C)IHE - Certified Incident Handling Engineer

 

COURSE OVERVIEW

 

The Certified Incident Handling Engineer vendor neutral certification is designed to help Incident Handlers, System Administrators, and any General Security Engineers understand how to plan, create and utilize their systems in order to prevent, detect and respond to attacks.

 

In this in-depth training, students will learn step-by-step approaches used by hackers globally, the latest attack vectors and how to safeguard against them, Incident Handling procedures (including developing the process from start to finish and establishing your Incident Handling team), strategies for each type of attack, recovering from attacks and much more.

 

Furthermore, students will enjoy numerous hands-on laboratory exercises that focus on topics, such as reconnaissance, vulnerability assessments using Nessus, network sniffing, web application manipulation, malware and using Netcat plus several additional scenarios for both Windows and Linux systems.

 

BENEFITS OF CIHE COURSE

Graduates of the mile2 Certified Incident Handling Engineer training obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against threats. This course covers the same objectives as the SANS® Security 504 training and prepares students for the GCIH® and CIHE certifications

 

WHAT'S INCLUDED IN THE COURSE KIT?

  • Individual Course Access
  • Course Video
  • Physical, Printed Course book
  • Exam Prep Guide
  • Exam Simulator
  • Exam

C)IHE - Certified Incident Handling Engineer - Physical Course Kit & Exam

£950.00Price
  • Module 1 - Incident Handling Explained

    • Security Events
    • Logs
    • Alerts
    • What is an Incident?
    • Security Incident
    • Indication of Compromise
    • What is Incident Handling?
    • Difference between IH and IR
    • Common Tools
    • IPS vs WAF
    • SOC
    • Six Step Approach to Incident Handling

    Module 2 - Threats, Vulnerabilities and Exploits

    • Overview
    • Vulnerabilities
    • Exploits
    • Threat
    • Incident Classification

    Module 3 – Preparation

    • Overview
    • Policies & Procedures
    • The Team
    • Identify Incident Handling Team
    • Roles of the Incident Handling Team
    • IH Team Makeup
    • Team Organization
    • Incident Communication
    • Incident Reporting
    • Incident Response Training and Awareness
    • Underlining Technologies
    • Anti-virus
    • SEIM
    • User Identity
    • Ticketing Systems
    • Digital Forensics
    • eDiscovery
    • Data Backup and Recovery
    • Underlining Technologies
    • Technical Baselines
    • System Hardening
    • Summary

    Module 4 - First Response

    • Overview
    • Responder Toolkit
    • Responder’s System
    • What to look for
    • Attention
    • Volatility
    • First things first
    • Review
    • Goal
    • Challenges
    • Categorize Incidents
    • Incident Signs
    • Basic Steps
    • Receive
    • Examples of Electronic Signs
    • Examples of Human Signs
    • Analyze
    • Analysis
    • Incident Documentation
    • Incident Prioritization
    • Incident Notification

    Module 5 – Containment

    • Containment
    • Goals
    • Delaying Containment
    • Choosing a Containment Strategy
    • On-site Response
    • Secure the Area
    • Conduct Research
    • Procedures for Containment
    • Make Recommendations
    • Establish Intervals
    • Capture Digital Evidence
    • Change Passwords
    • Overview

    Module 6 – Eradication

    • Overview
    • Eradication
    • Goals
    • Procedures for Eradication
    • Determine Cause
    • Procedures for Eradication

    Module 7 – Recovery

    • Recovery
    • Goals
    • Procedure for Recovery
    • Overview

    Module 8 –  Follow-Up

    • Overview
    • Follow-up
    • Goals
    • Procedures of Follow-up

    Module 9 – Advanced - Computer Security Incident Response Team

    • Incident Management Definition
    • What is a CSIRT?
    • CSIRT Goals and Examples
    • Building a CSIRT

    Module 10 – Advanced - Log File Analysis

    • Log Analysis and Intrusion Detection
    • Web Server Log Analysis
    • Advanced evidence collection and analysis of web browser activity
    • Exploring the Role of email in Investigations
    • Phishing Analysis

    Module 11 – Advanced - Malware, Rootkits and Botnets

    • Malware
    • Mobile Code
    • Botnets and Rootkits
    • Window and Linux Rootkits

    Module 12 – Advanced - Artifact Analysis

    • Artifact Analysis Fundamentals
    • Safety Precautions
    • Tools Overview
    • Processing and Storing Artifacts
  • Lab 1 – Tools Introduction

    • Section 1 – Recording IPs and Logging In
    • Section 2 – Wireshark   
    • Section 3 – Netstat       
    • Section 4 – Netcat        

    Lab 2 – Cyber Attacks - Networking    

    • Section 1 – IP Space Scanning 
    • Section 2 – Port Scanning         
    • Section 3 – Network Based Attacks       

    Lab 3 – Cyber Attacks – Web Application       

    • Section 1 – SQL Injection          
    • Section 2 – Command Execution          
    • Section 3 – Brute Force the Login         
    • Section 4 – Session Management          
    • Section 5 – Cross Site Scripting (XSS)  

    Lab 4 – Cyber Attacks – Viruses         

    • Section 1 – Analyze Viruses      

    Lab 5 – Ticketing System        

    • Section 1 – Request Tracker     
    • Section 2 – Request Tracker Incident Response

    Lab 6 – SysInternals Suite      

    • Section 1 – Process-Performance Tools
    • Section 2 – Security Tools        
    • Section 3 – Network and Communication Tools  

    Lab 7 – Creating and Managing a CSIRT Action Plan 

    • Section 1 – Action Plan 
    • Section 2 – Benchmarking Practices      

    Lab 8 – Log Analysis  

    • Section 1 – Analyzing a Shell History File           
    • Section 2 – Analyzing Logs for Web Attacks      
    • Section 3 – Analyzing Logs for Microsoft SQL Attacks

    Lab 9 – Exploits and DoS       

    • Section 1 – Crashing a Windows 7 PC
    • Section 2 – Exploit MS Word to Embed a Listener on a Computer           

    Lab 10 – Stuxnet Trojan: Memory Analysis with Volatility      

    • Section 1 – Memory Analysis using Volatility      

    Lab 11 – Find the hack(s) lab  

    • Section 1 – Find the Hack(s)     

©2019 by Oddfellows Services Ltd t/a OFS.

Registered in England Number 11987380

Registered Office : International House, 24 Holborn Viaduct, London, EC1A 2BN, London, United Kingdom.

Email : operations@ofsec.co.uk

Telephone : +44 (0) 203 787 4785