Contattaci Richiedi un contatto telefonico

eLearnSecurity

IHRP v1

Incident Handling & Response Professional

Ti interessa questo corso?

Iscriviti per ottenere l'accesso al nostro materiale formativo e ai laboratori!

Study at your own pace

IHRP is entirely self-paced with interactive slides that students can access online without any limitation. Students have lifetime access to the training material and can also study from home, the office, or anywhere an internet connection is available.

Discover Contents

Extremely Hands-on

Thanks to the extensive use of Hera Lab and the coverage of the latest research in the incident handling & response field, the IHRP course is not only the most practical training course on the subject but also the most up to date. Practice Incident Response techniques against a number of real-world networks and assets.

Discover Labs

Become Certified

Obtain the eCIRv1 (eLearnSecurity Certified Incident Responder) certification and prove your practical skills with the only 100% practical certification on Incident Handling & Response.

Discover eCIRv1

Dai un'occhiata al corso

  • Start from the very basics, all the way to advanced incident response activities
  • Professionally analyze, handle, and respond to security incidents on heterogeneous networks and assets
  • Understand the mechanics of modern cyber-attacks and how to detect them
  • Effectively use and fine-tune open source IDS (Bro, Snort, Suricata)
  • Make the best of open source SIEM solutions (ELK stack, Splunk, etc.)
  • Effectively utilize regexes and log management solutions to detect intrusions
  • Detect and even (proactively) hunt for intrusions by analyzing traffic, flows and endpoints, as well as utilizing analytics and tactical threat intelligence
  • Gives you access to dedicated forums
  • Makes you a proficient professional incident responder
  • After obtaining the eCIRv1 certification qualifies you for 40 CPE

Materiale del corso

  • 10 extensive Hera labs
  • 13 Modules
  • 4 Sections

Fruizione del corso

  • Self-paced, HTML5, PDF, MP4
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Prova il corso gratuitamente

Confermo di voler ricevere email da parte di Caendra Inc.

Syllabus

Sezione: Incident Handling Overview

  • Modulo 1 : Incident Handling Process

    The Incident Handling Process module will introduce you to the Preparation -> Detection & Analysis -> Containment, Eradication & Recovery -> Post-Incident Activity cycle (a.k.a incident response life cycle). Additionally, Incident handling procedures, activities and best practices for maximizing efficiency and performance, as well as for reducing important security metrics such as time to detect, time to respond and points of risks per host are also covered.

Sezione: Network Traffic & Flow Analysis Section

Sezione: Practical Incident Handling Section

  • Modulo 1 : Preparing & Defending Against Reconnaissance & Information Gathering

    In this module, you will learn all of the techniques attackers use to perform reconnaissance and information gathering activities, as well as how to prepare and defend against them. The techniques to be detected range from Google/Shodan “hacking” to DNS interrogation and reconnaissance through exposed OWA, JavaScript injection, SSL certificates etc.

  • Modulo 2 : Preparing & Defending Against Scanning

    In this module, you will learn all of the techniques attackers use to perform scanning activities, as well as how to prepare and defend against them. The techniques to be covered range from war dialing and war driving to nmap/nessus scans and WebRTC-based scans.

  • Modulo 3 : Preparing & Defending Against Exploitation

    In this module, you will learn all the techniques, tactics and procedures using which attackers manage to gain an initial foothold into a network, as well as how to prepare and defend against them. The attacks to be covered range from Passive/Active sniffing, DNS cache poisoning and remote/web attacks to misusing/brute-forcing Microsoft authentication.

  • Modulo 4 : Preparing & Defending Against Post-Exploitation

    In this module, you will learn all the techniques, tactics and procedures that attackers employ in order to escalate their privileges and move laterally as well as vertically, after an initial foothold is gained. Detecting RATs, possible attack path identification attempts and credential reuse are covered, alongside detection techniques such as privileged access monitoring/privilege escalation detection, abnormal system interaction monitoring, log editing detection, covert channels detection and persistence detection. It should be noted that the whole spectrum of Kerberos attacks (overpass-the-hash, kerberoasting etc.) is also covered.

Sezione: SOC 3.0 Operations & Analytics Section

  • Modulo 1 : SIEM Fundamentals & Open Source Solutions

    In this module, you will get accustomed to working with some of the most effective and open-source SIEM solutions such as Customized ELK Stacks and Splunk, etc.

  • Modulo 2 : Logging

    This module will cover actionable logging, including formats, manipulations, custom parsing, etc.

  • Modulo 3 : SMTP, DNS & HTTP(S) Analytics

    In this module, you will witness how common protocol analytics can greatly increase your network visibility, in an attempt to detect abnormal and probably malicious actions. More specifically, you will see how you can extract actionable intrusion-related information by performing SMTP, DNS, HTTP and HTTPS analytics.

  • Modulo 4 : Endpoint Analytics

    In this module, you will learn about the most important logs/events, correlation strategies and SIEM queries that you can leverage to detect adversaries on your endpoints at scale. You will also see how tactical threat intelligence and adversary simulation software can help you upgrade your endpoint adversary detection capabilities. Effectively using Osquery to interrogate endpoints (at scale) is also covered.

  • Modulo 5 : Creating a Baseline & Detecting Deviations

    In this module, you will witness how baselining your environment can result in easier, more efficient and more effective intrusion detection.

