Close
Contact Us info@learnquest.com

??WelcomeName??
??WelcomeName??
« Important Announcement » Contact Us 877-206-0106 | USA Flag
Close
Close
Close
photo

Thank you for your interest in LearnQuest.

Your request is being processed and LearnQuest or a LearnQuest-Authorized Training Provider will be in touch with you shortly.

photo

Thank you for your interest in Private Training.

We look forward to helping you develop the perfect training solution to help you meet your company's goals.

For immediate assistance, speak with one of our representatives using the chat module below. Otherwise, LearnQuest or a LearnQuest-Authorized Training Provider will be in touch with you shortly.

Close
photo

Thank you for your interest in LearnQuest!

Now, you will be able to stay up-to-date on our latest course offerings, promotions, and training discounts. Watch your inbox for upcoming special offers.

title

Date: xxx

Location: xxx

Time: xxx

Price: xxx

Please take a moment to fill out this form. We will get back to you as soon as possible.

All fields marked with an asterisk (*) are mandatory.

EC-Council Certified Incident Handler ECIH v3

Price
1,500 USD
3 Days
EC-ECIHv3
Classroom Training, Online Training
EC-Council ATC

AWS Training Pass

Take advantage of flexible training options with the AWS Training Pass and get Authorized AWS Training for a full year.

Learn More

Prices reflect a 22.5% discount for IBM employees (wherever applicable).
Prices reflect a 24% discount for Kyndryl employees (wherever applicable).
Prices reflect the Accenture employee discount.
Prices shown are the special AWS Partner Prices.
Prices reflect the Capgemini employee discount.
Prices reflect the UPS employee discount.
Prices reflect the ??democompanyname?? employee discount.
GSA Private/Onsite Price: ??gsa-private-price??
For GSA pricing, please go to GSA Advantage.
 

Class Schedule

Delivery Formats

Sort results

Filter Classes

Guaranteed to Run

Modality

Location

Language

Date

  • Date: 22-Jul-2024 to 24-Jul-2024
    Time: 9AM - 5PM US Eastern
    Location: Virtual
    Language: English
    Delivered by: LearnQuest
    Price: 1,500 USD
  • Date: 14-Oct-2024 to 16-Oct-2024
    Time: 9AM - 5PM US Eastern
    Location: Virtual
    Language: English
    Delivered by: LearnQuest
    Price: 1,500 USD
  • Date: 25-Nov-2024 to 27-Nov-2024
    Time: 9AM - 5PM US Eastern
    Location: Virtual
    Language: English
    Delivered by: LearnQuest
    Price: 1,500 USD
  • Date: 6-Jan-2025 to 8-Jan-2025
    Time: 9AM - 5PM US Eastern
    Location: Virtual
    Language: English
    Delivered by: LearnQuest
    Price: 1,500 USD
View Global Schedule

Course Description

Overview


 

Objectives


 

Audience


 

Prerequisites


     

