Network Incident Response

Short description

Until recently, the majority of organizations believed that they could fly under the radar in terms of targeted attacks, and that these incidents – if a concern at all – were solely worrisome to government institutions, major financial services providers and utilities. The content of this course should thus help you to be forearmed against targeted attacks in order to successfully detect them and ward them off.


Learning objectives

The goal of this training is to gain a better understanding of Incident Response in networks. Here, a scenario is played out and the appropriate measures are developed. Practical exercises and a workshop will teach you how to e.g. detect and investigate Command and Control (C&C) traffic in the network. Furthermore, the practical use of Intrusion Detection Systems (IDSs) will be discussed.

During the workshop, participants apply their acquired knowledge by devising an attack method and independently executing it in the Hacking Lab. Course participants will consequently have the unique opportunity to join the attacking side in order to actively gain insight into attackers’ point of view and thus better understand it. In a second step, participants will attempt to detect each other's attack and, if necessary, to optimize the detection rate. Incident Response measures are taken and re-enacted by way of a table-top exercise. The instruction will also point out the limitations of the technology and tools used.

 

Demarcation: The seminar assumes that computers in the network have already been infected with malware. There will be no discussion of how computers become infected or how malware is usually installed. This topic is part of the training session "Penetration Testing".

Moreover, the training does not address the forensically sound collection of evidence and the investigation of malicious programs. These topics are part of the training session "Host-based Incident Response".


Highlights

  • Advanced Persistent Threats (APT) and countermeasures
  • Splunk: introduction and exercises
  • Splunk: advanced application for network analysis
  • Workshop on covert channels and detection
  • Incident response scenarios and table-top exercises
  • Intrusion detection using BRO/Splunk

 

The exercises will be done on www.hacking-lab.com. Following the course, the labor environment is available to the participants for 30 days more


Target group

  • Security Officers
  • IT Managers
  • Security Engineers
  • System Engineers
  • Third-Level Support
  • Incident Handlers
  • SOC Team Members


Prerequisite

  • Understanding of network protocols (IP, TCP, UDP, ICMP)
  • Good network-service knowledge (DNS, DHCP, Proxy, SSH, TLS, HTTP)
  • Linux knowledge (Shell, grep, awk)
  • Windows knowledge (AD, GPO

CALENDAR

Cyber Risks - Früherkennung leicht gemacht

Das SwissBoardForum lädt ein zum Spezialevent «Cyber Risks». Ivan Bütler zeigt in seinem Live Hacking, welchen Risiken unsere Infrastruktur gegenüber... Read more

Beer-Talk in Zürich: Bluetooth Low Energy: Protocol, Security & Attacks

Immer mehr Geräte und Gadgets können über Bluetooth Low Energy (BLE) miteinander kommunizieren. Haben Sie sich schon gefragt, was dieses BLE überhaupt... Read more

Security Training: Secure Mobile Apps

In the 2-day course (in German) from Mai 12/13, 2020, you will learn about the most important security problems of mobile apps. Read more

ALL DATES

NEWS

Vulnerability in Abacus

Ville Koch identified a Cross-Site Scripting vulnerability in Abacus. Read more

Rein kommen wir meistens

In einem Interview in der Wirtschaftszeitung «Finanz und Wirtschaft» spricht Walter Sprenger über die Motivationsgründe und Methoden der Hacker. Read more

KMU im Visier von Cyberkriminellen

In der Sendung «Fokus KMU» erzählt ein Betroffener über die Auswirkungen der Cyber Attacke auf sein Unternehmen. Cyrill Brunschwiler von Compass... Read more

ARCHIVES

Compass Security Blog

New SMBGhost Vulnerability Affects Modern Windows Systems

A new vulnerability (CVE-2020-0796) affecting SMBv3 has been discovered. The community has started to name this vulnerability SMBGhost because everyone knows this vulnerability is present but no... mehr

Domain-Join Computers the Proper Way

When you add a new computer, it must first join the domain. If you use its future main user to do it, they'll become the owner and be able to hijack the computer to become a local administrator in... mehr

ZUM BLOG