Through the user interactive labs the student will learn:
This course provides a professional who responds to issues from customers or internally to their own company, a set of tools and techniques to understand when ransomware is the issue, how to triage and handle its spread, then preserve evidence and clean up afterward.
The course is designed for those with an interest but no background in handling ransomware issues. It conveys the necessary concepts, principles and terms to lay down a solid foundation. If you have that requirement then it will serve your needs well.
The course is an introductory class on several tracks CDI offers for the professional starting out.
Date & Time
(Round Rock) Nov 27-30 Part A & B 8:30 AM – 5:00 PM CST
(Round Rock) Nov 27-28 Part A – 8:30 AM – 5:00 PM CST
(Round Rock) Nov 29-30 Part B – 8:30 AM – 5:00 PM CST
1205 Sam Bass Road, Suite 300
Round Rock, TX 78681
Course Outline – Part A
- Defining the Threat
- What they want
- How they will get it
- What they leave behind
- Threat Structure Components
- Attacker Core Steps
- Collection Methodologies
- White versus Red Information
- Internal Collection Targets
- External Collection Targets
- Connect data, add Context, set Confidence and Pivot (C3P)
- Visualize, Graph and Chart
- Geometry, Constellations, Twisting
- Structural iteration and linking
Course Outline – Part B
- Profiling, Research, Investigation, Analysis (PRIA)
- Pitfalls and Cautions
- Handling Bias
- Echo Effect
- Structured Analysis Techniques
- Strategies of Use
- Systemic & Meta-analysis
- Risk Signals and Indicators
- …for Market Verticalf
- …for an Organization
- …for Adversaries
- Core Step Identification
- Campaign Attribution
- Dimensions of Time
- Threats & Threat Corpus
- Profile and Order of Battle (OOB)
- Mapping TTPs
- Case Studies
- Individuals new to or desiring a better understanding of how to respond to ransomware.
- Professionals who deal with technical issues but feel they do not have enough background in ransomware and responding to solve its dilemma
- Technical professionals that need to be armed with greater knowledge of incident response, ransomware and their role in resolving it.
- Laptop required
- Requires basic knowledge of computers, technology and command line interface (CLI)
- Assume students can open and operate browsers, find and use the command line, execute scripts and open programs
- Requires knowledge of Linux
- Requires basic knowledge of Python
- Understanding of virtual machines (VM) and how to use one
- Assume students understand how to import and power on a VM
Why This Course?
- The course is designed for those with an interest in employing Threat Intelligence to deter, mitigate, and understand threats. It conveys the necessary concepts, principles, and terms to lay down a solid foundation. If you have that requirement then it will serve your needs well.
- The course is a ranged class that starts at an iintroductory level and proceeds into intermediate concepts.
Monty St John
Monty St John has been in the security world for more than two decades. When he is not responding to incidents he teaches classes in Threat Intelligence, Incident Response and Digital Forensics.
Certification of Completion