Topics

Module 01: Introduction to Incident Handling and Response Understand Information Security Threats and Attack Vectors
  • Elements of Information Security
  • Motives, Goals, and Objectives of Information Security Attacks
  • Threat and Threat Actors
    • Threats Sources
    • Types of Threat Actors
    • Attributes of Threat Actors
  • Information Security Attack Vectors
  • Classification of Attacks
  • Impact of Information Security Attacks
  • Vulnerability Classification
Explain Various Attack and Defense Frameworks
  • EC-council’s Hacking Methodology
    • Footprinting
    • Scanning
    • Enumeration
    • Vulnerability Analysis
    • System Hacking
  • Gaining Access
  • Escalating Privileges
  • Maintaining Access
  • Clearing Logs
  • Cyber Kill Chain Methodology
  • MITRE ATT&CK Framework
  • MITRE D3FEND
  • RE&CT Framework
  • Tactics, Techniques, and Procedures (TTPs)
    • Tactics
    • Techniques
    • Procedures
  • Indicators of Compromise
    • Categories of Indicators of Compromise
Understand Information Security Concepts
  • Vulnerability Assessment
  • Risk Management
  • NIST Risk Management Framework
  • Cyber Threat Intelligence
    • Types of Threat Intelligence
  • Threat Modeling
    • Threat Modeling Process
  • Threat Hunting
    • Threat Hunting Steps
Understand Information Security Incidents
  • Information Security Incidents
  • Signs of an Incident
    • Sources of Precursors and Indicators
  • Cost of an Incident
Understand the Incident Management Process
  • Incident Management
  • Incident Handling and Response (IH&R)
  • Advantages of Incident Handling and Response
  • OODA Loops in Incident Response
  • Importance of ChatGPT in Incident Response
Understand Incident Response Automation and Orchestration
  • Incident Response Automation
  • Incident Response Orchestration
  • Working of Incident Response Orchestration
  • Advantages of Incident Response Orchestration
Describe Various Incident Handling and Response Best Practices
  • Best Practices
    • OWASP
    • ENISA
    • FTC
Explain Various Standards Related to Incident Handling and Response
  • ISO/IEC 27000 Series
  • ISO/IEC 27001
  • Other ISO Standards
    • ISO/IEC 27002
    • ISO/IEC 27035
    • ISO/IEC 27037
    • ISO/IEC 27041
    • ISO/IEC 27042
    • ISO/IEC 27043
    • ISO/IEC 27050
    • ISO 22320:2018
  • FFIEC
  • Payment Card Industry Data Security Standard (PCI DSS)
  • NERC 1300 Cyber Security
    • NERC 1307: Incident Reporting and Response Planning
Explain Various Cybersecurity Frameworks
  • NIST Special Publication 800-61
  • ITIL Incident Management
  • COBIT Framework
  • CIS Critical Security Controls
Understand Incident Handling Laws and Legal Compliance
  • Role of Laws in Incident Handling
  • Legal and Jurisdictional Issues When Dealing with an Incident
  • Sarbanes–Oxley Act (SOX)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Federal Information Security Management Act (FISMA)
  • Gramm–Leach–Bliley Act (GLBA)
  • General Data Protection Regulation (GDPR)
  • Data Protection Act 2018
  • The Digital Millennium Copyright Act (DMCA)
  • CAN-SPAM Act
  • Cyber Laws That May Influence Incident Handling
Module 02: Incident Handling and Response Process Understand Incident Handling and Response (IH&R) Process
  • Introduction to Incident Handling and Response (IH&R) Process
  • Importance of IH&R Process
  • Overview of IH&R Process Flow
  • The Golden Hour of Incident Response
Step 1: Preparation for Incident Handling and Response
  • Process Flow of Preparation for IH&R
  • Determine the Need for IH&R Processes
  • Define IH&R Vision and Mission
  • Management Approvals and Funding
  • Develop an IH&R Plan
  • Develop IH&R Policy
  • Develop IH&R Procedures
  • Build IH&R Team
    • Roles and Responsibilities of an IH&R Team
    • IH&R Team Placement in an Organization
    • IH&R Team Models and Staffing
    • IH&R Team Selection Factors
    • Training and Preparing IH&R Personnel
  • Develop Incident Response Readiness Procedures
    • Role of Computer Forensics in Incident Handling
    • Establish Forensic Readiness
  • Forensic Readiness and Business Continuity
  • Forensic Readiness Planning
  • Forensic Readiness Procedures
  • Forensic Policy
  • Forensics in the Information System Life Cycle
  • Creating an Investigation Team
  • Maintaining an Inventory
  • Host Monitoring
  • Network Monitoring
    • Build Incident Response Toolkit
    • Incident Responder Toolkit Requirements
    • Establish Reporting Facilities
  • Incident Reporting Template
    • Establish Structured Record Keeping Facilities
    • Establish Playbooks and Runbooks for Incident Response
  • Playbooks
  • Runbooks
    • Establish Communication Procedures for Internal Teams and External Groups
  • Develop a Communication Plan
  • Communication with External Reporting Bodies
    • Establish Incident Response Metrics
  • Key Performance Indicators (KPIs)
  • Key Result Indicators (KRIs)
  • Key Control Indicators (KCIs)
  • Service Level Agreements (SLAs)
  • Evaluate the Current Security Posture
    • Implement Security Policy, Procedures, and Awareness
    • Implement Security Controls
  • Administrative Security Controls
  • Physical Security Controls
  • Technical Security Controls
    • Implement a Robust Backup Strategy
    • Choosing a Good Cyber Insurance Policy
  • Why Do Organizations Need Cyber Insurance?
Step 2: Incident Recording and Assignment
  • Process Flow of Incident Recording and Assignment
  • Define Incident Escalation Procedures for Employees
    • Role of IT Support and Help Desk
    • Ticketing System
  • SolarWinds Web Help Desk (WHD)
  • AlienVault OSSIM
Step 3: Incident Triage
  • Process Flow of Incident Triage
  • Incident Analysis and Validation
  • Incident Classification
  • Incident Prioritization
    • Incident Prioritization Categories
  • Functional Impact of the Incident
  • Information Impact of the Incident
  • Recoverability Effort Categories
  • Tools for Incident Triage
Step 4: Notification
  • Notification Process Flow
  • Point of Contact
  • Notification Details
  • Internal Communication
    • Considerations for Internal Incident Communication
  • External Communication
    • External Bodies to Communicate During an Incident
    • Develop or Prepare for Media Queries
