support an enterprise architecture and typical public services. The process of adding and implementing firewalls into a network architecture will be reviewed and practiced
    • Deploying Monitors o Intrusion Detection System (IDS) 
      • Intrusion Prevention System (IPS) 
  • LAB: IDS Signature Analysis and Customization
    • In this lab, the student will be introduced to the components of IDS signatures in Snort and Suricata, the concept of tuning the rules to match security zones will be explored. Students will write their own custom detection signatures for Suricata.
      • Load balancers 
      • Integrating web application firewalls 
      • Security Information and Event Management (SIEM)
    • In this lab, the student will deploy the Security Onion tool, learn the components and event correlation capabilities of the tool to include configuration of:
      • SQUIL
      • SQERT
      • Kibana
      • Suricata

Securing the Corporate Network and Reducing Attack Surface

  • Physical Security
  • Establishing Policy
  • Performing self-assessment
  • Selecting and applying controls
  • Monitoring 
  • LAB: Self Assessment
    • In this lab, the student will learn how to perform a vulnerability and risk assessment of the different network segments that they have to include the methods of mapping the attack surface and mitigating the risk of these services.

Advanced Defensive Measures

  • Success Stories
  • Modern filtering
  • Network segmentation and isolation
  • Internal honeypots and blackholes
  • Server 2012, 2016 and 2019 enhancements
  • Linux apparmor
  • Internal honeypots 
  • LAB – Advanced Defense
    • In this lab, the student will create Windows Server machines and deploy advanced methods like IPsec isolation and other Windows Server security protections, the methods of mitigating the Pass the Hash attack vectors will be explored and then tested.

Building a Complete Cyber Range and a Capture the Flag (CTF) Architecture

  • Creating the layered architecture
    • Segmenting the architecture
  • The multi-tiered CTF labyrinth
  • Integrating the decoys
    • Honeypots
    • Honeynets
    • Darknets
  • Attacking the completed range
  • Defending the completed range
  • LAB: Attackers and Defenders Challenge Wars
    • In this lab, the students will participate in a planning workshop where they will discuss the design of a network architecture, they will each build it then pair off and participate in different roles of Attacker and Defender and perform a series of Red and Blue team simulations at the end of the challenge, the teams will share their experiences from being the attacker and the defender.

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

Subscribe now

Get new class alerts, promotions, and blog posts

Phoenix TS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

Download Course Brochure

Enter your information below to download this brochure!