The Certified Incident Handling Engineer course is designed to help Incident Handlers, System Administrators, and any General Security Engineers understand how to: plan, create and utilize their systems in order to prevent, detect and respond to attacks.
In this in depth training, students will learn step-by-step approaches used by hackers globally. Including the latest attack vectors and how to safeguard against them, Incident Handling procedures (including developing the process from start to finish and establishing your Incident Handling team), and strategies for each type of attack, recovering from attacks and much more.
Furthermore, students will enjoy numerous hands-on laboratory exercises that focus on topics, such as reconnaissance, vulnerability assessments using Nessus, network sniffing, web application manipulation, malware and using Netcat plus several additional scenarios for both Windows and Linux systems.
This 4-day course retails for $3,500 and is delivered via: classroom, live online or self-study. The self-study course retails for $1,500.
Module 1: Introduction
Module 2: Threats, Vulnerabilities, and Exploits
Module 3: Identification and Initial Response
Module 4: RTIR
Module 5: Preliminary Response
Module 6: Identification and Initial Response
Module 7: Sysinternals
Module 8: Containment
Module 9: Eradication
Module 10: Follow-Up
Module 11: Recovery
Module 12: Virtual Machine Security
Module 13: Malware Incident Response
OBJECTIVE OF LABORATORY SCENARIOS:
This is an intensive hands-on class; you will spend 20 hours or more performing labs; rather than spend too much time installing 300 tools, our focus will be on the Pen Testing model. The latest Pen Testing Tools and methods will be taught. Laboratories change weekly as new methods are found. We will be using many different tools from GUI to command line. As we work through structured attacks, we try and cover tools for both Windows and Linux systems.
Netcat (Basics of Backdoor Tools)
Exploiting and Pivoting our Attack
Creating a Trojan
Capture FTP Traffic
ARP Cache Poisoning Basics
ARP Cache Poisoning - RDP
Shoveling a Shell
Create Malware using SET
Examine System Active Processes and Running Services
Examine Startup Folders
The Local Registry
The IOC Finder - Collect
IOC Finder - Generate Report
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.