  • Incident Notification Form
  • Tools for Incident Notification
Step 5: Containment
  • Process Flow of Incident Containment
  • Incident Containment
    • Criteria for selecting appropriate containment procedure
  • Guidelines for Incident Containment
Step 6: Evidence Gathering and Forensic Analysis
  • Process Flow of Evidence Gathering and Forensics Analysis
  • Evidence Gathering and Forensics Analysis
  • Evidence Handling
Step 7: Eradication
  • Process Flow of Eradication
  • Eradication
Step 8: Recovery
  • Recovery Process Flow
  • Systems Recovery
    • Determine the Course of Action
    • Monitor and Validate the Systems
Step 9: Post-Incident Activities
  • Process Flow of Post-Incident Activities
  • Incident Postmortem
  • After-Action Report (AAR)
    • Building the Appropriate After-Action Report (AAR)
  • Recap
  • Review
  • Analysis
  • Areas of Improvement
  • Lessons Learned
  • Incident Documentation
    • Concise and Clear
    • Written in a Standard Format
    • Reviewed by Editors
  • Report Writing Tools
  • Incident Impact Assessment
  • Review and Revise Policies
    • Employee Training and Awareness
  • Close the Investigation
  • Incident Disclosure
    • Incident Disclosure Procedure
Information Sharing Activities
  • Establish Information Sharing Capabilities
    • Team-to-Team Information Sharing
    • Team-to-Coordinating Team Information Sharing
    • Coordinating Team-to-Coordinating Team Information Sharing
  • Information Sharing Techniques
    • Ad hoc
    • Partially automated
    • Security considerations while sharing incident information
  • Granular Information Sharing
    • Business Impact Information
    • Technical Information
  • NIST Information Sharing Recommendations
Module 03: First Response Explain the Concept of First Response
  • First Response
  • First Responder
    • Roles of First Responder
  • First Response Basics
  • First Response: Different Situations
    • First Response by Non-forensics Staff
    • First Response by System/Network Administrators
    • First Response by Laboratory Forensics Staff
  • Documenting the Electronic Crime Scene
  • Collecting Incident Information
  • Planning the Search and Seizure
  • Identifying and Collecting Electronic Evidence
  • Packaging Electronic Evidence
  • Transporting Electronic Evidence
  • First Responder Common Mistakes
  • Health and Safety Issues
Understand the Process of Securing and Documenting the Crime Scene
  • Documenting the Electronic Crime Scene
    • Photographing and Sketching the Scene
  • Planning the Search and Seizure
  • Collecting Incident Information
    • Conducting Preliminary Interviews
  • Initial Search of the Scene
  • Securing and Evaluating the Crime Scene
  • Seizing Evidence at the Crime Scene
Understand the Process of Collecting Evidence at the Crime Scene
  • Collecting the Evidence
  • Dealing with Powered-On Computers
  • Dealing with Powered-Off Computers
  • Dealing with Networked Computers
  • Dealing with Open Files and Startup Files
  • Operating System Shutdown Procedure
    • Windows OS
    • macOS
    • UNIX/Linux OS
  • Dealing with Smartphones or Other Handheld Devices
Explain the Process for Preserving, Packaging, and Transporting Evidence
  • Preserving Evidence
  • Chain of Custody
    • Simple Format of the Chain of Custody Document
    • Chain of Custody Form
  • Evidence Bag Contents List
  • Packaging Evidence
  • Exhibit Numbering
  • Determining the Location for Evidence Examination
  • Transporting and Storing Evidence
Module 04: Handling and Responding to Malware Incidents Understand the Handling of Malware Incidents
  • Introduction to Malware Incident Handling
  • Malware Propagation Techniques
  • Common Techniques Attackers Use to Distribute Malware on the Web
Explain Preparation for Handling Malware Incidents
  • Preparing Malware Incident Response Team
  • Importance of Safely Handling Malware
    • Steps to Handle Malware Safely
Understand Detection of Malware Incidents
  • Indicators of Malware Incidents
  • Indicators of Trojan Incidents
  • Indicators of Virus Incidents
  • Indicators of Fileless Malware Incidents
  • Detecting Malware Intrusion using YARA Rules
  • Detecting Fileless Malware Incidents using SentinelOne
  • Tools for Detecting Remote Access Trojans (RATs)
  • Tools for Detecting Malware in Encrypted Network Traffic
  • Tools for Detecting Fileless Malware
Explain Containment of Malware Incidents
  • Containment of Malware Incidents
  • Tools for Containment of Malware Incidents
Describe How to Perform Malware Analysis
  • Preparing Malware Testbed
  • Malware Analysis Tools
    • Hardware Tools
    • Software Tools
  • Malware Analysis Techniques
    • Live-System/Dynamic Analysis
  • Port Monitoring
  • Process Monitoring
  • Registry Monitoring
  • Windows Services Monitoring
  • Startup Programs Monitoring
  • Event Logs Monitoring/Analysis
  • Installation Monitoring
  • Files and Folders Monitoring
  • Device Drivers Monitoring
  • Network Traffic Monitoring /Analysis
  • DNS Monitoring/Resolution
  • API Calls Monitoring
  • System Calls Monitoring
  • Scheduled Tasks Monitoring
  • Browser Activity Monitoring
  • Identifying Remote Access Trojans (RATs)
  • Analyzing Linux-based Fileless Malware using Command Line Utilities
    • Memory Dump/Static Analysis
  • File Fingerprinting
  • Local and Online Malware Scanning
  • Performing Strings Search
  • Identifying Packing/Obfuscation Methods
  • Finding the Portable Executables (PE) Information
  • Identifying File Dependencies
  • Malware Disassembly
  • Analyzing ELF Executable Files
  • Analyzing Mach Object (Mach-O) Executable Files
  • Malicious Mach-O Binaries
  • Reverse Engineering Mach-O Binaries
  • Analyzing Malicious MS Office Documents
  • Finding Suspicious Components
  • Finding Macro Streams
  • Dumping Macro Streams
  • Identifying Suspicious VBA Keywords
  • Memory Dump Analysis using Volatility Framework
    • Intrusion Analysis
  • Detecting Malware via its Covert Storage/Hiding Techniques
  • Detecting Malware via its Covert Communication Techniques
  • Analyzing Malware Alerts using Microsoft 365 Defender
Understand Eradication of Malware Incidents
  • Eradication of Malware Incidents
    • Eradicating Trojan Incidents
