Ultimate Network and System Cybersecurity Defense Masterclass

         เป็นหลักสูตรฝึกอบรมแบบเข้มข้นที่เน้นการปฏิบัติจริง และสามารถนำมาใช้งานได้สำหรับ องค์กรต่างๆเช่น ออกแบบมาสำหรับผู้ที่ดูแลระบบเครือข่าย และระบบ Server ต่างๆในองค์กร รวมทั้งผู้เชี่ยวชาญด้านไอที นักวิเคราะห์ความปลอดภัย และทีม SOC ที่ต้องการปกป้อง ตรวจจับ และตอบสนองต่อภัยคุกคามทางไซเบอร์ในสภาพแวดล้อมของ Windows Endpoint Windows Server ระบบเครือข่าย Web Application Server และ Cloud

      ด้วยการผสมผสานระหว่าง กลยุทธ์การโจมตีเชิงรุก เทคนิคการป้องกันขั้นสูง และมีการทำ Lab ภาคปฏิบัติในห้องเรียน หลักสูตรนี้จะมอบทักษะที่จำเป็นในการป้องกัน Windows Station, Windows Server, Linux, ระบบ Cloud และสภาพแวดล้อมระดับองค์กร จากภัยคุกคามทางไซเบอร์สมัยใหม่ รวมถึงแรนซัมแวร์และ APTs (Advanced Persistent Threats)

ระยะเวลาอบรม: 3 วัน

รายละเอียดหลักสูตร

Cybersecurity Fundamentals

Understanding Cyber Threats – Malware, Ransomware, Zero-Day Attacks

Cybersecurity Frameworks – NIST, CIS, MITRE ATT&CK

Network Security Basics – Firewalls, IDS/IPS, Zero Trust Architecture

Endpoint Security & Threat Protection

Introduction to Endpoint Security and EDR

Understanding Endpoint Threats

Malware, Ransomware, Zero-Day Attacks

Endpoint Security Frameworks (MITRE ATT&CK)

EDR Architecture and Its Key Components

Definition and core concepts of EDR

Key features and capabilities of EDR tools

An overview of popular EDR tools

Microsoft Defender for Endpoint

SentinelOne

CrowdStrike Falcon Insight

The planning and considerations before deploying EDR and deployment models

Advanced Endpoint Security Techniques and Best Practices

EDR Use Cases  

Use case 1 – identifying the source and root cause of data leakage in the cyber incidents

Use case 2 – endpoint management with EDR

Use case 3 – safeguarding your company against WannaCry using EDR

Use case 4 – email security

Use case 5 – ransomware incident

Use case 6 – man-in-the-middle attack

Best Practices and Recommendations for Endpoint Protection

Endpoint hardening

Endpoint Security Tools & Best Practices

Microsoft Defender for Endpoint

EDR (Endpoint Detection & Response) Solutions

Windows Security & Incident Response

Windows Security Hardening (Windows 10/11 & Server 2019/2022)

PowerShell Security & Hardening

Digital Forensics & Incident Response (DFIR)

Capturing & Analyzing Windows Event Logs

Memory Forensics with Volatility

Windows Server Security Fundamentals & Hardening

Windows Server Security Architecture

Understanding Windows Server 2019/2022 Security Models

Secure Boot, TPM, and Windows Defender Security Stack

Implementing Active Directory (AD) Security Best Practices

Securing Domain Controllers (DC)

Hardening Active Directory (LDAPS, Tiered Admin Model)

Advanced Group Policy Object (GPO) Security Configurations

Essential Security GPOs for Windows Server Hardening

Least Privilege Access & Role-Based Access Control (RBAC)

Lab: Hardening Windows Server 2019/2022

Implementing AD Security Policies

Configuring Secure Administrative Workstations (SAWs)

Locking Down Unused Services & Ports

Lab: Windows Security & Forensic Analysis

Configuring Advanced Audit Policies

Investigating Malicious Processes & Registry Changes

Restoring a Compromised Windows Machine

Lab: Hardening Windows 10/11

Configuring Windows Defender

Enabling BitLocker & Secure Boot

Disabling Unused Services & Ports

Ransomware Detection & Protection  

Ransomware Attack Lifecycle

Delivery, Execution, Privilege Escalation, Encryption

Ransomware Attack Vectors and the Threat Landscape

How does ransomware work

Identity-based attacks

Building a Secure Foundation

Zero-trust design principles

Network access

Vulnerability and patch management

Identity and access control

Security logging and monitoring

A secure foundation within

Microsoft Azure

Techniques to Detect & Prevent Ransomware

File Integrity Monitoring (FIM)

Network Traffic Analysis for Anomalies

Security Monitoring Using Microsoft Sentinel and Defender

Designing and implementing Microsoft Sentinel

Collecting logs and data sources

Ransomware detection – looking for initial compromise

Detecting vulnerabilities with Defender

Ransomware Countermeasures – Windows Endpoints, Identity

Microsoft Defender and antimalware

Update Management

Securing Microsoft Office apps

Securing the web browser

Securing user identity  

Securing Active Directory

Securing email services

Ransomware Countermeasures – Networking and Zero-Trust Access

Attackers and lateral movement

Providing users with secure access to services

Remote management services

DDoS protection

Best Practices for Protecting Windows from Ransomware Attacks

Best practices and security settings in Windows

Remote desktop management

Administrative shares

LAPS and restrict usage of local accounts

Windows Firewall best practices

Tamper Protection

Automatic patching of infrastructure

File Server Resource Manager and file groups

Other top tips to protect against ransomware

Lab: Detecting & Responding to Ransomware

Simulating a Ransomware Attack in a Test Environment

Implementing Application Whitelisting

Configuring Ransomware Protection Policies in Windows

 Network Security Fundamentals & Advanced Threats

Core Network Security Concepts

Zero Trust Architecture (ZTA)

