Network Incident Response

Short description

Until recently, the majority of organizations believed that they could fly under the radar in terms of targeted attacks, and that these incidents – if a concern at all – were solely worrisome to government institutions, major financial services providers and utilities. The content of this course should thus help you to be forearmed against targeted attacks in order to successfully detect them and ward them off.


Learning objectives

The goal of this training is to gain a better understanding of Incident Response in networks. Here, a scenario is played out and the appropriate measures are developed. Practical exercises and a workshop will teach you how to e.g. detect and investigate Command and Control (C&C) traffic in the network. Furthermore, the practical use of Intrusion Detection Systems (IDSs) will be discussed.

During the workshop, participants apply their acquired knowledge by devising an attack method and independently executing it in the Hacking Lab. Course participants will consequently have the unique opportunity to join the attacking side in order to actively gain insight into attackers’ point of view and thus better understand it. In a second step, participants will attempt to detect each other's attack and, if necessary, to optimize the detection rate. Incident Response measures are taken and re-enacted by way of a table-top exercise. The instruction will also point out the limitations of the technology and tools used.

 

Demarcation: The seminar assumes that computers in the network have already been infected with malware. There will be no discussion of how computers become infected or how malware is usually installed. This topic is part of the training session "Penetration Testing".

Moreover, the training does not address the forensically sound collection of evidence and the investigation of malicious programs. These topics are part of the training session "Host-based Incident Response".


Highlights

  • Advanced Persistent Threats (APT) and countermeasures
  • Splunk: introduction and exercises
  • Splunk: advanced application for network analysis
  • Workshop on covert channels and detection
  • Incident response scenarios and table-top exercises
  • Intrusion detection using BRO/Splunk

 

The exercises will be done on www.hacking-lab.com. Following the course, the labor environment is available to the participants for 30 days more


Target group

  • Security Officers
  • IT Managers
  • Security Engineers
  • System Engineers
  • Third-Level Support
  • Incident Handlers
  • SOC Team Members


Prerequisite

  • Understanding of network protocols (IP, TCP, UDP, ICMP)
  • Good network-service knowledge (DNS, DHCP, Proxy, SSH, TLS, HTTP)
  • Linux knowledge (Shell, grep, awk)
  • Windows knowledge (AD, GPO

CALENDAR

Basel Economic Forum 2019

The Basel Economic Forum is the economic forum for the trinational metropolitan region of Basel and northwestern Switzerland. The 6th event will take... Read more

New: Compass-Training "Internal Network and System Security" in Bern

In the 2-day seminar (in German) from February 11/12, 2020, you will get to know the most important basic concepts of IT security, attack tools and... Read more

KMU Swiss Forum 2020

The association «KMU Swiss» promotes the interaction between companies and specialists. He organises the annual KMU Swiss Forum. The next years motto... Read more

ALL DATES

NEWS

Vulnerability in totemodata

Fabio Poloni identified an XSS vulnerability in totemodata®. Read more

Gesundheitswesen: Ein leichtes Ziel für Hacker

«Heime & Spitäler» ist das Fachmedium für Entscheidungsträger von Schweizer Heimen und Spitäler. In der aktuellen Ausgabe beschreibt Compass Security... Read more

Vulnerablitity in VeloCloud™

Silas Bärtsch identified a vulnerability in VeloCloud™ (VMware), that allows a VeloCloud standard admin user to access user information of other... Read more

ARCHIVES

Compass Security Blog

Hacking Tools Cheat Sheet

Everyone knows: cheat sheets are cool! They are very useful if you already know the basics about a topic but you have to look up details when you are not sure about something. mehr

Introducing Web Vulnerabilities into Native Apps

Mobile applications nowadays make heavy use of WebViews in order to render their user interfaces. Frameworks such as PhoneGap / Apache Cordova are even used to implement most of the application's... mehr

ZUM BLOG