    • Eradicating Virus and Worm Incidents
    • Eradicating Ransomware Incidents
  • Antivirus Tools
  • Anti-Trojan Software
Explain Recovery after Malware Incidents
  • Recovery after Malware Incidents
  • Tools for Recovery after Malware Incidents
Understand the Handling of Malware Incidents - Case Study
  • Handling Prestige Ransomware Incident
Describe Best Practices against Malware Incidents
  • Best Practices against Malware Incidents
  • Best Practices against Fileless Malware Incidents
  • Fileless Malware Protection Tools
Module 05: Handling and Responding to Email Security Incidents Understand Email Security Incidents
  • Introduction to Email Security Incidents
  • Types of Email Security Incidents
    • Crimes Committed by Sending Emails
  • Spamming
  • Phishing
  • Examples of Phishing Emails
  • Types of Phishing
  • Mail Bombing
  • Mail Storming
  • Malware Distribution
    • Crimes Supported by Emails
  • Identity Theft
  • Types of Identity Theft
  • Common Techniques Used by Attackers to Obtain Personal Information for Identity Theft
  • Cyberstalking
Explain Preparation Steps for Handling Email Security Incidents
  • Preparation for Handling Email Security Incidents
  • Email Filtering Tools
  • Email Monitoring Tools
  • Email Log Analysis Tools
Understand Detection and Containment of Email Security Incidents
  • Indicators of Email Attack
  • Indicators of Identity Theft
  • Detecting Phishing/Spam Mails
    • Detecting Spear Phishing Attacks
    • Tools for Detecting Spear Phishing Attacks
  • Barracuda Impersonation Protection
  • Containment of Email Security Incidents
Understand Analysis of Email Security Incidents
  • Analyzing Phishing Emails Using ThePhish
  • Tools for Analyzing Phishing/Spam Mails
  • Analyzing Email Headers
    • Example of Email Header Analysis
    • Sender Policy Framework (SPF)
    • Domain Keys Identified Mail (DKIM)
    • Steps to Analyze Email in Gmail
    • Steps to Analyze Email in Outlook
    • Tools for Analyzing Email Headers
  • Checking Email Validity
  • Examining Originating IP Address
  • Tracing Email Origin
  • Tracing Back Web-based Email
  • Email Tracking Tools
  • Analyzing Email Logs
    • Examining System Logs
    • Examining Network Equipment Logs
    • Examining Microsoft Exchange Email Server Logs
    • Examining Linux Email Server Logs
    • Analyzing Email Logs using EventLog Analyzer
  • Analyzing SMTP Logs
Explain Eradication of Email Security Incidents
  • Eradicating Email Security Incidents
  • Reporting Phishing and Spam Emails to Email Service Providers
Understand the Process of Recovery after Email Security Incidents
  • Recovery after Email Security Incident
  • Recovery of Deleted Emails
    • Gmail
    • Outlook PST
  • Email Recovery Tools
Understand the Handling of Email Security Incidents - Case Study
  • Handing DigitalOcean Mailchimp Security Incident
Explain Best Practices against Email Security Incidents
  • Email Security Checklist
  • Guidelines against Spam Emails
  • Guidelines against Phishing Emails
  • Guidelines against Identity Theft
  • Guidelines against Mail Bombing
  • Guidelines against Cyberstalking
  • Audit Organization's Security for Phishing Attacks using OhPhish
  • Anti-spamming Tools
  • Email Security Tools
Module 06: Handling and Responding to Network Security Incidents Understand the Handling of Network Security Incidents
  • Introduction to Handling Network Security Incidents
  • Common Network Security Incidents
    • Unauthorized Access Incidents
    • Inappropriate Usage Incidents
    • Denial-of-Service Incidents
    • Wireless Network Incidents
Prepare to Handle Network Security Incidents
  • Preparation Steps for Handling Network Security Incidents
  • Preparation of Network Security Incident Handling Toolkit
    • Windows-based Network Analysis Tools
    • Linux-based Network Analysis Tools
    • Vulnerability Analysis Tools
Understand Detection and Validation of Network Security Incidents
  • General Indicators of Network Security Incidents
    • Indicators of Windows-based Network Incidents
    • Indicators of Linux-based Network Incidents
  • Detection and Validation of Suspicious Network Events
  • Tools for Detecting and Validating Suspicious Network Events
  • Detecting and Analyzing Network Security Incidents using Flowmon ADS
  • Network Log Analysis Tools
Understand the Handling of Unauthorized Access Incidents
  • Indicators of Unauthorized Access Incidents
    • Physical Intrusion
    • Changes in System Configuration
    • Changes in Network
    • Changes in Administrator Settings
    • Unauthorized Data Modification
    • Unauthorized Usage of Standard User Account
    • Unauthorized Data Access
    • High Resource Utilization
  • Detecting Reconnaissance Attacks
    • Ping Sweep Attempts
    • Port Scanning Attempts
  • Half Open/Stealth Scan Attempts
  • Full Connect Scan Attempts
  • Null Scan Attempts
  • XMAS Scan Attempts
    • Social Engineering Attempts
  • Detecting Sniffing and Spoofing Attacks
    • MAC Flooding Attempts
    • ARP Poisoning Attempts
    • Other Sniffing Detection Techniques
  • Check Devices Running in Promiscuous Mode
  • Run IDS
  • Network Tools
  • Ping Method
  • DNS Method
  • ARP Method
  • Using Promiscuous Detection Tools
  • Detecting Firewall and IDS Evasion Attempts
    • Intrusion Detection Using Snort
    • Reviewing Firewalls/IDS Logs
  • Detecting Brute-force Attempts
  • Detecting SMB Attacks against Windows
  • Detecting Password Spray Attack Attempts
  • Containment of Unauthorized Access Incidents
  • Eradication of Unauthorized Access Incidents
    • Physical Security Measures
    • Authentication and Authorization Measures
    • Host Security Measures
    • Network Security Measures
  • Recovery after Unauthorized Access Incidents
Understand the Handling of Inappropriate Usage Incidents
  • Indicators of Inappropriate Usage Incidents
    • Indicators of Unauthorized Service Usage
    • Indicators of Access to Inappropriate Materials
    • Indicators of Inappropriate Resource Usage
    • Indicators of Inappropriate System and Network Activities
  • Detecting Inappropriate Usage Incidents
    • Detecting High Resource Utilization
    • Accessing Malware in Network
    • Detecting and Analyzing Malware in Network using Splunk Enterprise Security
