Incident Handling (basic) (TD-CSR101)

To respond effectively to cyber security challenges, IT Security Professionals must constantly develop and test their knowledge and effectiveness. One of the best ways to do this is to test their readiness against simulated attack scenarios within a hyper-realistic training environment: the Cyber Simulation Range (CSR). This course sets the stage for future security analysts to deal with cyber attack scenarios – ranging from basic to complex – which include legacy, current and emerging threat vectors.

LEARNING OBJECTIVES
By the end of this course, students will be able to:
  • Understand the functionality of a state-of-the-art Cyber Defense Center (CDC)
  • Utilize integrated tools of the complete CDC technology stack
  • Efficiently detect, assess and determine the scope of incidents
  • Enrich event information utilizing external threat intelligence
  • Perform tasks in various CDC roles in situations of stress

PREREQUISITES
This course focuses on detection and analysis of cyber threats against IT environments. We will give short crash courses for required CDC tools before jumping into concrete realistic cases. The complexity of attacks and scenarios will increase over time. Therefore the audience is expected to have basic knowledge and experience in IT security.
  • MUST HAVE
    • Most important: A passion for IT security
    • OS basics for Windows and Linux
    • Network basics regarding the OSI model
    • Logging and log analysis basics
  • NICE TO HAVE
    • Hacking basics (Metasploit, Mimikatz, Kali, WebApp hacking etc.)

LOCATION & DURATION 
This course takes place over 5 days at a state-of-the-art facility in Munich Airport.

 
Details anzeigen
COURSE CONTENT
  • Cyber Defence Center
  1. Mission statement, services and maturity level
  2. Team structure, roles and responsibilities
  3. CDC tools including crash courses
  4. Incident categorization, triage process, information enrichment & correlation
  5. IR processes & playbooks
  • Cyber Simulation Range
  1. Understand the hyper-realistic CSR architecture
  2. Work with the CDC technology stack and toolbase
  3. Identify criticalities of assets and information
  4. Slip into different CDC roles
  5. Perform teamwork and individual tasks
  • Practical training sessions in IT environments
  1. Understand the adversaries kill chain, tactics and techniques
  2. Search for indicators of compromise (IoC) in logs, flows and payloads
  3. Identify compromised systems
  4. Detect indicators of reconnaissance, lateral movement and post-exploitation
  5. Scope single and multiple path attacks with increasing complexity
  6. Find active and dormant malware, bots and backdoors
  7. Discover common hiding and evasion techniques
  8. Understand the full picture of targeted attacks and collect evidence of persistence
TARGET AUDIENCE
  • CDC analysts who are faced with security incidents on a regular basis and need to know how to detect, investigate, remediate, and recover from compromised systems across an IT infrastructure
  • Threat hunters who are seeking to understand threats more fully and who want to learn from incidents in order to more effectively hunt threats and respond to future threats
  • Technically oriented CISOs, risk managers and security experts who are responsible for the organisational management of serious cyber crisis