Before the course |
|
(W00) Course Instructions |
|
00:00:00 |
|
(W43M00) Course Introduction |
FREE |
00:00:00 |
Module 1 - Preparation Phase (Theory) |
|
(W43M01) Assessing potential security risks |
|
00:00:00 |
|
(W43M02) Accounting for human error |
|
00:00:00 |
|
(W43M03) Creating an Incident Response Plan |
|
00:00:00 |
|
(W43M04) Identifying High Value Targets |
|
00:00:00 |
|
(W43M05) Identifying the stakeholders |
|
00:00:00 |
|
(W43M06) Setting up incident response tooling |
|
00:00:00 |
|
(W43M07) Training Employees |
|
00:00:00 |
Module 1 - Preparation Phase (Practice) |
|
(W43M08) AccessEnum |
|
00:00:00 |
|
(W43M09) Autoruns |
|
00:00:00 |
|
(W43M10) Handles |
|
00:00:00 |
|
(W43M11) LogonSessions |
|
00:00:00 |
|
(W43M12) Process Explorer |
|
00:00:00 |
|
(W43M13) Process Monitor |
|
00:00:00 |
|
(W43M14) psexe |
|
00:00:00 |
|
(W43M15) Wireshark |
|
00:00:00 |
|
(W43A01) Sysinternals Suite |
30, 00:00 |
Module 2 (Theory) |
|
(W43M17) Identification Phase - Introduction |
|
00:00:00 |
|
(W43M18) How to identify a security incident |
|
00:00:00 |
|
(W43M19) Types of Security Incidents |
|
00:00:00 |
|
(W43M20) IOC |
|
00:00:00 |
|
(W43M21) Approaching Security Incidents |
|
00:00:00 |
|
(W43M22) Forensic Cases |
|
00:00:00 |
Module 2 (Practice) |
|
(W43M23) Cuckoo Sandbox |
|
00:00:00 |
|
(W43M24) Volatility - Part 1 |
|
00:00:00 |
|
(W43M25) Volatility Part 2 - grep |
|
00:00:00 |
|
(W43M26) Volatility Part 3 - dumps |
|
00:00:00 |
|
(W43A02) FTK imager, Volatility and strings |
30, 00:00 |
Module 3 (Theory) |
|
(W43M28) Containment and Quarantine |
|
00:00:00 |
|
(W43M29) How to use an IOC |
|
00:00:00 |
|
(W43M30) Documenting the incident |
|
00:00:00 |
|
(W43M31) Eradication and impact analysis |
|
00:00:00 |
|
(W43M32) Recover systems, data, and connectivity |
|
00:00:00 |
Module 3 (Practice) |
|
(W43M33) IOCEditor |
|
00:00:00 |
|
(W43M34) IOCFinder |
|
00:00:00 |
|
(W43M35) Redline |
|
00:00:00 |
|
(W43A03) IOC editor, IOC finder and Redline |
30, 00:00 |
Module 4 (Theory) |
|
(W43M37) Module Introduction |
|
00:00:00 |
|
(W43M38) Return to production state |
|
00:00:00 |
|
(W43M39) Vulnerability scans |
|
00:00:00 |
|
(W43M40) Conclusion Report |
|
00:00:00 |
|
(W43M41) Contacting relevant parties |
|
00:00:00 |
|
(W43M42) Review your process |
|
00:00:00 |
|
(W43M43) Attack Trends |
|
00:00:00 |
Module 4 (Practice & Final Exam) |
|
(W43A04) APT Research |
30, 00:00 |
|
(W43Q01) Final exam |
|
01:00:00 |