Firebrand Training course for GIAC Certified Incident Handler (GCIH)

Get the skills you need to detect, respond to and resolve computer security incidents in just 5 days. On this accelerated GIAC Certified Incident Handler (GCIH) course, you'll develop the skills and knowledge needed to manage sensitive security incidents.

As organisations strive to improve their cyber security, Incident Handlers are increasingly in demand and the GCIH certification qualifies you for this critical role.

You’ll build knowledge of common attack techniques, vectors and tools as you learn how to defend and respond to potentially devastating cyber attacks. On this GCIH course, you’ll also learn:

• The incident handling process
• How to detect malicious applications and network activity
• High-level containment strategies to prevent attackers causing further damage
• Incident recovery and system restoration
• How to detect and analyse system and network vulnerabilities

Firebrand's GCIH training will prepare you for the GIAC Certified Incident Handler (GCIH) exam and provides knowledge equivalent to the SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling.

Firebrand’s unique Lecture | Lab | Review methodology will immerse you in your accelerated GCIH course as you combine GIAC curriculum with practical and technical hands-on labs. This is crucial as GIAC recommends hands-on experience with the technology covered by your certification.

This accelerated GCIH training is ideal for IT Incident Handlers, IT Operational Team Leaders, Managers of incident handling teams, IT Security staff, IT System administrators and IT Support staff.

Incident Handling: Identification

• Get an understanding of important strategies to gather events, analyse them, and determine if you have an incident

Incident Handling: Overview and Preparation

• Prove your understanding of Incident Handling, why it is important, and gain an understanding of best practices to take in preparation for an incident

Buffer Overflows and Format String Attacks

• Demonstrate an understanding of how buffer overflows and format string attacks work and how to defend against them

Client Attacks

• Gain an understanding of various client attacks and how to defend against them

Covering Tracks: Networks

• Learn how attackers use tunnelling and covert channels to cover their tracks on a network, and the strategies involved in defending against them

Covering Tracks: Systems

• Discover how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks

Denial of Service Attacks

• Get a comprehensive understanding of the different kinds of Denial of Service attacks and how to defend against them

Incident Handling: Containment

• You’ll demonstrate an understanding of high-level strategies to prevent an attacker from causing further damage to the victim after discovering the incident.

Incident Handling: Eradication, Recovery, and Lessons Learned

• Gain an understanding of the general approaches to get rid of the attacker's artefacts on compromised machines, the general strategy to safely restore operations, and the importance of the incident report and lessons learned meetings

Network Attacks

• You’ll get an understanding of various network attacks and how to defend against them

Password Attacks

• Prove your detailed understanding of the three methods of password cracking

Reconnaissance

• Demonstrate your understanding of public and open source reconnaissance techniques

Scanning: Discovery and Mapping

• Get introduced to scanning fundamentals; to discover and map networks and hosts, and reveal services and vulnerabilities

Scanning: Techniques and Defence

• Learn the techniques and tools used in scanning, and how to response and prepare against scanning

Session Hijacking and Cache Poisoning

• Demonstrate an understanding of tools and techniques used to perform session hijacking and cache poisoning, and how to respond and prepare against these attacks

Techniques for maintaining access

• Learn how Trojan horses and rootkits operate, what their capabilities are and how to defend against them

Web Application Attacks

• Demonstrate an understanding of the value of the Open Web Application Security Project (OWASP), as well as different Web App attacks such as account harvesting, SQL injection, Cross-Site Scripting and other Web Session attacks

Worms, Bots & Bot-Nets

• Demonstrate a detailed understanding of what worms, bots and bot-nets are, and how to protect against them

You should possess:

• An understanding of basic computer networking and security principles
• Knowledge of networking protocols
• Knowledge of the Windows command line

This accelerated GCIH course will prepare you for the following exam. The exam fee is not included in the course price; if you wish to take the exam, we’ll provide instructions on how to register with GIAC.

• GIAC Certified Incident Handler (GCIH) exam
• Number of Questions: 150
• Duration: 4 hours
• Type: Proctored Exam
• Passing score: 73%

You will be required to renew your GCIH certification every four years through Continuing Professional Experience (CPE) credits.