sans.org/sec504 • Watch a preview of this course • Discover how to take this course: Online, In-Person SEC504: Hacker Tools, Techniques, and Incident Handling The goal of modern cloud and on-premises systems is to prevent compromise, but the reality is that detection and response are critical. Keeping your organization out of the breach headlines depends on how well incidents are handled to minimize loss to the company. In SEC504, you will learn how to apply a dynamic approach to incident response. Using indicators of compromise, you will practice the steps to effectively respond to breaches affecting Windows, Linux, and cloud platforms. You will be able to take the skills and hands-on experience gained in the course back to the office and apply them immediately. A big focus in SEC504 is applying what you learn with hands-on exercises: 50% of the course is hands-on where you will attack, defend, and assess the damage done by threat actors. You will work with complex network environments, real-world host platforms and applications, and complex data sets that mirror the kind of work you may be asked to do. You never lose access to the lab exercises, and they can be repeated as often as you like. All lab exercises come with detailed walkthrough video content to help reinforce the learning concepts in the course. Understanding the steps to effectively conduct incident response is only one part of the equation. To fully grasp the actions attackers take against an organization, from initial compromise to internal network pivoting, you also need to understand their tools and techniques. In the hands-on environment provided by SEC504, you will use the tools of the attackers themselves in order to understand how they are applied and the artifacts the attackers leave behind. By getting into the mindset of attackers, you will learn how they apply their trade against your organization, and you will be able to use that insight to anticipate their moves and build better defenses. Author Statement “Attacker tools and techniques have changed, and we need to change our incident response techniques to match. Since I took over as author of SEC504 in 2019, I have rewritten the entire course to give you the skills you need to succeed at incident response. Whether the attacks are Windows-focused or involve attacking critical database platforms or exploiting cloud vulnerabilities, you’ll be prepared to effectively identify the attack, minimize the impact, and respond efficiently. With your knowledge of hacker tools and techniques, and by using defense skills that dramatically improve security, you will be ready to become the subject-matter expert your organization needs to meet today’s cyber threats.” —Joshua Wright You Will Learn • How to apply a dynamic approach to incident response • How to identify threats using host, network, and log analysis • Best practices for effective cloud incident response • Cyber investigation processes using live analysis, network insight, and memory forensics • Defense spotlight strategies to protect critical assets • Attacker techniques to evade endpoint detection tools • How attackers exploit complex cloud vulnerabilities • Attacker steps for internal discovery and lateral movement after an initial compromise • The most effective attacks to bypass system access controls • The crafty techniques attackers use, and how to stop them What you will receive • Unlimited access to all hands-on exercises that never expires • Printed and electronic course books and a hands-on workbook • MP3 audio files of the entire course • Perpetual access to all hands-on lab exercises • Detailed video walkthroughs for all lab exercises • Visual association maps to break down complex material • A digital index for quick-reference to all material • Bonus content and hands-on exercises to develop your skills beyond the course • Essential cheat sheets for tools and complex analysis tasks 6 Day Program 38 CPEs Laptop Required GCIH Incident Handler giac.org/gcih “ SEC504 is a great class overall that is perfect for pen testers and defenders alike. It has greatly helped me understand how attackers think, how they gather information, and how they maintain and gain control of systems.” —Evan Brunk, Acuity Insurance “ Great content! As a developer it is extremely useful to understand exploits and how better coding practices help your security position.” —Alex Colclough, Clayton Homes
