SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504: Hacker Tools, Techniques, and Incident Handling Training (GCIH)
SEC504 helps you develop the skills to conduct incident response investigations. You will learn how to apply a dynamic incident response process to evolving cyber threats, and how to develop threat intelligence to mount effective defense strategies for cloud and on-premises platforms. We’ll examine the latest threats to organizations, from watering hole attacks to cloud application service MFA bypass, enabling you to get into the mindset of attackers and anticipate their moves. 30+ Hands-on Labs
Training at a glance
Level
Beginner
Duration
6 Days
Experience
2 years: IT & Security
Average Salary
$104,616
Labs
Yes
Level
Beginner
Duration
6 Days
Experience
2 years: IT & Security
Average Salary
$104,616
Labs
Yes
Training Details
The goal of modern cloud and on-premises systems is to prevent compromise, but the reality is that detection and response are critical. Keeping your organization out of the breach headlines depends on how well incidents are handled to minimize loss to the company.
In SEC504, you will learn how to apply a dynamic approach to incident response. Using indicators of compromise, you will practice the steps to effectively respond to breaches affecting Windows, Linux, and cloud platforms. You will be able to take the skills and hands-on experience gained in the course back to the office and apply them immediately.
At the completion of SEC504 you will be able to:
- Effectively respond to an incident in your organization in order to limit damage
- Evaluate the evidence in a breach in order to identify the extent of the compromise
- Identify shadow cloud systems and other threats that can expose your organization
- Use attack tools against cloud and on-premises systems to assess your exposure
- Apply effective defenses that significantly improve security and stop attacks
- Test security defense tools to evaluate their effectiveness
- Develop threat intelligence by assessing attacker tools and techniques
Lesson 1: Incident Response and Cyber Investigations
Lesson 2: Recon, Scanning, and Enumeration Attacks
Lesson 3: Password and Access Attacks
Lesson 4: Public-Facing and Drive-By Attacks
Lesson 5: Evasion and Post-Exploitation Attacks
Lesson 6: Capture-the-Flag Event
Hands-On Cybersecurity Training
- Apply a dynamic approach to incident response
- Identify threats using host, network, and log analysis
- Best practices for effective cloud incident response
- Leverage PowerShell for data collection and cyber threat analysis
- Cyber investigation processes using live analysis, network insight, memory forensics, and malware reverse engineering
- How to accelerate your incident response using generative AI systems
- Defense spotlight strategies to protect critical assets
- How attackers leverage cloud systems against organizations
- Attacker techniques to evade endpoint detection tools including EDR and XDR platforms
- Attacker steps for internal discovery and lateral movement after an initial compromise
- How attackers exploit publicly-accessible systems including Microsoft 365
- Incident handlers
- Leaders of incident response teams
- System administrators who are on the front lines defending their systems and responding to attacks
- Other security personnel who are first responders when systems come under attack
- General security practitioners and security architects who want to design, build, and operate their systems to prevent, detect, and respond to attacks
NICE Framework Work Roles
- Technical Support Specialist (OPM 411)
- Systems Security Analyst (OPM 461)
- Privacy Officer/Privacy Compliance Manager (OPM 732)
- Cyber Instructional Curriculum Developer (OPM 711)
- Cyber Instructor (OP 712)
- Security Awareness & Communications Manager (OP 712)
- Information Systems Security Manager (OPM 722)
- IT Investment/Portfolio Manager (OPM 804)
- Cyber Defense Analyst (OPM 511)
- Cyber Defense Incident Responder (OPM 531)
- Adversary Emulation Specialist / Red Teamer (OPM 541)
- Threat/Warning Analyst (OPM 141)
- All-Source Analyst (OPM 111)
- Mission Assessment Specialist (OPM 112)
- Target Network Analyst (OPM 132)
- Cyber Intel Planner (OPM 331)
Before enrolling in SEC504, individuals should have a good grasp of basic networking concepts. This includes TCP/IP, subnets, and common protocols. This knowledge will help them understand the more advanced cybersecurity concepts in the course.
Students should also be comfortable working with command-line interfaces. They should have a basic understanding of scripting in languages like Python and PowerShell.
Individuals should also have good critical thinking skills. They need to be able to analyze and interpret data effectively. These skills are important for success in the SEC504 course.
These prerequisites will ensure that students are well-prepared to engage with the course material and benefit from the learning experience.
Depending on your current role or future plans, one of these courses is a great next step in your cybersecurity journey:
Monitoring & Dedection
- SEC503: Network Monitoring and Threat Detection In-Depth
- SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
Cyber Defense Operations:
- SEC450: Blue Team Fundamentals: Security Operations and Analysis
- SEC497: Practical Open-Source Intelligence (OSINT)
Other Advanced Defense Courses:
- SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
- SEC566: Implementing and Auditing CIS Controls
Upcoming Classes
We Offer More Than Just SANS Training
Our successful training results keep our corporate and military clients returning. That’s because we provide everything you need to succeed. This is true for all of our courses.
Strategic Planning & Project Management
From Lean Six Sigma to Project Management Institute Project Management Professional, Agile and SCRUM, we offer the best-in-class strategic planning and project management training available. Work closely with our seasoned multi-decade project managers.
IT & Cybersecurity
ATA is the leading OffSec and Hack the Box US training provider, and a CompTIA and EC-Council award-winning training partner. We offer the best offensive and defensive cyber training to keep your team ahead of the technology skills curve.
Leadership & Management
Let us teach your team the high-level traits and micro-level tools & strategies of effective 21st-century leadership. Empower your team to play to each others’ strengths, inspire others and build a culture that values communication, authenticity, and community.
