• Globe Germany International Belgium Denmark Germany Netherlands Norway Sweden United Kingdom
  • Incident Response Hotline
SecureLink logo
  • Security für
    • Konzerne
    • Mittelstand
  • Ressourcen
    • Einblicke & Trends
    • Events
    • ThreatBuster Podcast
    • Academy
  • Solutions
    • Cloud Security
    • Endpoint Security
    • Identity & Access Management
    • Data-Centric Security
    • OT/IoT
    • Security Intelligence
    • Secure Infrastructure
  • Services
    • Überblick
    • Advise & Architect
    • Design & Implement
    • Operate & Support
    • Detect & Respond
  • Unser Ansatz
  • Kontakt & Support
  • Part of Orange Cyberdefense

All SecureLink

  • Konzerne

    Weiterlesen
  • Mittelstand

    Weiterlesen
  • Einblicke & Trends

    Weiterlesen
  • Events

    Weiterlesen
  • ThreatBuster Podcast

    Weiterlesen
  • Academy

    Weiterlesen
  • Cloud Security

    Weiterlesen
  • Endpoint Security

    Weiterlesen
  • Identity & Access Management

    Weiterlesen
  • Data-Centric Security

    Weiterlesen
  • OT/IoT

    Weiterlesen
  • Security Intelligence

    Weiterlesen
  • Secure Infrastructure

    Weiterlesen
  • Überblick

    Weiterlesen
  • Advise & Architect

    Weiterlesen
  • Design & Implement

    Weiterlesen
  • Operate & Support

    Weiterlesen
  • Detect & Respond

    Weiterlesen
  • Startseite
  • Security für
    • Konzerne
    • Mittelstand
  • Ressourcen
    • Einblicke & Trends
    • Events
    • ThreatBuster Podcast
    • Academy
  • Solutions
    • Cloud Security
    • Endpoint Security
    • Identity & Access Management
    • Data-Centric Security
    • OT/IoT
    • Security Intelligence
    • Secure Infrastructure
  • Services
    • Überblick
    • Advise & Architect
    • Design & Implement
    • Operate & Support
    • Detect & Respond
  • Unser Ansatz
  • Kontakt & Support
  • Part of Orange Cyberdefense

  • Career
  • Pressroom
  • About Us
  • Leadership
  • Partners

  • Career
  • Pressroom
  • About Us
  • Leadership
  • Partners
3614

Home / INCIDENT ANALYSIS

INCIDENT ANALYSIS

ISH CERTIFICATE “INCIDENT ANALYSIS”

DELIVERY: CLASSROOM // DURATION: 3 DAYS

This course is a practical Incident Analysis workshop, that puts one’s mind on the analysis of Windows systems including a bit of network traffic and that contains several hands-on exercises. It is a course that serves as an introduction to many areas which are relevant for an Incident. Topics like Incident Handling and the Incident Response Process are not part of the course.

UPCOMING SESSIONS

Dates Location Language Member/WBP Non-Member
Apr 23 – 25, 2018 Munich Airport German/English tbd. € 1.990,- €
Sep 11 – 13, 2018 Munich Airport German/English tbd. € 1.990,- €

LEARNING OBJECTIVES

  • During this course, you will learn a lot about windows/malware internals, and how to;
  • Identify Indicators of Compromise
  • Analyze network traffic abnormalities
  • Analyze hard disks and core images forensically
  • Distinguish malware from harmless software
  • Analyze malware (behavior)
  • Correlate log data with a special Incident

TARGET AUDIENCE

  • Members of a CERT
  • IT-Security Officers
  • Interested parties on this topic

COURSE CONTENT

Day 1

  • Conceptual basics
  • Analysis of network traffic:
    • Connection oriented
    • Based on Pattern
    • Manual
  • Correlation of several log sources for an accurate analysis of a certain event.
  • Windows Analysis Basics:
    • Windows architecture
    • Analysis of relevant Event Logs
    • Registry Analysis
    • Malware Persistence techniques

Day 2

  • File system analysis using the example of NTFS:
    • Investigating and restoring deleted files
    • Creation of a timeline of file system activities
    • Extracting files from Disk Dump
  • Malware analysis – Part 1:
    • Tools and techniques of static analysis
    • Analysis and practical implementation of DLL Injections
    • Analysis of defective PDF- and Word-Documents
    • Dynamic analysis of JavaScript

Day 3

  • Malware analysis – Part 2:
    • Shellcode basics
    • Tools and techniques of dynamic analysis
    • Dynamic analysis through Cuckoo
  • Memory analysis with Volatility:
    • Operating system data in RAM
    • Malware Hide techniques
    • Analysis of selected assault techniques

PRE-REQUISITE FOR COURSE REGISTRATION

Network and programming experience as well as knowledge about popular hacking methods are of advantage. For practical exercises, Virtual Box should be already preinstalled on the laptop.
Furthermore, the participant should have administrative rights on the host computer for potential configurations. As the majority of the exercises will take place on the Linux command line, experience in this respect is helpful, but not necessary.

Interessiert an diesem Training?

Dann nehmen Sie Kontakt auf!

2019-04-01T12:10:37+01:00November 7th, 2017|Academy|Kommentare deaktiviert für INCIDENT ANALYSIS

Related posts

  • Training „Fundamentals of Cyber Security”

  • SECURITY INCIDENT HANDLING FOR SOC-ANALYSTS – LEVEL 1 [CSR101]

  • SECURITY INCIDENT HANDLING FOR SOC-ANALYSTS – LEVEL 2 [CSR102]

  • CYBER SIMULATION TRAINING

  • ESM200 – ArcSight ESM Administrator and Analyst – 5 Tage

Focus

  • Pentesting Stories: Hard shell, soft center

  • The power of hindsight: looking back at 2019 attack predictions

  • The psychology behind social engineering

  • Haftungsausschluss
  • Cookie-Policy
  • Datenschutz
  • Impressum
  • Öffentliches Verfahrensverzeichnis
  • AGB
© 2019 SecureLink. All rights reserved worldwide.
SecureLink logo