Network Incident Response

Short description

Until recently, the majority of organizations believed that they could fly under the radar in terms of targeted attacks, and that these incidents – if a concern at all – were solely worrisome to government institutions, major financial services providers and utilities. The content of this course should thus help you to be forearmed against targeted attacks in order to successfully detect them and ward them off.


Learning objectives

The goal of this training is to gain a better understanding of Incident Response in networks. Here, a scenario is played out and the appropriate measures are developed. Practical exercises and a workshop will teach you how to e.g. detect and investigate Command and Control (C&C) traffic in the network. Furthermore, the practical use of Intrusion Detection Systems (IDSs) will be discussed.

During the workshop, participants apply their acquired knowledge by devising an attack method and independently executing it in the Hacking Lab. Course participants will consequently have the unique opportunity to join the attacking side in order to actively gain insight into attackers’ point of view and thus better understand it. In a second step, participants will attempt to detect each other's attack and, if necessary, to optimize the detection rate. Incident Response measures are taken and re-enacted by way of a table-top exercise. The instruction will also point out the limitations of the technology and tools used.

 

Demarcation: The seminar assumes that computers in the network have already been infected with malware. There will be no discussion of how computers become infected or how malware is usually installed. This topic is part of the training session "Penetration Testing".

Moreover, the training does not address the forensically sound collection of evidence and the investigation of malicious programs. These topics are part of the training session "Host-based Incident Response".


Highlights

  • Advanced Persistent Threats (APT) and countermeasures
  • Splunk: introduction and exercises
  • Splunk: advanced application for network analysis
  • Workshop on covert channels and detection
  • Incident response scenarios and table-top exercises
  • Intrusion detection using BRO/Splunk

 

The exercises will be done on www.hacking-lab.com. Following the course, the labor environment is available to the participants for 30 days more


Target group

  • Security Officers
  • IT Managers
  • Security Engineers
  • System Engineers
  • Third-Level Support
  • Incident Handlers
  • SOC Team Members


Prerequisite

  • Understanding of network protocols (IP, TCP, UDP, ICMP)
  • Good network-service knowledge (DNS, DHCP, Proxy, SSH, TLS, HTTP)
  • Linux knowledge (Shell, grep, awk)
  • Windows knowledge (AD, GPO

CALENDAR

Security Training: Secure Mobile Apps

In the 2-day course (in German) from October 20/21, 2020, you will learn about the most important security problems of mobile apps. Read more

Security Training: Social Engineering

In the 2-day course (in German) from December 1/2, 2020, you will get to know and understand the methods, tools and tricks of social engineering. Read more

ALL DATES

NEWS

Vulnerability in Mailster

Thierry Viaccoz identified an XSS vulnerability in Mailster (email newsletter plugin for WordPress). Read more

Secure Payments on th Internet

More and more goods and services are bought and paid on the internet. Ivan Bütler summarizes security relevant information on online shopping and... Read more

Vulnerability in Froala WYSIWYG HTML Editor

Security Analyst Emanuel Duss identified a DOM XSS vulnerability in the Froala WYSIWYG HTML Editor Read more

ARCHIVES

Compass Security Blog

Yet Another Froala 0-Day XSS

Compass found a DOM-based cross-site scripting (XSS) in the Froala WYSIWYG HTML Editor. HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can... mehr

Relaying NTLM authentication over RPC

Since a few years, we - as pentesters - (and probably bad guys as well) make use of NTLM relaying a lot for privilege escalation in Windows networks. In this article, we propose adding support for... mehr

ZUM BLOG