GIAC GMON SEC511

-
I seem to get WAY overstressed when it comes to testing for certifications. I sat yesterday for the GIAC GMON SEC511 certification and happy to report I passed!   A very special thank you to my company for sponsoring me. I'd also like to thank Seth Misenar and Eric Conrad for putting together an amazing course. Cannot forget my wife and daughter for being patient with me.   Blue will always be cool! Thanks for helping me "Secure all the Things"

So what is GMON anyway?

GIAC Continuous Monitoring Certification (GMON)

Description

Preventing all intrusions is impossible, but early detection is a must for the security of your enterprise. The proper use of Defensible Security Architecture, Network Security Monitoring (NSM)/Continuous Diagnostics and Mitigation (CDM)/ Continuous Security Monitoring will support the hindrance of intrusions and allow for early detection of anomalous activity.
The topic areas for each exam part follow:
Account & Privilege Monitoring & Authentication
The candidate will demonstrate the ability to control the privilege levels of accounts & applications
Attack Techniques
The candidate will learn to distinguish between traditional and modern attack techniques
Configuration Monitoring
The candidate will demonstrate an understanding of the tool and techniques used for configuration change monitoring
Cyber Defense Principles
The candidate will demonstrate an understanding of traditional and modern cyber defense principles
Device Monitoring
The candidate will demonstrate an understanding of the tool and techniques used for endpoint monitoring
Discovery and Vulnerability Scanning
The candidate will demonstrate an understanding of the tools and techniques used for network and endpoint discovery and vulnerability scanning
Exploit Methodology and Analysis
The candidate will be able to utilize network traffic analysis methods and principles of exploit detection to be able to rapidly discover intrusions on the network
HIDS/HIPS/Endpoint Firewalls
The candidate will demonstrate an understanding of how host intrusion detection/prevention systems & endpoint firewalls work, what their capabilities are and the roles they play in continuous monitoring
Network Data Encryption
The candidate will be able to apply principles of exploit detection to be able to rapidly detect encrypted intrusions on the network
Network Security Monitoring Tools
The candidate will demonstrate an understanding of how and why to use an assortment of network monitoring tools to improve the ability to detect intrusions on the network
NIDS/NIPS/NGFW
The candidate will demonstrate an understanding of how network intrusion detection/prevention systems & next generation firewalls work, what their capabilities are and the roles they play in continuous monitoring
Patching & Secure Baseline Configurations
The candidate will understand how to use baseline configuration auditing and patching to make endpoints more resilient.
Perimeter Protection Devices
The candidate will demonstrate the ability to identify points of access into the perimeter and network devices that can be used to protect the perimeter
Proxies & SIEM
The candidate will demonstrate an understanding of how proxies & security information and event managers work, what their capabilities are and the roles they play in continuous monitoring
Security Architecture Overview
The candidate will demonstrate an understanding of traditional and modern security architecture frameworks and the role Security Operations centers provide
Software Inventories & Whitelisting
The candidate will demonstrate an understanding of the benefits of maintaining software inventories and whitelists
Threat Intelligence
The candidate will demonstrate understanding of the techniques used to gain knowledge of potential threats to network systems and targets of attack

Comments

Post a Comment

Popular posts from this blog

CyberArk Automation

-
Image
Tonight we are working on some CyberArk automation inside of VsCode.   The building and provisioning of safes can become cumbersome when you're enrolling several hundred users a week. With the help of an amazing PowerShell module by PSPETE  we can make quick work of this. Revision 1.0 of this script will do the following. 1.) Create Users Safe 2.) Add users network account to safe with customizable permissions 3.) Add a local CyberArk support account group with customizable permissions 4.) Add Vault Admin group for more support options with customizable permissions 5.) Add Users (new) Privileged account into their newly created safe. 6.) Run a Reconcile on the account to bring into CyberArk management. .   I will upload everything to  https://github.com/atomixgray/cyberark/  after a little more testing. Revision 2.0 will include an option for bulk uploading users via a CSV file.
Read more

Hack Week | #100DaysofCode

-
Image
At my 9 to 5 each quarter we are given a week to focus on a technology or an area that we want to level up on. This Hack Week I chose Python. I will be posting some of my projects along the way. For the first project I built a simple Tip calculator . This project helps you get a better understanding of Data Types and how to manipulate Strings. https://replit.com/@atomixgray/tip-calculator-start Rock, Paper, Scissors! The main goal of the next project is to get you familiar with Random and using Modules. This was a fun one. https://replit.com/@atomixgray/rock-paper-scissors-start Next up is For loops. What a challenging and fun project. Password Generator https://replit.com/@atomixgray/password-generator-start We are now at “Day 7” and building a Hangman Game . This touches on For & While Loops, IF/ELSE, List, Strings, Range, Modules. “Day 8” brings on another fun challenge creating a Cipher shift code! This challenge teaches you more on functions using ...
Read more

CyberArk Cred Automation

-
Image
Today we are back in the lab and working on a "Credential Grab". The PowerShell module once again brought to you by PSPete. (Full Screen to view - sorry) The script itself is pretty basic but can save you a bit of time each day. 1.) Prompts for the account password you wish to "grab" 2.) Ask for Server you'd like to connect to: 3.) Using Pete's module it reaches out using CyberArk's RESTAPI: 4.) Connects to desired safe grabs password: 5.) Password is copied to your clipboard: 6.) RPD session is opened: 7.) Simply Paste your password and you're logged in: https://lnkd.in/e_rms2D Module installation Copy the CredentialRetriever folder to your "Powershell Modules" directory. Get-Module -ListAvailable CredentialRetriever Import the module: I mport-Module CredentialRetriever Now that we have the module installed we can start our custom script found here . (work in progress) The script itself is pretty basic. Launc...
Read more