Only 5 days
Classroom
06/01/2025 (Monday)
Overview
Get the skills you need to detect, respond to and resolve computer security incidents in just 5 days. On this accelerated GIAC Certified Incident Handler (GCIH) course, you'll develop the skills and knowledge needed to manage sensitive security incidents.
As organisations strive to improve their cyber security, Incident Handlers are increasingly in demand and the GCIH certification qualifies you for this critical role.
You’ll build knowledge of common attack techniques, vectors and tools as you learn how to defend and respond to potentially devastating cyber attacks. On this GCIH course, you’ll also learn:
- The incident handling process
- How to detect malicious applications and network activity
- High-level containment strategies to prevent attackers causing further damage
- Incident recovery and system restoration
- How to detect and analyse system and network vulnerabilities
Firebrand's GCIH training will prepare you for the GIAC Certified Incident Handler (GCIH) exam and provides knowledge equivalent to the SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling.
Firebrand’s unique Lecture | Lab | Review methodology will immerse you in your accelerated GCIH course as you combine GIAC curriculum with practical and technical hands-on labs. This is crucial as GIAC recommends hands-on experience with the technology covered by your certification.
This accelerated GCIH training is ideal for IT Incident Handlers, IT Operational Team Leaders, Managers of incident handling teams, IT Security staff, IT System administrators and IT Support staff.
Benefits
Please Note
- Examination vouchers not included for GIAC, CREST and CISSP CBK Review
- On site testing not included for GIAC, CREST or ITIL Managers and Revision Certification Courses
Curriculum
Incident Handling: Identification
- Get an understanding of important strategies to gather events, analyse them, and determine if you have an incident
Incident Handling: Overview and Preparation
- Prove your understanding of Incident Handling, why it is important, and gain an understanding of best practices to take in preparation for an incident
Buffer Overflows and Format String Attacks
- Demonstrate an understanding of how buffer overflows and format string attacks work and how to defend against them
Client Attacks
- Gain an understanding of various client attacks and how to defend against them
Covering Tracks: Networks
- Learn how attackers use tunnelling and covert channels to cover their tracks on a network, and the strategies involved in defending against them
Covering Tracks: Systems
- Discover how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks
Denial of Service Attacks
- Get a comprehensive understanding of the different kinds of Denial of Service attacks and how to defend against them
Incident Handling: Containment
- You’ll demonstrate an understanding of high-level strategies to prevent an attacker from causing further damage to the victim after discovering the incident.
Incident Handling: Eradication, Recovery, and Lessons Learned
- Gain an understanding of the general approaches to get rid of the attacker's artefacts on compromised machines, the general strategy to safely restore operations, and the importance of the incident report and lessons learned meetings
Network Attacks
- You’ll get an understanding of various network attacks and how to defend against them
Password Attacks
- Prove your detailed understanding of the three methods of password cracking
Reconnaissance
- Demonstrate your understanding of public and open source reconnaissance techniques
Scanning: Discovery and Mapping
- Get introduced to scanning fundamentals; to discover and map networks and hosts, and reveal services and vulnerabilities
Scanning: Techniques and Defence
- Learn the techniques and tools used in scanning, and how to response and prepare against scanning
Session Hijacking and Cache Poisoning
- Demonstrate an understanding of tools and techniques used to perform session hijacking and cache poisoning, and how to respond and prepare against these attacks
Techniques for maintaining access
- Learn how Trojan horses and rootkits operate, what their capabilities are and how to defend against them
Web Application Attacks
- Demonstrate an understanding of the value of the Open Web Application Security Project (OWASP), as well as different Web App attacks such as account harvesting, SQL injection, Cross-Site Scripting and other Web Session attacks
Worms, Bots & Bot-Nets
- Demonstrate a detailed understanding of what worms, bots and bot-nets are, and how to protect against them
FAQs
Frequently asked questions
Q. How do I get my GIAC GCIH certification?
To achieve your GCIH certification, you must pass the GIAC Certified Incident Handler (GCIH) exam.
Q. How much does the accelerated GCIH course cost?
You can find the accelerated GCIH course price here.
Q. What are the GCIH course prerequisites?
There are no official prerequisites to take any GIAC certification, including GCIH. However, you should be aware of the technical level of the course you want to take.
For this GCIH course, you should possess knowledge of networking protocols, Windows Command Line, and an understanding of basic computer networking and security.
Q. Are GIAC exams open book?
Yes, GIAC exams are open book and you’re encouraged to take advantage of this.
Q. What happens if I fail my GCIH exam?
If you fail your GCIH exam, you’ll be subjected to a 30-day waiting period before you can sit the exam again. The 30-day period provides candidates with additional time that can be used to master certification knowledge.
Q. Are GIAC certifications recognised by employers?
GIAC certifications are a good indication of cyber security skill and knowledge and are used by employers to select employees for hiring and promotion.
GIAC certifications fill gaps in security knowledge and few other qualifications cover the same material. Plus, GIAC certifications also contain invaluable practical knowledge, proving you know how to perform the task required.
Q. What’s the average salary for a GCIH certified professional?
The average salary for a GIAC Certified Incident Handler (GCIH) professional is £60,000 in the UK, according to ITJobsWatch.
Q. What is GIAC Gold?
The GIAC Gold is a second level certification which requires completion of a technical paper covering an important area of security.
GIAC Gold demonstrates that a GIAC certification holder understands and can communicate their knowledge in key areas of information security.
Pass any GIAC certification and you’ll get the option to apply for GIAC Gold. Applicants will work closely with an advisor to develop a technical report.
If the report is approved, you will receive GIAC Gold status and you report will be accepted into the SANS Reading Room.
Q. What is the GIAC Advisory Board, and how can I join it?
Score an average of 90% or above on your GIAC certification exam and you’ll be invited to join the GIAC Advisory Board.
Exam Track
This accelerated GCIH course will prepare you for the following exam. The exam fee is not included in the course price; if you wish to take the exam, we’ll provide instructions on how to register with GIAC.
- GIAC Certified Incident Handler (GCIH) exam
- Number of Questions: 150
- Duration: 4 hours
- Type: Proctored Exam
- Passing score: 73%
You will be required to renew your GCIH certification every four years through Continuing Professional Experience (CPE) credits.
What's Included
The following is included on your accelerated GCIH course:
- Firebrand courseware
Prerequisites
You should possess:
- An understanding of basic computer networking and security principles
- Knowledge of networking protocols
- Knowledge of the Windows command line