Security Incident Analyst – Level 1 [CSR101]

To respond effectively to cyber security challenges, SOC-Members must constantly develop and test their knowledge and effectiveness. One of the best ways to do this is to test their readiness against simulated attack scenarios at a hyper-realisitic Cyber Simulation Range. This course sets the stage for future security analysts to deal with cyber-attack scenarios – ranging from basic to complex – which include legacy, current and emerging threat vectors.

• Utilize integrated tools of a SOC Technology Stack
• Efficiently detect, assess and determine the scope of incidents
• Enrich event information utilizing external Threat Intelligence
• Understand the functionality of a state-of-the-art SOC
• Perform different tasks in various SOC roles

• SOC analysts who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across an enterprise.
• Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and respond.
• Information Security Professionals who may encounter data breach incidents and intrusions.

• The Advanced Cyber Defense Center

  •  Mission statement, services and maturity level
  •  Team structure, roles and responsibilities
  •  Metrics, KPIs, alert prioritization
  •  Incident categorization, triage process

  •  IR processes & playbooks

• The Cyber Simulation Range

  • Understanding the simulated IT infrastructure
  • Introduction to communication, documentation, process management
  • Understanding the SOC technology stack and tool-base

  • Instruction and assignment of the roles in the SOC

• Practical Training Sessions in IT environments

  • Understanding the adversaries kill chain, tactics, techniques
  • Searching Indicators of Compromise (IoC) in logs, flows, apps, OS
  • Identification of compromised systems
  • Detecting indicators of lateral movement Scoping single and multiple path attacks with increasing complexity
  • Finding active and dormant malware, bots and backdoors
  • Discover common hiding & evasion techniques
  • Understanding the full picture and proof evidence of persistence
  • Apply forensic post mortem offline analysis

CSR101 is an incident analytics course that focuses on detection and analysis of cyber threats against IT environments. The course will not cover the introduction or basics of log analysis, working with SIEM systems, sandboxes, etc.

• Most important: A passion for IT security​
• OS basics for Windows and Linux​
• Network basics regarding the OSI model​
• Logging and log analysis basics​
• Nice to have: Hacking basics (Metasploit, Mimikatz, Kali, WebApp hacking etc.)​