    • Reviewing Log Entries of Application Logins
    • Analyzing Failed Login Attempts in Windows
    • Analyzing
Failed Login Attempts in Linux
  • Analyzing Network Security Device Logs
  • Analyzing Abnormal Activities in Windows-based Systems
  • Unusual User Accounts
  • Unusual Files
  • Unusual Processes and Services
  • Unusual Running Network Services
  • Unusual Network Activity
  • Unusual Automated Tasks
  • Unusual Log Entries
    • Analyzing Abnormal Activities in Linux-based Systems
  • Unusual User Accounts
  • Unusual Files
  • Unusual Running Network Services
  • Unusual Network Activity
  • Unusual Log Entries
  • Unusual Processes
    • Viewing and Analyzing Linux Syslog using Solarwinds Loggly
  • Containment of Inappropriate Usage Incidents
  • Eradication of Inappropriate Usage Incidents
  • Recovery after Inappropriate Usage Incidents
  • Understand the Handling of Denial-of-Service Incidents
    • Indicators of DoS/DDoS Incidents
      • DoS/DDoS Attacks Targeting a Host
      • DoS/DDoS Attacks Targeting Operating Systems
      • DoS/DDoS Attacks Targeting Network Services
      • DoS/DDoS Attacks Targeting System Applications
    • Detecting DoS/DDoS Incidents
      • Activity Profiling
      • Sequential Change-point Detection
      • Wavelet-based Signal Analysis
      • Detection by Analyzing Network Connections
      • Detection by Analyzing Non-responding Applications
      • Detection by Analyzing Network Traffic using Wireshark
      • Other Detection Techniques
      • Tools for Detecting DoS/DDoS Incidents
    • Containment of DoS/DDoS Incidents
      • Absorb Attacks
      • Divert Traffic
      • Degrade Services
      • Block Attacks
      • Shutdown Services
      • Load Balancing
      • Throttling
      • Drop Requests
    • Post-attack Forensics
      • Traffic Pattern Analysis
      • Packet Traceback
      • Event Log Analysis
    • Eradicating DoS/DDoS Incidents
      • Blocking Potential Attacks
    • Egress Filtering
    • Ingress Filtering
    • TCP Intercept
    • Rate Limiting
      • Disabling Botnets
    • RFC 3704 Filtering
    • Black-hole Filtering
    • DDoS Prevention Offerings from ISP or DDoS Service
      • Neutralizing Handlers
    • Network Traffic Analysis
    • Neutralize Botnet Handlers
    • Spoofed Source Address
    • Recovery after DoS/DDoS Incidents
    Understand the Handling of Wireless Network Security Incidents
    • Preparation for Handling Wireless Network Security Incidents
    • Indicators of Wireless Network Security Incidents
    • Detecting Wireless Network Security Incidents
      • Access Point Monitoring
      • Wireless Client Monitoring
      • General Wireless Traffic Monitoring
    • Containment of Wireless Network Security Incidents
    • Eradication of Wireless Network Security Incidents
    • Recovery after Wireless Network Security Incidents
    Understand the Handling of Network Security Incidents - Case Study
    • Handling DDoS Attacks on Google Cloud
    Describe Best Practices against Network Security Incidents
    • Best Practices against Network Security Incidents
    • Best Practices against DoS/DDoS Incidents
      • DoS/DDoS Recommendations
    • Protect Secondary Victims
    • Individual Users
    • Network Service Providers
    • Best Practices against Wireless Network Security Incidents
    • Tools for Detecting Missing Security Patches
    • DoS/DDoS Protection Tools
    • Network Security Tools
    Module 07: Handling and Responding to Web Application Security Incidents Understand the Handling of Web Application Incidents
    • Introduction to Web Application Incident Handling
    • OWASP Top 10 Application Security Risks – 2021
    Explain Preparation for Handling Web Application Security Incidents
    • Preparation Steps to Handle Web Application Security Incidents
    • Deploying WAF
    • Deploying SIEM Solutions
    Understand Detection and Containment of Web Application Security Incidents
    • Indicators of Web Application Security Incidents
    • Detecting Web Incidents
    • Tools for Detecting Web Application Security Incidents
    • Containment of Web Application Security Incidents
    • Containment Methods
      • Whitelisting/Blacklisting
      • Web Content Filtering
      • Proxy Servers
    • Containment Tools
      • Whitelisting/Blacklisting Tools
      • Web Content Filtering Tools
      • Web Proxy Tools
    Explain Analysis of Web Application Security Incidents
    • Analyzing Web Incidents
      • Manual Analysis
    • SQL Injection
    • Using Regex - SQL Injection
    • XSS Attacks
    • Using Regex - XSS Attacks
    • Directory Traversal Attacks
    • Using Regex - Directory Traversal Attacks
    • Dictionary Attacks
    • Stored Cross-site Script Attacks
    • DoS/DDoS Attacks
    • Potentially Malicious Elements within HTML
    • Malicious Elements in Common Web File Types
    • RFI Attacks
    • Using URLs Containing IP Addresses
    • Using PHP Functions
    • Using URLs with an Appended Question Mark(s)
    • Using Off-site URLs
    • LFI Attacks
    • Watering Hole Attacks
    • Analyzing Web Server Content
    • Log Analysis Tools
    Understand Eradication of Web Application Security Incidents
    • Eradication of Web Application Security Incidents
    • Eradicating Broken Access Control Attacks
    • Eradicating Cryptographic Failures/Sensitive Data Exposure Attacks
    • Eradicating Injection Attacks
      • SQL Injection Attacks
      • Command Injection Attacks
      • File Injection Attacks
    • Eradicating Insecure Design Attacks
    • Eradicating Security Misconfiguration Attacks
    • Eradicating Attacks due to Vulnerable and Outdated Components
    • Eradicating Attacks due to Identification and Authentication Failures
    • Eradicating Attacks due to Software and Data Integrity Failures
    • Eradicating Attacks due to Security Logging and Monitoring Failures
    • Eradicating Server-side Request Forgery Attacks
    • Eradicating XSS Attacks
    • Eradicating Directory Traversal Attacks
    • Eradicating DoS/DDoS Attacks
    • Eradicating Watering Hole Attacks
    • Implement Encoding Schemes
      • Types of Encoding Schemes
    • URL Encoding
    • HTML Encoding
    • Unicode Encoding
    • Base64 Encoding
    • Hex Encoding
