Advanced Persistent Threats, the most infamous yet misunderstood types of threats against your organization. This course will teach you everything you want to know about them from origins and goals, to practical detection, and defense against an APT.
Whether you've been in the information security field or not, you've definitely heard of them. Advanced Persistent Threats (APT), are responsible for some of the largest cyber-attacks in history. How do you defend against these threats? Where do you even begin? In this course, Advanced Persistent Threats: The Big Picture, you'll learn everything that you might want to know about APTs. First, you'll develop an understanding of their motives and identities. Next, you'll explore when to classify a threat as an APT, and more importantly, when not to. Then, you'll learn how to assess your own risk and set up a system to detect these threats before it's too late. Finally, you'll finish up with implementing practical defense mechanisms. By the end of this course, you'll understand where APTs come from, what their goals are, how to detect and classify them, and minimize risk of threat from APTs.
Rithwik Jayasimha is an information security researcher and consultant who has a passion for all things hackable. He loves open-source and is a regular contributor to several infosec projects. He is experienced in both offensive and defensive security techniques. He got his first computer in first grade, and has never looked back. He loves a good challenge and loves learning!
Course Overview Hi, everyone. My name is Rithwik Jayasimha, and welcome to my course, Advanced Persistent Threats: The Big Picture. I'm a security consultant based out of Bangalore. If you've been in the security field for any duration of time, chances are you've heard someone at some point call an attack on their organization an advanced persistent threat. If you've ever thought, really? Or if you've ever just wanted to know more about these threats, what they really are, and who's behind them, then this course is for you. Some of the major topics that we'll cover include what advanced persistent threats are, and when a threat is not an APT. What distinguishes them from commodity threats. The motives of the attackers behind them. Detecting APTs at various levels. And finally, practical defense against APTs. By the end of this course, you'll know enough about APTs in general to be able to directly apply the concepts that we discuss here in your network. This course will help you shift from simply knowing the terminology to the point where you'll be able to jump in to more advanced concepts about physical and network security in order to safeguard your systems. I hope you'll join me in this journey to learn more about advanced persistent threats, with the Advanced Persistent Threats: The Big Picture course at Pluralsight.
Understanding the History of APTs Okay, history time. If you're like most people, you probably hated history back in school. I mean, come on. It's dates and names of people, most of whom are dead and were killed for some unnamed reason than the other. In fact, I bet they never even told you why history was important. Well, it's time to set that right. I'm no history teacher, but in a nutshell, learning about the history of attacks is extremely important as it helps us understand what mistakes the victims made, what the attackers motives were, and finally, it'll also help you understand what you need to do in order to prevent a successful attack on your organization. Is that enough to convince you? I hope so. Because here's what we'll be covering in this module. We'll do three main things. We'll look at four advanced persistent threats, some because they occupy an important position in history, and others because of their very interesting motives. We'll then look at who the attackers were in each case. And finally, a little later in this course, we'll see why these attackers did what they did. Now, let's begin.
How Do You Detect APTs? And we'll finally here. After spending the better part of this course examining post attacks and processes, we're finally going to understand just how you would go about detecting an advanced persistent threat. As we've already discussed, early detection makes all the difference when it comes to APTs. Detect them when they're attempting to break into you network and you're golden. Detect them once they're inside your network and okay. Detect them when they're (mumbles) data and that's bad. Miss them completely, appalling. Obviously the principle is the same with every other achievement. The earlier you catch it, the better it is. So how do we do it? What sort of signs should you be looking for? Never thought you'd ask. So now let's run through what we'll be covering here. We'll examine the various stages in which it's possible to detect an advanced persistent threat. We'll also discuss what sort of information we're looking for in each of these stages. We'll then look at the various methods with which you can identify threats. These can be either manual methods or automated processes. Now let's begin.