Technical Deep Dive with Incident Response Tools

Overview

Class Central Tips

The Cyber Incident Response course will give students an understanding of how incidents are responded to at a high level, as well as allow them to build important technical skills through the hands-on labs and projects. This course starts with a high-level discussion of what happens at each phase of responding to an incident, followed by a technical deep dive into some of the more exciting parts of memory, network, and host analysis and forensics. This course is for anyone wishing to apply learned forensics and offensive knowledge such as ethical hacking to the incident response process.

Syllabus

Network Forensics

Witness the incident response process from the perspective of a responder using real tools of the trade to detect, contain, and investigate cyber incidents, and eradicate threats. Follow the instructor as he examines two realistic scenarios: one of a data breach and the other of an incident that is still ongoing.

Memory Forensics
Incident Response Scenario 1: Data Breach/Hacking Incident
Incident Response Scenario 2: Live Ongoing Hacking Incident
Incident Response Scenario 3: SolarWinds

The Solarwinds Supply Chain Attack was a significant and shocking punch to the cybersecurity world. It marked the first time we'd seen in a supply chain attack in public executed at such a large scale. One of the top cybersecurity firms in the world ended up being compromised due to this attack. In this course, we will take a technical deep dive into how to look for some of the IoC's or Indicators of Compromise associated with that hack. This course will require hands-on exercises to complete the associated project. We recommend you complete the rest of the courses in this path before attempting this one as the hands-on builds from the deep dives in the rest of this path.