Hands-On Incident Response Fundamentals

By Ryan Chapman
Companies around the world are in dire need of qualified IR analysts. Whether you work in security now or intend to transition to the field, this course will teach you the fundamental skills you'll need to thrive in the world of hands-on security.
Play course overview
Course info
Rating
(97)
Level
Beginner
Updated
Jan 20, 2017
Duration
3h 22m
Table of contents
Course Overview
Course Overview 2m
Incident Response: Job Security at Its Best
Course Introduction 3m Defining IR, Course Pre-reqs, and Demo Setup 3m Module Wrap-up 1m The Talent Divide 5m Who Does the Things? 5m
The Nature of the Threat: Why Are We Here?
APT Group Exposé: APT1 & APT28 6m APT Modus Operandi 7m Attackers: Commodity vs. APT 5m Demo: VirusTotal and OpSec Considerations 13m Module Intro 2m The Importance of Operations Security 7m The Threat Is Real 6m
Common IR Tasks: An Overview
Demo: Reviewing and Parsing Logs 22m Demo: Understanding and Fielding Alerts 9m Logs: Convenient Morsels of Evidence 8m Module Intro 1m Module Wrap-up 1m The Groundwork: Terms and Definitions 4m
Analyzing Files: Character Encodings, Carrier Files, and Hex Editors
ASCII and Unicode 6m An Introduction to Hex Editors 7m Character Encodings Overview 2m Demo: Base64 Encoding & Decoding 7m Demo: Using a Hex Editor to Identify Files 9m Hexadecimal and Character Encodings Comparison 3m Module Intro 1m Module Wrap-up 1m Much Ado About Base64 4m Understanding Carrier Files & File Signatures 5m
Proactive IR: Intelligence, Indicators of Compromise, and Hunting
Becoming an Intel Shop 3m Demo: Intel Pivoting Tools 10m Demo: OpenIOC Creation 7m Indicators of Compromise 10m Intel Sharing: IOC File Formats 2m Module Intro 1m Module Wrap-up 1m The Types of Cyber Threat Intelligence 4m
Course Review & Next Steps
Course Wrap-up 1m Module Overview 1m What's Next? 7m
Description
Course info
Rating
(97)
Level
Beginner
Updated
Jan 20, 2017
Duration
3h 22m
Description

Most companies have a difficult time finding and hiring qualified Incident Response (IR) analysts. For that matter, many whom make their way into this hands-on security profession lack a solid foundation. In this course, Hands-On Incident Response Fundamentals, you'll be prepared to take on the task of IR by being presented with the core principles associated with the field. First, you'll learn to differentiate between commodity and Advanced Persistent Threat attack groups. Next, you'll discover how to review alerts, log files, and recognize common character encodings and carrier files. Finally, you'll cover how to use a hex editor effectively and work with indicators of compromise. By the end of this course, you'll be ready to take on the task of responding to events and incidents alike. Strong IR analysts must have a strong foundation, and that's exactly what this course intends to provide you.

About the author
Ryan Chapman
About the author

Ryan is a certified incident response analyst and reverse engineer who also wears the hats of forensic analyst and developer. He enjoys speaking at conferences and performing stand-up comedy. Ryan spent six years as a technical trainer, and he is passionate about life-long learning.

More from the author
Streamlining Your Incident Response Process with Splunk
Beginner
1h 13m
Dec 17, 2018
Operationalizing Cyber Threat Intel: Pivoting & Hunting
Intermediate
2h 34m
Oct 22, 2018
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hiya folks, my name is Ryan Chapman, and welcome to my course, Hands-On Incident Response Fundamentals. I'm an incident handler, malware reverse engineer, and forensic analyst by trade. I love to run my mouth and share information, which is why I have presented workshops and talks in various security conferences. However, I am extremely proud to present my first course on IR here at Pluralsight. Cyberattacks are taking place every minute of the day around the world. Unfortunately, most companies have difficulty finding and hiring IR analysts, due to the lack of qualified individuals from which to choose. Hence, the reason that I've created this very course. This course provides an overview of the core principles of hands-on IR. Some of the major topics that we will cover include understanding the differences between commodity and advanced persistent threat attack groups, fielding alerts and analyzing log files, performing triage-level file analysis using a hex editor, and working with threat intelligence. By the end of this course, you will be familiar with tier-one triage requirements and be ready to analyze anomalous events in the security information and event management platform. Before beginning the course, you should be familiar with basic computer networking and have a passion for learning. I hope you'll join me on this journey to bolster your understanding of the IR realm with the Hands-on Incident Response Fundamentals course, here at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT