This five-day course teaches advanced investigative techniques to incident responders on the frontline to help identify and scope intrusions by government, financial, and political threat groups.
The course includes a series of hands-on exercises which will allow the student to explore the foundations of what they have learnt and expand on them, directly applying techniques to real world scenarios. Students will learn how to identify, detect, and hunt for advanced techniques, defeating malware obfuscation and applying hunting techniques at scale across both traditional endpoint and cloud based infrastructure.
The course covers historic and live attacker scenarios, and techniques that the defender can use during an active firefight to mitigate potential losses for the company.
Prerequisites: Students should possess an excellent knowledge of computer and operating system fundamentals. Computer programming fundamentals and Windows Internals experience are highly recommended. Completion of Mandiant’s Windows Enterprise Incident Response and/or Linux Enterprise Incident Response courses is also recommended.
This is a fast-paced technical course that is designed to provide hands-on experience investigating targeted attacks and the analysis steps required to triage compromised systems. The content and pace are intended for students with some background in security operations, incident response, forensic analysis, network traffic analysis, log analysis, security assessments and penetration testing, or even security architecture and system administration duties. It is also well suited for those managing CIRT/incident response teams, or in roles that require oversight of forensic analysis and other investigative tasks.
In-person instructor-led training
5 days (in-person delivery)
A computer with internet connection and a modern browser (such as Google Chrome).