Cyber Security Courses

  1. Home
  2. Cyber Security Courses
  3. Dragon-Net Incident Response Workshop

Dragon-Net Incident Response Workshop

In this workshop, students will learn and hone their incident detection and response skills against procedurally-generated computer networks and adversaries. Every workshop is unique and offers new and unique learnings to returning participants. Throughout the workshop, Mossé Security’s instructors will facilitate, teach, and help students identify and remediate security breaches within the networks.

Students will be able to use the lessons learned and the skills acquired from the workshop immediately upon returning to work at their own organizations.

How Does It Work?

Students connect to Mossé Security’s cloud environment and are provided with administrative access onto all machines in the network(s). The goal here is to hunt for compromised systems, respond to the breaches, remove the adversaries from the network, and hack them back.

Mossé Security facilitators will ensure the workshop optimally provides students with ample opportunity to make the most of the students' time. We will also offer tips and tricks throughout the event, assisting beginner students when necessary.

Overview

Workshop Outcome:

Through a guided, hands-on experience, you will learn from this workshop from exposure to the following:

  • Work as a team to respond to security incidents
  • Communicate clearly and effectively for incident management
  • Triage alerts and identify events that require immediate attention
  • Test and automate incident detection techniques
  • Reverse engineer procedurally generated malware
  • Contain and recover from security breaches
  • Analyse adversary infrastructure and hack them back

Workshop Format and Complexity

  • Basic Level: 5 to 10 machines, 1 or 2 adversary groups
  • Moderate Level: 25 to 60 machines, 2 to 4 adversary groups
  • Complex: +250 machines, +10 adversary groups

Intended Audience

Incident responders, security engineers, forensics analysts and security managers. The course is also suitable for Red Teamers and penetration testers looking to learn from defensive techniques employed by Blue Teamers and defenders.

Instructor(s):

This course is taught by experienced Mossé Security’s instructors. Our instructors have over 10 years of experience delivering penetration testing, red teaming and incident response services for a multitude of industries that have involved complex and multi-faceted approaches. Our instructors each possess the right balance of corporate experience and are competently skilled in presenting and teaching to groups.

Beyond their technical abilities and years of professional experience, our instructors are also trained teachers and public speakers. Their manner of teaching easily conveys their passion for computer security to every one of our students.

Course Outline

This workshop is a time-boxed event where the participants attempt to achieve the best results within a pre-set time limit.

Incident Preparation

  • Establishing a baseline
  • Create traps to be triggered by intruders
  • Backup information

Incident Discovery

  • Events triage and analysis
  • Automation for incident detection activities

Crisis Management

  • Leadership crisis strategies
  • Defining the organization’s stance on the breach(es)
  • Communicating with employees and senior management
  • Communicating with 3rd parties
  • Preparing a reparation strategy

Containment and Isolation

  • Determine the scope of the breach
  • Predict potential future victims
  • Isolate the incident to prevent spreading to healthy systems

Eradication

  • Determine the origin of the incident(s)
  • Remove backdoors from compromised systems
  • Devise strategies and tactics to prevent adversaries from coming back

Recovery and Improvement

  • Restore compromised systems to their original state
  • Perform post-incident analysis
  • Update the incident detection and response playbooks
  • Report to senior management

Offensive Countermeasures

  • Reverse engineering malware toolsets
  • Analysing command and control infrastructure
  • Producing threat intelligence
  • Hacking back the adversaries

Enrollment & Fees

Fees

  • Fees are dependant on the size and complexity of the workshop on offer.

Terms and Conditions

  • Payment is made via our booking system or by contacting us to receive an invoice.
  • Payment is required at the time of booking.
  • Cancellation notifications within 14 days of the course's start date are not eligible for refund.
  • Cancellations received between 15 and 28 days prior to course commencement will be charged 50% of the course fee.
  • Students are allowed 1 reschedule per class. Transfers received between 15 – 28 days prior to course commencement will be charged a $300 (incl GST) administrative fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
  • Transfers received 14 days or less prior to course commencement will be charged 50% of the course fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
  • Payment must be made in full prior to any rescheduling.
  • Student substitutions can be made in writing 48 hours prior to a class start.
  • If a student does not attend a scheduled session, there will be no refund or reschedule given. Payment is forfeited. Mossé Security reserves the right to cancel a course and will endeavour to provide participants with as much notice as possible. Upon cancellation, any fees already paid by the participant will be refunded.

Requirements

Technical Requirement

You will need to install a VPN software on your training laptop. This will allow you to access the training environment in the cloud.

On Windows, you will install OpenVPN. On OSX or Linux, it will be Tunnelblick.

MCSI will provide you a step-by-step guide to test your VPN connection ahead of the workshop.

Career Outcomes

Students will be able to use the lessons learned and the skills acquired from the workshop immediately upon returning to work at their own organizations.

Certification Detail

NOTIFY ME

Notify me when this course is offered next

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.