NUS ACE Logo

Incident Response Diving Into Cyber Defence

Date: TBA

Time: 9.00am – 5.00pm

Duration: 9 Days

Course Overview

Due to a rise in the number of cyber-attacks and as organisations become more dependent on well-functioning network services, there is a growing need for qualified cybersecurity professionals to be able to respond to suspicious incidents in the network, as well as investigate and understand security breaches and attackers’ activities in the network. These skills are crucial assets that organisations need today.

In the last module of the training, participants will continue learning how to conduct full investigations, as well as define sets of rules and alarms to identify potential attacks.

Participants will also learn to apply what they’ve learnt to real-life case studies based on national-level attacks.

Learning Outcomes

With a good comprehension of the SIEM system and IR investigation tools, cybersecurity analysts can then participate in full IR investigations. He/she will know how to perform any part of the technical investigation and how to write a summary report.

This course will teach the learner how to set rules and alerts based on all kinds of artifacts to monitor the organisation’s network and assets, as well as to identify potential cyber-attacks.

The course will teach learners on:

  • Obtaining a good understanding of using SIEM systems
  • Gaining practical experience in IR investigation tools, techniques and reports.
  • Knowing how to define a set of rules and alarms to identify potential attacks

Topic

  • SIEM systems (e.g. Splunk)
  • Powershell IR
  • Eventlog analysis
  • Sysmon
  • Splunk IR
  • IR storytelling
  • MFT analysis
  • Memory forensics
  • Sandboxes
  • Incident response reporting methodology
  • Yara
  • Malware analysis

Who Should Attend

  • Cyber Security Analyst, SOC/CIRT

Prerequisites

  • Python programming experience
  • Networking experience
  • Operating system experience
  • Network Forensics experience
  • Network PT experience
  • Linux experience

Insight from Instructor

“This course provides a comprehensive deep-dive into all aspects of incident response and is quintessential for all cyber practitioners who aspire to be incident responders (IR). Existing IR practitioners should also take this course to be acquainted with the latest best practices and techniques.

The participants will learn and practice setting alerts, monitoring and investigating using Splunk (as an example for SIEM system), get familiar with the different artifacts they will have to look for and analyze as sysmon logs, eventlogs, registry values and prefetch to understand the attackers TTPs and detect malwares, practice memory forensics to dissect suspicions activity. Finally, they will learn the art of IR storytelling (also known as storyboarding) – how to assemble an accurate timeline to a “full picture” of the incident, based on their findings (and also identify the gaps and by that, know what else is missing) and how to summarize the investigation into an IR report.”

Rony Munitz

Course Conveners

(Click their photos to view their short biographies)

eeeee Dvir Chikvashvili

Mr Dvir CHIKVASHVILIMr Dvir Chikvashvili

eeeee Gur Sharon

Mr Gur SHARONMr Gur Sharon

eeeee Rony Munitz

Mr Rony MUNITZMr Rony Munitz


eeeee Ron Suhodrev

Mr Ron SuhodrevMr Ron Suhodrev

eeeee Zhuang Weiliang

Mr ZHUANG WeiliangMr Zhuang Weiliang

Insight from Instructor

“This course provides a comprehensive deep-dive into all aspects of incident response and is quintessential for all cyber practitioners who aspire to be incident responders (IR). Existing IR practitioners should also take this course to be acquainted with the latest best practices and techniques.

The participants will learn and practice setting alerts, monitoring and investigating using Splunk (as an example for SIEM system), get familiar with the different artifacts they will have to look for and analyze as sysmon logs, eventlogs, registry values and prefetch to understand the attackers TTPs and detect malwares, practice memory forensics to dissect suspicions activity. Finally, they will learn the art of IR storytelling (also known as storyboarding) – how to assemble an accurate timeline to a “full picture” of the incident, based on their findings (and also identify the gaps and by that, know what else is missing) and how to summarize the investigation into an IR report.”

Rony Munitz

Course Fees

Singapore Citizens
39 years old or younger
40 years old or older
Singapore PRs
Enhanced Training Support for SMEs
International Participants

Total Nett Programme Fee Payable, Including GST, after additional funding from the various funding schemes

Participants must fulfill at least 75% attendance and pass all assessment components to be eligible for SSG funding.

To enquire, email soc-ace@nus.edu.sg

To register, click Register

For members of public and NUS Alumnus (without R&G Voucher), please follow the steps below:

Select Short Course / Modular Course -> Apply for Myself -> Browse Academic Modules / Short Courses-> Module/Course Category -> Short Courses -> Browse Courses-> Strategic Tech Mgt Institute (Faculty/Department / Unit)

Please download the user guide for NUS Online Application Portal after you click ‘Apply for Myself’ if you need assistance.

Course Fee Breakdown

Singapore Citizens

Singapore Citizens

39 years old or younger

Singapore Citizen

40 years old or older
Singapore PRs
Enhanced Training Support for SMEs
International Participants