CDC INCIDENT HANDLING - LEVEL 1 (TD-CSR101)

TECHNICAL DETECTION, ANALYSIS & RESPONSE
ISH CERTIFICATE “SECURITY INCIDENT ANALYST - LEVEL 1”

MOTIVATION 
To respond effectively to cyber security challenges, CDC members must constantly develop and test their knowledge and effectiveness. One of the best ways to do this is to test their readiness against simulated attack scenarios within a hyper-realistic training environment: the Cyber Simulation Range (CSR). This course sets the stage for future security analysts to deal with cyber attack scenarios – ranging from basic to complex – which include legacy, current and emerging threat vectors. 
LEARNING OBJECTIVES
By the end of this course, students will be able to:
  • Understand the functionality of a state-of-the-art CDC
  • Utilize integrated tools of the complete CDC technology stack
  • Efficiently detect, assess and determine the scope of incidents
  • Enrich event information utilizing external threat intelligence
  • Perform tasks in various CDC roles in situations of stress


PRE-REQUISITE FOR COURSE REGISTRATION
This course focuses on detection and analysis of cyber threats against IT environments. We will give short crash courses for required CDC tools before jumping into concrete realistic cases. The complexity of attacks and sce-narios will increase over time. Therefore the audience is expected to have basic knowledge and experience in IT security.
  • MUST Most important: A passion for IT security
  • MUST OS basics for Windows and Linux
  • MUST Network basics regarding the OSI model
  • MUST Logging and log analysis basics
  • NICE TO HAVE Hcking basics (Metasploit, Mimikatz, Kali, WebApp hacking etc.)
Details anzeigen
COURSE CONTENT
  • Cyber Defense Center
  1. Mission statement, services and maturity level
  2. Team structure, roles and responsibilities
  3. CDC tools including crash courses
  4. Incident categorization, triage process, information enrichment & correlation
  5. IR processes & playbooks
  • Cyber Simulation Range
  • Understand the hyper-realistic CSR architecture
  • Work with the CDC technology stack and toolbase
  • Identfiy criticalities of assets and information
  • Slip into different CDC roles
  • Perform teamwork and individual tasks
  • Practical training sessions in IT environments
  1. Understand the adversaries kill chain, tactics and techniques
  2. Search for indicators of compromise (IoC) in logs, flows and payloads
  3. Identifiy compromised systems
  4. Detect indicators of reconnaissance, lateral movement and post-exploitation
  5. Scope single and multiple path attacks with increasing complexity
  6. Find active and dormant malware, bots and backdoors
  7. Discover common hiding and evasion techniques
  8. Understand the full picture of targeted attacks and collect evidence of persistence
TARGET AUDIENCE
  • CDC analysts who are faced with security incidents on a regular basis and need to know how to detect, in-vestigate, remediate, and recover from compromised systems across an IT infrastructure
  • Threat hunters who are seeking to understand threats more fully and who want to learn from incidents in order to more effectively hunt threats and respond to future threats
  • Technically oriented CISOs, risk managers and security experts who are responsible for the organisational management of serious cyber crises