      • Eradicate XSS Attacks using HTML Encoding
      • Eradicate SQL Injection Attacks using Hex Encoding
    Explain Recovery after Web Application Security Incidents
    • Recovery after Web Application Incidents
    • Tools to Recover from Web Application Incidents
      • ApexSQL Log
      • CrowdStrike Falcon™ Orchestrator
      • SysTools SQL Recovery
    Understand the Handling of Web Application Security Incidents - Case Study
    • Handling GoDaddy Data Breach
    Describe Best Practices for Securing Web Applications
    • Best Web Application Coding Practices
    • Web Application Fuzz Testing
      • Fuzz Testing Steps
      • Fuzz Testing Strategies o Fuzz Testing Scenario o Fuzz Testing Tools
    • Source Code Review
      • Manual Code Review
      • Automated Code Review
    • Web Application Security Testing Tools
    Module 08: Handling and Responding to Cloud Security Incidents Understand the Handling of Cloud Security Incidents
    • Introduction to Cloud Computing
      • Characteristics of Cloud Computing
      • Limitations of cloud computing
    • Separation of Responsibilities in Cloud
    • Cloud Service Providers
    • OWASP Top 10 Cloud Security Risks
    • Handling Cloud Security Incidents
    • Incident Handling Responsibilities in Cloud
    • Challenges in Cloud Security Incident Handling and Response
      • Architecture and Identification
      • Data Collection
      • Logs
      • Analysis
      • Legal
    • Challenges in Cloud Forensics
    • Organizational Issues in Cloud Security Incident Handling
    Explain Various Steps Involved in Handling Cloud Security Incidents
    • Preparation Steps to Handle Cloud Security Incidents
      • Preparation Steps for CSPs
      • Preparation Steps for CCs
    • Detecting and Analyzing Cloud Security Incidents
      • Indicators of Cloud Security Incidents
      • Detecting Cloud Security Incidents
    • Network-related Incidents
    • Storage-related Incidents
    • Server-related Incidents
    • Virtualization-related Incidents
    • Application-related Incidents
      • Detecting Cloud Security Incidents using Falco
      • Evidence Data Concerns
      • Cloud-based Log Analysis Tools
      • Tools for Detecting Cloud Security Incidents
    • Containment of Cloud Security Incidents
      • Containment Tools for Cloud Security Incidents
    • Eradication of Cloud Security Incidents
    • Recovery after Cloud Security Incidents
    Understand How to Handle Azure Security Incidents
    • Preparation Steps to Handle Azure Security Incidents
    • Detecting and Analyzing Azure Security Incidents
      • Indicators of Azure Security Incidents
    • Indicators of Windows-based Azure Security Incidents
    • Indicators of Linux-based Azure Security Incidents
    • Indicators of Azure App Service-based Security Incidents
    • Indicators of Azure Container-based Security Incidents
    • Indicators of Azure SQL Database Security Incidents
    • Indicators of Azure Resource Manager Security Incidents
    • Indicators of Azure Storage Security Incidents
      • Detecting and Responding to Security Threats Using Microsoft Azure Sentinel
      • Investigating Incidents using Microsoft Azure Sentinel
      • Analyzing Azure Monitor Logs
      • Detecting Brute-force Attacks using Microsoft Azure Sentinel
      • Managing and Responding to Security Alerts in Microsoft Defender for Cloud
    • Containment of Azure Security Incidents
    • Eradication of Azure Security Incidents
    • Recovery after Azure Security Incidents
    • Azure Incident Response Tools
    • Azure Security Tools
    • Best Practices against Azure Security Incidents
    Understand How to Handle AWS Security Incidents
    • Preparation Steps to Handle AWS Security Incidents
      • Prepare People
      • Prepare Technology
      • Prepare Processes
    • Detecting and Analyzing AWS Security Incidents
      • Indicators of AWS Security Incidents
      • Forensic Disk Collection in AWS
      • Responding to Service and Infrastructure Domain Incidents
    • Service Domain Incidents
    • Infrastructure Domain Incidents
      • Investigating AWS CloudTrail for IAM-based Incidents
    • Using AWS Console
    • Using AWS CLI
      • Investigating Amazon VPC Flow Logs using AWS Management Console
      • Analyzing Amazon CloudWatch Logs
      • Detecting and Analyzing AWS Security Incidents using GuardDuty
      • Automating Incident Response using AWS Systems Manager Incident Manager
    • Containment of AWS Security Incidents
      • Basic Containment
      • Security Group Level Containment
      • Subnet and VPC-Level Containment
    • Eradication of AWS Security Incidents
    • Remediating Security Incidents Discovered by GuardDuty
    • Recovery after AWS Security Incidents
      • Backup and Restore
      • Pilot Light
      • Warm Standby
      • Multi-site Active/Active
    • Recovery after AWS Security Incidents using CloudEndure Disaster Recovery
    • Best Practices against AWS Security Incidents
      • Basic AWS Security Practices
      • AWS Infrastructure Security Practices
      • AWS Financial Services Security Practices
      • AWS Security Hub Practices
      • AWS Security Groups Practices
      • AWS Backup Data Practices
    • AWS Security Tools
    Understand How to Handle Google Cloud Security Incidents
    • Preparation Steps to Handle Google Cloud Security Incidents
    • Detecting and Analyzing Google Cloud Security Incidents
      • Indicators of Google Cloud Security Incidents
      • Investigating and Responding to Google Cloud Security Incidents
    • Detecting Access Attempts from Anonymous Proxy
    • Detecting BigQuery Data Exfiltration
    • Detecting Brute Force: SSH
    • Detecting Malware
    • Detecting Persistent Anomalous IAM Grants
      • Analyzing Google Workspace Logs using Filters
      • Analyzing Log Data using Google Cloud Log Analytics
      • Detecting and Responding to Container Security Incidents
    • Malicious Script Executed
    • Reverse Shell
      • Detecting and Responding to VM-based Security Incidents
    • Execution: Cryptocurrency Mining Hash Match
    • Execution: Cryptocurrency Mining YARA Rule
    • Containment of Google Cloud Security Incidents
      • Containment of Compromised Google Cloud Credentials