Scarica il Syllabus in PDF

Pre-requisiti

  • Networking
  • Protocols
  • Operating systems
  • Security devices

Questo corso di formazione è per...

  • SOC Analysts
  • CSIRT Members
  • Incident Handlers
  • Incident Responders
  • Red Team members who want to understand blue team tactics and deliver stealthier penetration tests
  • IT Security Personnel in charge of defending their organization’s assets

Laboratori

The IHRP course is a practice-based curriculum. Being integrated with Hera Lab, the most sophisticated virtual lab in IT Security, it offers an unmatched practical learning experience. Hera is the only virtual lab that provides fully isolated per-student access to each of the real world network scenarios available on the platform. Students can access Hera Lab from anywhere through VPN.

Modules will be accompanied by numerous hands-on labs, where you will be tasked with detecting:
• Real-world attacks and malware
• Intrusions or intrusion attempts during all stages of the cyber kill chain

Lab IDDescrizioneCategoria
Lab 1 Traffic Analysis Challenges (Offline) - During this lab you will refresh your networking knowledge, learn to identify TCP spoofing and internal botnet-like activity, and practice identifying attacks by analyzing network traffic, including IPv6-based ones. Educational
Lab 2 Enterprise-wide Incident Response - Part 1: GRR - In this lab, you will learn how to utilize the GRR Incident Response framework in order to perform quicker and more efficient IR activities. During the lab, you will have the opportunity to detect (fileless) malware, various stealthy persistence techniques and privilege escalation attempts on a heterogeneous and enterprise-like network. Educational
Lab 3 Enterprise-wide Incident Response - Part 2: Velociraptor - In this lab, you will learn how to utilize the Velociraptor Incident Response framework in order to perform quicker and more efficient IR activities. During the lab, you will have the opportunity to detect fileless malware, as well as leverage specific Velociraptor capabilities to proactively monitor endpoints on a heterogeneous and enterprise-like network. Educational
Lab 4 Suricata Fundamentals - In this lab, you will learn about Suricata's capabilities, features and configuration. Additionally, you will get familiar with configuring Suricata according to your detection needs and, at the same time, you will learn all about Suricata Inputs and Outputs. Finally, you will be shown, how to effectively parse Suricata output and how to extract critical information out of it. Educational
Lab 5 Effectively Using Suricata - In this lab, you will learn how to effectively use Suricata. Specifically, you will first get familiar with Suricata rules, and then, you will learn how to develop your own signatures after analyzing PCAP files containing malicious traffic. Suricata rules will be written to detect malicious traffic deriving from Ransomware, Phishing Attempts, Trojans and Malicious Documents. Educational
Lab 6 Effectively Using Bro - In this lab, you will learn about Bro's capabilities, features, and architecture. Additionally, you will get familiar with effective Bro scripting so that you can make Bro suit your detection needs. Finally, you will be shown effective manipulation and analysis of Bro logs to extract critical information out of them. Educational
Lab 7 Effectively Using Snort - In this lab, you will learn about Snort's capabilities, features, and architecture. Additionally, you will get familiar with effective Snort rule scripting, so that you can make Snort suit your detection needs. Educational
Lab 8 Effectively Using Splunk (2 Scenarios) - In this lab, you will learn about Splunk’s detection capabilities, features and architecture. The lab consists of two distinct intrusion detection scenarios. The first scenario will make you comfortable with effective Splunk search writing. The second scenario will help you understand how tactical threat intelligence can be translated into actionable Splunk searches, to uncover malicious activity within your network. Educational
Lab 9 Effectively Using the ELK Stack - In this lab, you will learn about the ELK stack’s capabilities, features, and architecture. Additionally, you will get familiar with effective ELK query writing, so that you can make the ELK stack suit your detection and analysis needs. Educational

Certificazione

Get eCIRv1 Certification

eLearnSecurity's eCIRv1 (eLearnSecurity Certified Incident Responder) certification is the most practical and professionally oriented certification you can obtain on Incident Handling & Response.

Instead of putting you through a series of multiple-choice questions, you are expected to perform actual incident response activities inside a corporate network. This incident response test is modeled after real-world scenarios and cutting-edge attacks.

Ulteriori informazioni

Istruttore

  • Dimitrios Bougioukas
    Dimitrios Bougioukas

    Dimitrios Bougioukas, Training Director of eLearnSecurity, holds a B.Sc. in Computer Science from the Athens University of Economics and Business. For the past 5 years, he has worked as a Business Information Security Engineer and Information Security Analyst for a major financial institution, as a Penetration Tester within EY's practice and as a Senior IT Security Researcher and Trainer within eLearnSecurity. Dimitrios specializes in advanced cyber threat simulation, threat intelligence, and purple team tactics. He has been engaged in numerous penetration testing activities against critical infrastructure, web applications, and mobile applications. In terms of research, Dimitrios has presented at information security conferences such as BSides and has received acknowledgments from security, telecom, and other major companies for finding and reporting vulnerabilities in their web applications, in a responsible manner (IBM Trusteer, LG etc.). In the context of his professional career, his work led to international and regional information security awards in prestigious and highly competitive contests such as Retail Banker International Awards.

Iscriviti per ottenere l'accesso al nostro materiale formativo e ai laboratori!

Torna in cima