Introduction

This module is about detecting, investigating, responding to, and recovering from computer security incidents, as well as the closely related matter of the management of information security. By the end of this module you will better relate to the mantra “security is a process, not a product”. It takes some problem solving to identify that a system has been compromised, investigate the cause and source of an attack, respond appropriately, and restore systems to a “secure” state. Prepare to meet Hackerbot.

Summary

This module will develop your knowledge and experience with security operations and incident management. You will learn security monitoring techniques to monitor networks and systems to detect signs of attack or compromise, methods for recovering and restoring from security breaches, and investigation methods to identify the specifics of what has occurred.

Your critical problem-solving skills will be developed through a series of technical challenges that require you to put theory into practice.

The labs include hands-on exercises and challenges facilitated by Hackerbot, focusing on aspects like integrity protection, detection, and management, as well as practical strategies for backups, intrusion detection systems (IDS), exfiltration detection, and both live and dead system analysis. Participants will gain practical skills in securing digital assets, detecting unauthorized changes, creating reliable backups, configuring IDS systems, implementing data loss prevention measures, and conducting thorough forensic analysis in both live and offline scenarios. The labs also delve into security information and event management (SIEM) with a focus on Linux systems, providing a comprehensive overview of logging and SIEM concepts using tools like Elastic (ELK) Stack and Auditbeat.