Incident Handling (advanced) (TD-CSR102)

Incident analysts and threat responders have a challenging time understanding complex, multi-level attacks and APT adversary intrusions without prebuilt indicators of compromise or threat intelligence gathered before a breach. One of the best ways to enhance capabilities is to test personal readiness in advanced attack scenarios within a hyper-realisitic Cyber Simulation Range. This course sets the stage for level-1-finishers to handle more complex cyber-attack scenarios defending both IT landscapes, IoT and OT/production environments.


By the end of this course, students will be able to:

  • Understand emerging challenges and possible solutions in the field of IT & OT security
  • Utilize advanced Cyber Defence Center (CDC) tools to filter out the signal within the noise of security alerts
  • Efficiently detect, assess and determine complex, multi-level and targeted attacks
  • Respond efficiently to critical security incidents in situations of stress accordingly
  • Work in a team of security analysts, incident responders and forensic experts


This courses focuses on detection and analysis and threat hunting of targeted and advanced persistent threats against IT and OT environments. It is highly recommended to attend CSR101 first.


  • Attendance at 'Incident Handling (basic)' is recommended. This course is available from Tech Data as TD-CSR101.


  • Hacking basics (Metasploit, Mimikatz, Kali, WebApp hacking etc.)


  • ISH-certified “SECURITY INCIDENT ANALYST - LEVEL 1” analysts who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across IT and OT environments
  • Threat hunters who are seeking to understand threats more fully and who want to learn from incidents in order to more effectively hunt threats and respond to future threats
  • Information security professionals who may encounter critical data breach incidents and targeted intrusions over a longer period of time


This course takes place over 5 days at a state-of-the-art facility in Munich Airport.

Details anzeigen


Advanced Cyber Defence Center (CDC)

  • Next generation security tools for larger cyber defence centers
  • Monitoring of security-related events in both IT, IoT and OT environments
  • Orchestration and information enrichment of security-relevant events
  • Automation of routine tasks in order to free time to focus on important tasks
  • Deception and denial of attackers in real-time
  • Gathering, enrichment and sharing of IoCs using TI

Extended Cyber Simulation Range

  • Familiarize with the setup of a hyper-realistic advanced CSR infrastructure
  • Understand the need for advanced CDC tools and actively use the technology
  • Understand the specifics of industrial & production environments
  • Stay efficient and avoid mistakes even in situations of stress

Practical training sessions in IT and OT environments

  • Understand the adversaries kill chain, tactics, techniques
  • Search for indicators of compromise (IoC) in logs, flows, protocols, executables
  • Identify reconnaissance, lateral movement, compromise, critical function calls, post-exploitation
  • Scope single and multiple path attacks with increasing complexity
  • Find active and dormant malware, bots and backdoors
  • Discover common hiding & evasion techniques
  • Actively defend an industrial production site against targeted attacks
  • Collect evidence of persistence and apply forensic post mortem offline analysis