Incident analysts and threat responders have a challenging time understanding complex, multi-level attacks and APT adversary intrusions without pre-built indicators of compromise or threat intelligence gathered before a breach. One of the best ways to enhance capabilities is to test personal readiness in advanced attack scenarios at a hyper-realisitic Cyber Simulation Range. This course sets the stage for security analysts to handle more complex cyber-attack scenarios defending both IT landscapes and OT / production environments.​

• Understand emerging challenges and possible solutions in the field of IT & OT security
• Utilize advanced SOC tools to filter out the signal within the noise of security alerts
• Efficiently detect, assess and determine complex, multi-level and targeted attacks
• Respond efficiently to critical security incidents in situations of stress accordingly
• Work in a team of security analysts, incident responders and forensic experts

• SOC analysts who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across an enterprise.
• Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and respond.
• Information Security Professionals who may encounter data breach incidents and intrusions.

• Advanced Cyber Defense Center
  • Next generation security tools for larger cyber defense center
  • Monitoring of security-related events in both IT, IoT and OT environments
  • Orchestration and information enrichment of security-relevant events
  • Automation of routine tasks in order to free time to focus on important tasks
  • Deception and denial of attackers in realtime
  • Gathering, enrichment and sharing of IoCs using TI
• Extended Cyber Simulation Range
  • Familiarize with the setup of a hyper-realistic advanced CSR infrastructure
  • Understand the need for advanced SOC tools and actively use the technology
  • Understand the specifics of industrial & production environments
  • Stay efficient and avoid mistakes even in situations of stress
• Extended Cyber Simulation Range
  • Practical training sessions in IT and OT environments
  • Understand the adversaries kill chain, tactics, techniques
  • Search for indicators of compromise (IoC) in logs, flows, protocols, executables
  • Identify reconnaissance, lateral movement, compromise, critical function calls, post-exploitation
  • Scope single and multiple path attacks with increasing complexity
  • Find active and dormant malware, bots and backdoors
  • Discover common hiding & evasion techniques
  • Actively defend an industrial production site against targeted attacks
  • Collect evidence of persistence and apply forensic post mortem offline analysis

CSR102 is an incident analytics and threat hunting course that focuses on detection and analysis and response of advanced persistent threats against IT and OT environments. It’s required to attend CSR101 first.