eLearnSecurity

IHRP v1

Incident Handling & Response Professional

Curious about this course?

Enroll now and get access to all of our material and labs!

Plans and Pricing

INDIVIDUALS

View enrollment fees for individual students.

CORPORATE

Purchase eLearnSecurity courses for your company.

Study at your own pace

IHRP is entirely self-paced with interactive slides and videos that students can access online without any limitation. Students have lifetime access to the training material and can also study from home, the office, or anywhere an internet connection is available.

Discover Contents

Extremely Hands-on

Thanks to the extensive use of Hera Lab and the coverage of the latest research in the incident handling & response field, the IHRP course is not only the most practical training course on the subject but also the most up to date. Practice Incident Response techniques against a number of real-world networks and assets.

Discover Labs

Become Certified

Obtain the eCIRv1 (eLearnSecurity Certified Incident Responder) certification and prove your practical skills with the only 100% practical certification on Incident Handling & Response.

Discover eCIRv1

Course at a glance

  • Start from the very basics, all the way to advanced incident response activities
  • Professionally analyze, handle, and respond to security incidents on heterogeneous networks and assets
  • Understand the mechanics of modern cyber-attacks and how to detect them
  • Effectively use and fine-tune open source IDS (Bro, Snort, Suricata)
  • Make the best of open source SIEM solutions (ELK stack, Splunk, Osquery, etc.)
  • Effectively utilize regexes and log management solutions to detect intrusions
  • Detect and even (proactively) hunt for intrusions by analyzing traffic, flows and endpoints, as well as utilizing analytics and tactical threat intelligence
  • Gives you access to dedicated forums
  • Makes you a proficient professional incident responder
  • After obtaining the eCIRv1 certification qualifies you for 40 CPE

Course material

  • Highly anticipated and extensive number of Hera labs
  • 13 Modules
  • 4 Sections

Course delivery

  • Self-paced, HTML5, PDF, MP4
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Test drive this course for free

I agree to receive emails from Caendra Inc.

Syllabus

Section: Incident Handling Overview

  • Module 1 : Incident Handling Process (available in pre-launch)

    The Incident Handling Process module will introduce you to the Preparation -> Detection & Analysis -> Containment, Eradication & Recovery -> Post-Incident Activity cycle (a.k.a incident response life cycle). Additionally, Incident handling procedures, activities and best practices for maximizing efficiency and performance, as well as for reducing important security metrics such as time to detect, time to respond and points of risks per host are also covered.

Section: Network Traffic & Flow Analysis Section

Section: Practical Incident Handling Section

  • Module 1 : Preparing & Defending Against Reconnaissance & Information Gathering

    In this module, you will learn all the techniques using which attackers perform reconnaissance and information gathering activities, as well as how to prepare and defend against them. The techniques to be detected range from Google/Shodan “hacking” to DNS interrogation and reconnaissance through exposed OWA, JavaScript injection, SSL certificates etc.

  • Module 2 : Preparing & Defending Against Scanning

    In this module, you will learn all the techniques using which attackers perform scanning activities, as well as how to prepare and defend against them. The techniques to be detected range from war driving and nmap/nessus scans to scanning leveraging IDS/IPS evasion, WebRTC, crafted LDAP queries and abnormal protocols.

  • Module 3 : Preparing & Defending Against Exploitation

    In this module, you will learn all the techniques, tactics and procedures using which attackers manage to gain initial foothold into a network, as well as how to prepare and defend against them. The attacks to be detected range from Passive/Active sniffing, DNS cache poisoning and remote/web attacks to misusing/brute-forcing Microsoft authentication and the whole spectrum of Kerberos attacks (overpass-the-hash, kerberoasting etc.)

  • Module 4 : Preparing & Defending Against Post-Exploitation

    In this module, you will learn all the techniques, tactics and procedures that attackers employ in order to escalate their privileges and move laterally as well as vertically, after initial foothold is gained. Detecting RATs, rootkits, possible attack path identification attempts and credential reuse are covered, alongside detection techniques such as privileged access monitoring/privilege escalation detection, abnormal system interaction monitoring, log editing detection, covert channels detection and persistence detection.

Section: SOC 3.0 Operations & Analytics Section

  • Module 1 : SIEM Fundamentals & Open Source Solutions

    In this module, you will get accustomed to working with some of the most effective and open-source SIEM solutions such as Customized ELK Stacks, Splunk, Osquery, etc.

  • Module 2 : Logging

    This module will cover actionable logging, including formats, manipulations, custom parsing etc.

  • Module 3 : SMTP, DNS & HTTP(S) Analytics

    In this module, you will witness how common protocol analytics can greatly increase your network visibility, in an attempt to detect abnormal and probably malicious actions. More specifically, you will see how you can extract actionable intrusion-related information by performing SMTP, DNS, HTTP and HTTPS analytics.

  • Module 4 : Endpoint Analytics

    In this module, you will learn about the most important logs/events, correlation strategies, regex usages and SIEM queries that you can leverage to detect adversaries on your endpoints at scale. You will also see how tactical threat intelligence and adversary simulation software can help you upgrade your endpoint adversary detection capabilities.

  • Module 5 : Creating a Baseline & Detecting Deviations

    In this module, you will witness how baselining your environment can result in easier, more efficient and more effective intrusion detection. Topics like asset inventorying and detecting changes in filesystem access, installed/used software, scripting usage and system interactions are covered. Detecting abnormalities in generated traffic as well as detecting changes in user behavior are also documented.

Download PDF Syllabus

Pre-requisites

  • Networking
  • Protocols
  • Operating systems
  • Security devices

This training course is for...

  • SOC Analysts
  • CSIRT Members
  • Incident Handlers
  • Incident Responders
  • Red Team members who want to understand blue team tactics and deliver stealthier penetration tests
  • IT Security Personnel in charge of defending their organization’s assets

Certification

Get eCIRv1 Certification

Obtain the eCIRv1 (eLearnSecurity Certified Incident Responder) certification and prove your practical skills with the only 100% practical certification on Incident Handling & Response.

Learn more

Instructor

  • Dimitrios Bougioukas
    Dimitrios Bougioukas

    Dimitrios Bougioukas, Training Director of eLearnSecurity, holds a B.Sc. in Computer Science from the Athens University of Economics and Business. For the past 5 years, he has worked as a Business Information Security Engineer and Information Security Analyst for a major financial institution, as a Penetration Tester within EY's practice and as a Senior IT Security Researcher and Trainer within eLearnSecurity. Dimitrios specializes in advanced cyber threat simulation, threat intelligence, and purple team tactics. He has been engaged in numerous penetration testing activities against critical infrastructure, web applications, and mobile applications. In terms of research, Dimitrios has presented at information security conferences such as BSides and has received acknowledgments from security, telecom, and other major companies for finding and reporting vulnerabilities in their web applications, in a responsible manner (IBM Trusteer, LG etc.). In the context of his professional career, his work led to international and regional information security awards in prestigious and highly competitive contests such as Retail Banker International Awards.

Enroll now and get access to all of our material and labs!

Go to top of page