Incident Response Package

This package includes access to all CYRIN Incident Response category labs for a period of one year. Access includes CYRIN's existing catalog of Incident Response lab courses as well as newly-created Incident Response labs during the access period.

You’ve been hacked, or even only suspect you’ve been hacked. Now what?

Labs in this category guide you through approaches to addressing and managing the aftermath of an attack or security breach. You’ll get to experience actual attacks, within a controlled environment, so that the first time you see ransomware isn’t on your critical systems.

The labs in this category focus on the technical aspects of incident response, mitigation, and recovery, versus site-specific organizational policies or procedures.

Questions about which lab is right for you? Enquire by the form below.

DoS Attacks and Defenses
This lab teaches three different Denial of Service attacks and techniques to mitigate them:

1.A TCP SYN Flood attack that exploits a weakness in the design of the TCP transport protocol,
2.A slow HTTP attack called Slowloris that takes advantage of how HTTP servers work,
3. A DNS amplification attack that exploits misconfigured DNS servers, of which there are plenty on the Internet.

Prerequisites

• Familiarity with the Unix/Linux command line.
• Basic web application knowledge (HTTP, URL parameters, etc.)
• Basic networking concepts (TCP/IP, DNS, etc.)

Expected Duration
2 hours, self-paced. Pause and continue at any time.

2 CPEs awarded on successful completion.

The course is also available as part of the CYRIN Incident Response Package as well as the CYRIN Cyber Range All Access Package.

Protocol Analysis I: Wireshark Basics
Where do you begin in network traffic analysis? Learn the process for examining a live or pre-recorded packet capture file using graphical tools such as Wireshark. Is there malicious activity? Learn to think like an attacker, going through the same methods the attacker would, to assess whether what you're seeing is "normal" or signs of an attack. At the same time, students will run basic network scans using nmap, while seeing how they appear in Wireshark. Finally, students will analyze packet traces indicative of HTTP-based attacks.

Prerequisites

• Basic familiarity with TCP/IP networking (advanced knowledge not required).
• Familiarity with how to use the command line in Linux/Unix systems.

Expected Duration
2 hours, self-paced. Pause and continue at any time.

2 CPEs awarded on successful completion.

The course is also available as part of the CYRIN Incident Response Package as well as the CYRIN Cyber Range All Access Package.

Handling Potential Malware
Students will learn to use the Cuckoo sandbox to determine if an executable or document is potential malware. If the executable is packed (compressed), they will learn to use a debugger to unpack it.

Prerequisites

• Basic knowledge of computer architecture and assembly language

Expected Duration
2 hours, self-paced. Pause and continue at any time.

2 CPEs awarded on successful completion.

This lab is also available as part of the CYRIN Incident Response Package as well as the CYRIN Cyber Range All Access Package.