Overview

This is the first cross-discipline course of its’ kind that covers the essential knowledge and hands-on practical skills needed for intrusion detection, incident handling, computer/network forensics, and malware reverse engineering.
This course raises the bar and sets a new security baseline for existing practitioners and aspiring Intrusion Analysis and Digital Forensics professionals. Every team member should take this course at some point along their career path. Following this course, a student may challenge the CREST core skills exam resulting in the CREST Registered Intrusion Analyst (CRIA) professional qualification.

Prerequisites

Individuals who want to advance within their current computer security careers or migrate to a related career

Delegates will learn how to

You will learn how to detect an attack, how to handle it, how to trace and acquire the evidence, investigate, analyze and reconstruct the incident. We then lay the groundwork for malware analysis by presenting the key tools and techniques malware analysts use to examine malicious programs. Practical exercises throughout ensure that the skills learned can be put to work immediately and that you are prepared for the CRIA practical exam.

Outline

Soft Skills and Incident Handling

  • Incident Chronology
  • Record Keeping, Interim Reporting and Final Results

Core Technical Skills

  • IP Protocols
  • Common Classes of Tools
  • Application fingerprinting
  • Network Access Control Analysis
  • Host Analysis Techniques

Networking Intrusion Analysis

  • Data Sources and Network Log Sources
  • Beaconing
  • Command and Control Channels
  • Exfiltration of Data
  • Incoming Attacks
  • Reconnaissance
  • Internal Spread and Privilege Escalation
  • False Positive Acknowledgement

Analyzing Host Intrusions

  • Windows File System Essentials
  • Windows File Structures
  • Application File Structures
  • Windows Registry Essentials
  • Identifying Suspect Files
  • Memory Analysis
  • Infection Vectors
  • Live Malware Analysis

Reverse Engineering Malware

  • Functionality Identification
  • Processor Architectures
  • Windows Executable File Formats
  • Behavioral Analysis