Students will learn the incident response process, from building an incident response kit and developing an incident response team, to identifying, containing, and recovering from incidents. We then steer away from a traditional “defensive-only” approach and students are introduced to the attacker’s world. We cover basic information on reconnaissance, scanning and enumeration, attacks and maintaining persistence, evading antivirus, and maintaining stealth.
Dave starts by walking students through pre-incident planning and developing an incident response team. He then walks students through the management of incidents, including identification, containment, and eradication. Students then learn proper methods for recovering from incidents. Ken then pivots students into topics, like Whois, Maltego, FOCA, and OSINT. Continuing the journey on the offensive side of things, students learn about scanning with NMAP and get some hands-on experience in a lab. Students then learn about different attack types, ways to maintain persistence, evasion techniques, and how to be stealthier using techniques like Ghostwriting. Dave then wraps up the by teaching students the basics of memory analysis.