    • Eradication of Google Cloud Security Incidents
      • Eradicating Google Kubernetes Engine Security Incidents
    • Recovery after Google Cloud Security Incidents
    • Best Practices against Google Cloud Security Incidents
    • Google Cloud Security Tools
    Understand the Handling of Cloud Security Incidents - Case Study
    • Handling Kaseya VSA Ransomware Security Incident
    Explain Best Practices against Cloud Security Incidents
    • Best Practices against Cloud Security Incidents
    • CSA Best Practices for Cloud Security
    • Cloud Security is the Responsibility of Cloud Provider and Consumer
    • FedRAMP Compliance and Baseline Security Controls
    • Cloud Security Tools
    Module 09: Handling and Responding to Insider Threats Understand the Handling of Insider Threats
    • Insider Threats
    • Types of Insider Threats
      • Malicious Insider
      • Negligent Insider
      • Professional Insider
      • Compromised Insider
      • Accidental Insider
    • Driving Force behind Insider Attacks
    • Common Attacks Performed by Insiders
    • Importance of Handling Insider Attacks
    Explain Preparation Steps for Handling Insider Threats
    • Preparation Steps to Handle Insider Threats
    Understand Detection and Containment of Insider Threats
    • Indicators of Insider Threats
    • Detecting Insider Threats
      • Mole Detection
      • Profiling
      • Behavioral Analysis
      • Behavioral Analysis Tools
      • Detecting Insider Threats Using Firewall Analyzer
      • Insider Threat Detection Tools
    • Containment of Insider Threats
    Explain Analysis of Insider Threats
    • Log Analysis
    • Network Analysis
      • Detecting Malicious Telnet Connections
      • Detecting Malicious FTP Connections
      • Detecting Malicious HTTP Exfiltration
      • Detecting Data Exfiltration
    • System Analysis
      • Search for Removable Media
      • Search for Browser Data
    • Database Analysis
      • Examine Microsoft SQL Server Logs
      • Collect Volatile Database Data
      • Using DBCC LOG Command
      • Database Analysis Tools
    • Physical Security Analysis
    Understand Eradication of Insider Threats
    • Eradicating Insider Threats
      • Human Resources o Network Security o Access Controls
      • Privileged Users
      • Audit Trails and Log Monitoring
      • Physical Security
    Understand the Process of Recovery after Insider Attacks
    • Recovery after Insider Attacks
    Understand the Handling of Insider Threats - Case Study
    • Case Study 1: Ubiquiti Data Breach
    • Case Study 2: Stradis Healthcare Incident
    Describe Best Practices against Insider Threats
    • Best Practices against Insider Threats
    • Insider Threat Prevention Tools
    Module 10: Handling and Responding to Endpoint Security Incidents Understand the Handling of Endpoint Security Incidents
    • Introduction to Endpoint Security Incident Handling
      • Need for Endpoint Security Incident Handling
    • Common Endpoint Security Incidents
      • Mobile-based Security Incidents
      • IoT-based Security Incidents
      • OT-based Security Incidents
    Explain the Handling of Mobile-based Security Incidents
    • Introduction to Handling Mobile-based Security Incidents
    • OWASP Top 10 Mobile Risks
    • Preparation Steps for Handling Mobile-based Security Incidents
      • Preparation of Mobile-based Incident Handling Toolkit
    • Detecting Mobile-based Security Incidents
      • Indicators of Mobile-based Incidents
      • Investigating Mobile-based Incidents using Mobile Verification Toolkit (MVT)
      • Capturing and Analyzing Android Network Traffic using Wireshark
      • Capturing and Analyzing iOS Network Traffic using Wireshark
      • Analyzing iOS Network Traffic using Network Analyzer Pro
      • Analyzing Android Logs
      • Android-based Log Analysis Tools
      • iOS-based Log Analysis Tools
    • Containment of Mobile-based Security Incidents
    • Eradication of Mobile-based Security Incidents
    • Recovery after Mobile-based Security Incidents
    • Best Practices against Mobile-based Security Incidents
      • Best Practices for Securing Android Devices
      • Best Practices for Security iOS Devices
    • Android Security Tools
    • iOS Security Tools
    Explain the Handling of IoT-based Security Incidents
    • Introduction to Handling IoT-based Security Incidents
    • OWASP Top 10 IoT Threats
    • Preparation Steps for Handling IoT-based Security Incidents
      • Preparation of IoT-based Incident Handling Toolkit
    • Detecting IoT-based Security Incidents
      • Indicators of IoT-based Incidents
      • Detecting IoT Security Incidents using Microsoft Sentinel
      • Analyzing IoT Network Traffic using Foren6
      • IoT-based Log Analysis Tools
    • Containment of IoT-based Security Incidents
    • Eradication of IoT-based Security Incidents
    • Recovery after IoT-based Security Incidents
    • Best Practices against IoT-based Security Incidents
      • Best Practices for IoT Hardware Security
      • IoT Security Tools
    Explain the Handling of OT-based Security Incidents
    • Introduction to Handling OT-based Security Incidents
    • Preparation Steps for Handling OT-based Incidents
      • Preparation of OT-based Incident Handling Toolkit
    • Detecting OT-based Security Incidents
      • OT-based Incident Response with MITRE ATT&CK® for ICS
      • Indicators of OT-based Incidents
      • Detecting Network Traffic Anomalies in ICS Networks
      • Passive Discovery and Analysis of OT Networks with LogRhythm
      • Analyzing IIoT Traffic using NetworkMiner
      • Analyzing Modbus/TCP Traffic using Wireshark
      • Acquiring Evidence during OT Incident Response
      • OT-based Log Analysis Tools
    • Containment of OT-based Security Incidents
    • Eradication of OT-based Security Incidents
    • Recovery after OT-based Security Incidents
      • Roles Involved in Recovery Task
    • Best Practices against OT-based Security Incidents
      • Best Practices for OT Hardware Security
      • OT Security Tools
    Understand the Handling of Endpoint Security Incidents - Case Study
    • Handling BotenaGo Malware Incident on LILIN Security Camera DVR Devices
    2023 Top 20 Training Industry Company - IT Training

