CySec200: Incident Detection and Response against Ransomware Attacks Course

The course shall cover the complete life cycle of a Ransomware Attack (How it is generally launched) how to prepare against an incident, and carry out detection analysis. We make use of the ATT&CK MITRE Framework to apply tactics, and techniques for containment, eradication, and recovery.

• Lifecycle of Human-Operated Ransomware Attacks: Stages
• The Incident Response process - Prepare-Detect-Containment-Recovery cycle
• Relationship with Cyber Threat Intelligence
• Tactics-Techniques-Procedures: Unified Kill Chain
• Gaining initial access
• Executing malicious code
• Obtaining persistent access
• Escalating privileges
• Bypassing defences
• Accessing credentials
• Moving laterally
• Collecting and extracting data
• Deploying
• How to handle Incident Response
• Initial Investigation and Post-Exploitation Techniques

What You Will Learn
What is the threat landscape of modern-day ransomware and how to properly plan your incident response activities? We will take you through the evolution from traditional ransomware to human-oriented ransomware. After studying some case studies which provide us with the complete life cycle of Human-Operated Ransomware (HOR)

Hybrid Model curated content with:

• Hands-on experience with the uniform ransomware kill chain through practical lab exercises.
• Interactive Quizzes to evaluate learning outcomes
• Multi-Modal Digital Handbook
• Delivered by experienced Subject Matter Experts
• Domain Specification Case Studies

Who Should Attend:
This course is designed for :

• Cyber Security Analyst
• Cyber Security Practitioners
• Business professionals with a cybersecurity background
• Security leaders who want to build a security foundation for leading and building teams
• Operations Manager for running CSoC
• Cyber Security Managers
• Information security professionals who want to learn how to collect, parse, and analyze forensic artifacts in support of ransomware incident response
• Incident triage analysts employed in the Security Operations Center, Computer Incident Response Team, or Managed Services Provider (MSP), and Managed Security Services Providers (MSSPs) analysts
• Law enforcement agencies
• IT Staff who want to up-skill and become part of the Incident Response Team

Prerequisites

• A background in Incident Response (IR) is desired. This course is aimed at the incident responder who needs to respond to ransomware attacks. Thus, IR experience or at least alert triage experience such as one acquired within a SOC or CIRT is recommended.
• Experience in Windows Internal Artifacts and General knowledge of SIEM
• Basic familiarity with regular expressions

Mandatory Laptop Requirements

• CPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent.
• 8/16 GB RAM or more
• 200 GB of free storage space
• USB 3.0 Type-A port Wireless networking (802.11 standard) is required.

Business Takeaways
This course will help your organization:

• Develop leaders who know how to build a modern security program and operate it effectively
• Reduce business risks from ransomware attacks and threats
• Skills Learned will enable better management of cyber operations centers
• Make the Cyber Security respond to the incidents more proactively with better SLAs
• Understanding and analyzing risk enables leaders to manage and lead cyber security programs like Threat assessment against APTs and Targeted attacks
• Hands-on security Operations and Cyber Security Analysts are better alignment to carry out continuous monitoring resulting in hardened security of infrastructure
• Add-on skill for existing IT engineers to handle these threats better as part of CSIRT/CIRT members.

For any queries or further information related to our services, please feel free to contact us at info@qacamail.com or call us at +919599619392. We are here to assist you!