Network Segmentation & Micro-Segmentation

Secure Network Topologies (DMZ, VLAN, VPN)

Threat Modeling & Risk Assessment

MITRE ATT&CK Framework

Understanding Advanced Persistent Threats (APT)

Identifying Weaknesses in Network Infrastructure

Intrusion Detection & Network Traffic Analysis

Understanding Network-Based Attacks

Man-in-the-Middle (MITM), DNS Spoofing, TCP/IP Hijacking

Advanced DDoS Techniques (Botnets, Application-Layer Attacks)

Deploying IDS/IPS for Network Protection

Signature-based vs. Anomaly-based Detection

Tuning & Optimizing Snort / Suricata Rules

Lab: Detecting & Analyzing Malicious Network Traffic

Setting up Snort / Suricata for Intrusion Detection

Capturing & Analyzing Malicious Traffic with Wireshark

Investigating TCP SYN Flood Attack

Perimeter Security & Firewalls

Firewall Architectures & Deployment Models

Stateful vs. Stateless Firewalls

Deep Packet Inspection (DPI) & Next-Gen Firewalls

Secure VPN & Remote Access Security

IPsec VPN vs. SSL VPN

Configuring Multi-Factor Authentication for VPN

Lab: Firewall Hardening & Secure VPN Deployment

Configuring Cisco ASA / Palo Alto Firewalls

Advanced Threat Hunting & Incident Response

Network Threat Hunting Techniques

Hunting for Lateral Movement & Data Exfiltration

Using Zeek / Bro for Deep Network Inspection

Incident Response & Forensic Analysis

Analyzing Indicators of Compromise (IoCs)

Investigating Suspicious Network Activity

Lab: Threat Hunting & Forensic Analysis

Conducting Packet Analysis for Threat Indicators

Investigating Suspicious Login Attempts & Privilege Escalation

Extracting Attack Artifacts from Network Logs

Web Application Threats & Offensive Security

Understanding Web Application Security Risks

Overview of Web Security Standards: OWASP Top 10, CWE, NIST

Web Application Architecture & Attack Surfaces

Exploiting Web Vulnerabilities (Offensive Security)

SQL Injection (SQLi): Bypassing Authentication, Data Extraction, Blind SQLi

Cross-Site Scripting (XSS): Stored, Reflected, DOM-Based

Cross-Site Request Forgery (CSRF): Exploiting Unauthorized Actions

Lab: Hands-on Web Hacking

Exploiting SQL Injection using SQLMap & Manual Payloads

Injecting Malicious JavaScript via XSS

CSRF Attack Demonstration on a Web Form

Advanced Web Attacks

Remote Code Execution (RCE) & Command Injection

Server-Side Request Forgery (SSRF)

Insecure Deserialization & XML External Entity (XXE) Attacks

Lab: Attacking Advanced Web Vulnerabilities

Exploiting RCE & Command Injection on a Web Server

SSRF Attack on Cloud-based APIs

Breaking a Web App with Insecure Deserialization

Cloud Security Foundations & Advanced Threats

Cloud Security Architecture & Risk Assessment

Shared Responsibility Model: AWS, Azure, GCP

Cloud Security Frameworks: CIS, NIST, ISO 27017

Common Cloud Threats: Misconfigurations, Data Breaches, Identity-Based Attacks

Cloud Identity & Access Management (IAM) Security

Least Privilege Access & Zero Trust in Cloud

Role-Based Access Control (RBAC) & Policy-Based Access Control (PBAC)

Multi-Factor Authentication (MFA) & Conditional Access

Lab: Hardening IAM in Cloud

Configuring AWS IAM Policies & Identity Federation

Implementing Azure Privileged Identity Management (PIM)

Securing GCP IAM with Least Privilege Access

Cloud Logging, Monitoring & Security Event Detection

Setting up AWS CloudTrail, GuardDuty, Azure Sentinel, Google Security Command Center

Cloud SIEM Integration for Threat Visibility

Advanced Cloud Security Threats & Attack Scenarios

Privilege Escalation & Credential Theft in Cloud

Serverless & API Security Attacks

Data Exfiltration & Ransomware in Cloud

Lab: Cloud Threat Hunting & Response

Detecting Suspicious API Calls in AWS CloudTrail

Investigating Azure AD Login Anomalies with Sentinel

Responding to a Cloud Data Breach Incident

Cloud Security Hardening Best Practices

Securing Cloud Storage & Data Encryption (S3, Azure Blob, Google Cloud Storage)

Implementing Security Automation with AWS Lambda, Azure Logic Apps

Lab: Cloud Hardening & Security Automation

Configuring AWS S3 Bucket Security & Encryption

Implementing Cloud Security Automation Playbooks

สนใจสามารถสอบถามเพิ่มเติมได้ที่ T. 081-6676981, 089-7767190,

02-2740864, 02-2740867

Email: This email address is being protected from spambots. You need JavaScript enabled to view it. , This email address is being protected from spambots. You need JavaScript enabled to view it. 

 Facebook.com/cyberthai        Line ID : cyberthai