    Need Help?

    Call us at 877-206-0106 or e-mail us at info@learnquest.com

    Personalized Solutions

    Need a personalized solution for your Training? Contact us, and one of our training advisors will help you find the best solution.

    Contact Us

    Need Help?

    Do you have a question about the courses, instruction, or materials covered? Do you need help finding which course is best for you? We are here to help!

    Talk to us

    20% Off All Project Management Training Courses

    Maximize project efficiency and profitability across the board.

    PROMO CODE: PROJECT20
    VALID THROUGH JUNE 30, 2024

    20% Off All AI Training Courses

    IBM TechXchange Conference 2024

    October 21-24 | Mandalay Bay, Las Vegas

    Save $127 with Code: TECHXCHANGE10

    Offer Expires June 30, 2024

    Self-Paced Training Info

    Learn at your own pace with anytime, anywhere training

    • Same in-demand topics as instructor-led public and private classes.
    • Standalone learning or supplemental reinforcement.
    • e-Learning content varies by course and technology.
    • View the Self-Paced version of this outline and what is included in the SPVC course.
    • Learn more about e-Learning

    Course Added To Shopping Cart

    bla

    bla

    bla

    bla

    bla

    bla

    Self-Paced Training Terms & Conditions

    ??spvc-wbt-warning??
    ??group-training-form-area??
    ??how-can-we-help-you-area??
    ??personalized-form-area??
    ??request-quote-area??

    Sorry, there are no classes that meet your criteria.

    Please contact us to schedule a class.
    Close

    self-paced
    STOP! Before You Leave

    Save 0% on this course!

    Take advantage of our online-only offer & save 0% on any course !

    Promo Code skip0 will be applied to your registration

    Close
    Nothing yet
    here's the message from the cart

    To view the cart, you can click "View Cart" on the right side of the heading on each page
    Add to cart clicker.

    Purchase Information

    ??elearning-coursenumber?? ??coursename??
    View Cart

    Need more Information?

    Speak with our training specialists to continue your learning journey.

     

    Delivery Formats

    Close

    By submitting this form, I agree to LearnQuest's Terms and Conditions

    heres the new schedule
    This website uses third-party profiling cookies to provide services in line with the preferences you reveal while browsing the Website. By continuing to browse this Website, you consent to the use of these cookies. If you wish to object such processing, please read the instructions described in our Privacy Policy.
    Your use of this LearnQuest site affirms your consent to our use of session and persistent cookies to track how you use our website.