SEC504: SANS London September 2025

Provided by

Enquire about this course

What You Will Learn

The goal of modern cloud and on-premises systems is to prevent compromise, but the reality is that detection and response are critical. Keeping your organization out of the breach headlines depends on how well incidents are handled to minimize loss to the company.

In SEC504, you will learn how to apply a dynamic approach to incident response. Using indicators of compromise, you will practice the steps to effectively respond to breaches affecting Windows, Linux, and cloud platforms. You will be able to take the skills and hands-on experience gained in the course back to the office and apply them immediately.

A big focus in SEC504 is applying what you learn with hands-on exercises: 50% of the course is hands-on where you will attack, defend, and assess the damage done by threat actors. You will work with complex network environments, real-world host platforms and applications, and complex data sets that mirror the kind of work you may be asked to do. You never lose access to the lab exercises, and they can be repeated as often as you like. All lab exercises come with detailed walkthrough video content to help reinforce the learning concepts in the course.

Understanding the steps to effectively conduct incident response is only one part of the equation. To fully grasp the actions attackers take against an organization you also need to understand their tools and techniques. In the hands-on environment provided by SEC504, you will use same tools attackers use to understand how they are applied and the artifacts they leave behind. By getting into the mindset of attackers, you will learn how they apply their tactics, techniques, and procedures against your organization, and you will be able to use that insight to anticipate their moves and build better defenses.
Business Takeaways
  • Apply a dynamic approach to incident response
  • Identify threats using host, network, and log analysis
  • Best practices for effective cloud incident response
  • Leverage PowerShell for data collection and cyber threat analysis
  • Cyber investigation processes using live analysis, network insight, memory forensics, and malware reverse engineering
  • How to accelerate your incident response using generative AI systems
  • Defense spotlight strategies to protect critical assets
  • How attackers leverage cloud systems against organizations
  • Attacker techniques to evade endpoint detection tools including EDR and XDR platforms
  • Attacker steps for internal discovery and lateral movement after an initial compromise
  • How attackers exploit publicly-accessible systems including Microsoft 365
You Will Be Able To

At the completion of SEC504 you will be able to:
  • Effectively respond to an incident in your organization in order to limit damage
  • Evaluate the evidence in a breach in order to identify the extent of the compromise
  • Identify shadow cloud systems and other threats that can expose your organization
  • Use attack tools against cloud and on-premises systems to assess your exposure
  • Apply effective defenses that significantly improve security and stop attacks
  • Test security defense tools to evaluate their effectiveness
  • Develop threat intelligence by assessing attacker tools and techniques
You Will Receive With This Course
  • Unlimited access to all hands-on exercises that never expires
  • Printed and electronic course books and a hands-on workbook
  • MP3 audio files of the entire course
  • Perpetual access to all hands-on lab exercises
  • Detailed video walkthroughs for all lab exercises
  • Visual association maps to break down complex material
  • A digital index for quick-reference to all material
  • Bonus content and hands-on exercises to develop your skills beyond the course
  • Essential cheat sheets for tools and complex analysis tasks

Enquire

Start date Location / delivery
08 Sep 2025 London Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...