Short description

Until recently, the majority of organizations believed that they could fly under the radar in terms of targeted attacks, and that these incidents – if a concern at all – were solely worrisome to government institutions, major financial services providers and utilities. The content of this course should thus help you to be forearmed against targeted attacks in order to successfully detect them and ward them off.


Learning objectives

The goal of this training is to gain a better understanding of Incident Response in networks. Here, a scenario is played out and the appropriate measures are developed. Practical exercises and a workshop will teach you how to e.g. detect and investigate Command and Control (C&C) traffic in the network. Furthermore, the practical use of Intrusion Detection Systems (IDSs) will be discussed.

During the workshop, participants apply their acquired knowledge by devising an attack method and independently executing it in the Hacking Lab. Course participants will consequently have the unique opportunity to join the attacking side in order to actively gain insight into attackers’ point of view and thus better understand it. In a second step, participants will attempt to detect each other's attack and, if necessary, to optimize the detection rate. Incident Response measures are taken and re-enacted by way of a table-top exercise. The instruction will also point out the limitations of the technology and tools used.

 

Demarcation: The seminar assumes that computers in the network have already been infected with malware. There will be no discussion of how computers become infected or how malware is usually installed. This topic is part of the training session "Penetration Testing".

Moreover, the training does not address the forensically sound collection of evidence and the investigation of malicious programs. These topics are part of the training session "Host-based Incident Response".


Highlights

  • Advanced Persistent Threats (APT) and countermeasures
  • Splunk: introduction and exercises
  • Splunk: advanced application for network analysis
  • Workshop on covert channels and detection
  • Incident response scenarios and table-top exercises
  • Intrusion detection using BRO/Splunk

 

The exercises will be done on www.hacking-lab.com. Following the course, the labor environment is available to the participants for 30 days more


Target group

  • Security Officers
  • IT Managers
  • Security Engineers
  • System Engineers
  • Third-Level Support
  • Incident Handlers
  • SOC Team Members


Prerequisite

  • Understanding of network protocols (IP, TCP, UDP, ICMP)
  • Good network-service knowledge (DNS, DHCP, Proxy, SSH, TLS, HTTP)
  • Linux knowledge (Shell, grep, awk)
  • Windows knowledge (AD, GPO

CALENDAR

Cyber Risks – from abstract risk to everyday reality

The Europa Institut at the University of Zurich (EIZ) is one of the leading centres of expertise for European Law and is an important provider of... Read more

Swiss Treasury Summit 2019

Das Schweizer Jahrestreffen der Treasurer - am 11. September 2019 an der HSLU in Rotkreuz. Read more

Cyber Security Days an der HSR

Das INS Institut für vernetzte Systeme und die Compass Security laden ein zur zweitägigen Cyber Security Veranstaltung an der HSR Hochschule für... Read more

ALL DATES

NEWS

Eine gelungene Feier zum 20-Jahre-Jubiläum

Compass Security lud am 07. Juni 2019 aktuelle und ehemalige Mitarbeitende, Kunden, Partner und Freunde ein, um ihr 20-jähriges Bestehen zu feiern.... Read more

Butcher Wechsler and the Hackers

The latest magazine of "Die Mobliliar" focusses on artificial intelligence as well as digitalization - and take a look at cyber crime. Read more

Hack2improve - a success story

The Furtwangen University of Applied Sciences offered a hacking workshop for the first time in 2008. What was a novelty at that time is now firmly... Read more

ARCHIVES

Compass Security Blog

From Open Wi-Fi to WPA3

Security in Wi-Fi networks has been, at some point non-existent, then questioned, improved and questioned again over the last two decades. This post provides an overview over the latest developments... mehr

Practical OpenID Connect Pentesting

This post is intended to explain what you typically want to check for during an OpenID Connect assessment and also provide you with a guide to setup your own OpenID Connect test environment. mehr

ZUM BLOG