Track 1: Incident Response

Incident Response

Students learn the necessary concepts and skills for responding effectively to cyber security incidents. The goal is to provide participants with the equivalent skills and experience one would obtain working a full month on a professional Incident Response team dealing with an Advanced Persistent Threat intrusion. Students are trained on the three core pillars of incident response: Host Forensics, Network Archaeology and Malware Analysis. Students are also given the opportunity to learn about Incident Coordination and Operational Technology.

In addition to classroom training and lectures, students spend most of their time working on a small team project investigating real data from a historical incident. At the conclusion of the program, students present their findings to senior management in standard incident reporting format.

Network Archaeology

In this course, you will learn how to take a packet capture file containing an unknown custom binary protocol, and extract encoded/obfuscated payloads into decoded command and control and file transfer traffic.

Host Forensics

This course covers both memory and disc forensics. Beginning with an overview of forensics, we dive into forensic techniques for rapid incident response, with a focus on understanding from a conceptual level, not just following recipes.

Malware Analysis

Determining what software does without having to run anything is the core skill of Malware Analysis: we use this to report on malicious software (Malware) without further compromising computation resources by infection. Students analyze malware using static and dynamic analysis techniques, and learn to monitor the actions of executing malware and extract indicators of compromise.

Incident Coordination

Technical response is pointless without effective communication. This course introduces participants to strategies and techniques for effective incident management

Operational Technology

Operational Technology (OT) operates in every industry and with this convergence, OT has become a critical component that effect all different types of cyber professionals, including incident responders, security operations center staff, red team, penetration testers, and cyber analysts looking to gain an understanding of OT cyber assurance. This course is an introductory course to OT cyber principles, practices and forensics.