Contattaci Richiedi un contatto telefonico

eLearnSecurity

IHRP v1

Incident Handling & Response Professional

Ti interessa questo corso?

Iscriviti per ottenere l'accesso al nostro materiale formativo e ai laboratori!

Study at your own pace

IHRP is entirely self-paced with interactive slides and videos that students can access online without any limitation. Students have lifetime access to the training material and can also study from home, the office, or anywhere an internet connection is available.

Discover Contents

Extremely Hands-on

Thanks to the extensive use of Hera Lab and the coverage of the latest research in the incident handling & response field, the IHRP course is not only the most practical training course on the subject but also the most up to date. Practice Incident Response techniques against a number of real-world networks and assets.

Discover Labs

Become Certified

Obtain the eCIRv1 (eLearnSecurity Certified Incident Responder) certification and prove your practical skills with the only 100% practical certification on Incident Handling & Response.

Discover eCIRv1

Dai un'occhiata al corso

  • Start from the very basics, all the way to advanced incident response activities
  • Professionally analyze, handle, and respond to security incidents on heterogeneous networks and assets
  • Understand the mechanics of modern cyber-attacks and how to detect them
  • Effectively use and fine-tune open source IDS (Bro, Snort, Suricata)
  • Make the best of open source SIEM solutions (ELK stack, Splunk, Osquery, etc.)
  • Effectively utilize regexes and log management solutions to detect intrusions
  • Detect and even (proactively) hunt for intrusions by analyzing traffic, flows and endpoints, as well as utilizing analytics and tactical threat intelligence
  • Gives you access to dedicated forums
  • Makes you a proficient professional incident responder
  • After obtaining the eCIRv1 certification qualifies you for 40 CPE

Materiale del corso

  • Highly anticipated and extensive number of Hera labs
  • 13 Modules
  • 4 Sections

Fruizione del corso

  • Self-paced, HTML5, PDF, MP4
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Prova il corso gratuitamente

Confermo di voler ricevere email da parte di Caendra Inc.

Syllabus

Sezione: Incident Handling Overview

  • Modulo 1 : Incident Handling Process (available in pre-launch)

    The Incident Handling Process module will introduce you to the Preparation -> Detection & Analysis -> Containment, Eradication & Recovery -> Post-Incident Activity cycle (a.k.a incident response life cycle). Additionally, Incident handling procedures, activities and best practices for maximizing efficiency and performance, as well as for reducing important security metrics such as time to detect, time to respond and points of risks per host are also covered.

Sezione: Network Traffic & Flow Analysis Section

Sezione: Practical Incident Handling Section

  • Modulo 1 : Preparing & Defending Against Reconnaissance & Information Gathering

    In this module, you will learn all the techniques using which attackers perform reconnaissance and information gathering activities, as well as how to prepare and defend against them. The techniques to be detected range from Google/Shodan “hacking” to DNS interrogation and reconnaissance through exposed OWA, JavaScript injection, SSL certificates etc.

  • Modulo 2 : Preparing & Defending Against Scanning

    In this module, you will learn all the techniques using which attackers perform scanning activities, as well as how to prepare and defend against them. The techniques to be detected range from war driving and nmap/nessus scans to scanning leveraging IDS/IPS evasion, WebRTC, crafted LDAP queries and abnormal protocols.

  • Modulo 3 : Preparing & Defending Against Exploitation

    In this module, you will learn all the techniques, tactics and procedures using which attackers manage to gain initial foothold into a network, as well as how to prepare and defend against them. The attacks to be detected range from Passive/Active sniffing, DNS cache poisoning and remote/web attacks to misusing/brute-forcing Microsoft authentication and the whole spectrum of Kerberos attacks (overpass-the-hash, kerberoasting etc.)

  • Modulo 4 : Preparing & Defending Against Post-Exploitation

    In this module, you will learn all the techniques, tactics and procedures that attackers employ in order to escalate their privileges and move laterally as well as vertically, after initial foothold is gained. Detecting RATs, rootkits, possible attack path identification attempts and credential reuse are covered, alongside detection techniques such as privileged access monitoring/privilege escalation detection, abnormal system interaction monitoring, log editing detection, covert channels detection and persistence detection.

Sezione: SOC 3.0 Operations & Analytics Section

  • Modulo 1 : SIEM Fundamentals & Open Source Solutions

    In this module, you will get accustomed to working with some of the most effective and open-source SIEM solutions such as Customized ELK Stacks, Splunk, Osquery, etc.

  • Modulo 2 : Logging

    This module will cover actionable logging, including formats, manipulations, custom parsing etc.

  • Modulo 3 : SMTP, DNS & HTTP(S) Analytics

    In this module, you will witness how common protocol analytics can greatly increase your network visibility, in an attempt to detect abnormal and probably malicious actions. More specifically, you will see how you can extract actionable intrusion-related information by performing SMTP, DNS, HTTP and HTTPS analytics.

  • Modulo 4 : Endpoint Analytics

    In this module, you will learn about the most important logs/events, correlation strategies, regex usages and SIEM queries that you can leverage to detect adversaries on your endpoints at scale. You will also see how tactical threat intelligence and adversary simulation software can help you upgrade your endpoint adversary detection capabilities.

  • Modulo 5 : Creating a Baseline & Detecting Deviations

    In this module, you will witness how baselining your environment can result in easier, more efficient and more effective intrusion detection. Topics like asset inventorying and detecting changes in filesystem access, installed/used software, scripting usage and system interactions are covered. Detecting abnormalities in generated traffic as well as detecting changes in user behavior are also documented.

Scarica il Syllabus in PDF

Pre-requisiti

  • Networking
  • Protocols
  • Operating systems
  • Security devices

Questo corso di formazione è per...

  • SOC Analysts
  • CSIRT Members
  • Incident Handlers
  • Incident Responders
  • Red Team members who want to understand blue team tactics and deliver stealthier penetration tests
  • IT Security Personnel in charge of defending their organization’s assets

Certificazione

Get eCIRv1 Certification

Obtain the eCIRv1 (eLearnSecurity Certified Incident Responder) certification and prove your practical skills with the only 100% practical certification on Incident Handling & Response.

Ulteriori informazioni

Istruttore

  • Dimitrios Bougioukas
    Dimitrios Bougioukas

    Dimitrios Bougioukas, Training Director of eLearnSecurity, holds a B.Sc. in Computer Science from the Athens University of Economics and Business. For the past 5 years, he has worked as a Business Information Security Engineer and Information Security Analyst for a major financial institution, as a Penetration Tester within EY's practice and as a Senior IT Security Researcher and Trainer within eLearnSecurity. Dimitrios specializes in advanced cyber threat simulation, threat intelligence, and purple team tactics. He has been engaged in numerous penetration testing activities against critical infrastructure, web applications, and mobile applications. In terms of research, Dimitrios has presented at information security conferences such as BSides and has received acknowledgments from security, telecom, and other major companies for finding and reporting vulnerabilities in their web applications, in a responsible manner (IBM Trusteer, LG etc.). In the context of his professional career, his work led to international and regional information security awards in prestigious and highly competitive contests such as Retail Banker International Awards.

Iscriviti per ottenere l'accesso al nostro materiale formativo e ai laboratori!

Torna in cima