Logo

Firebrand Training course for GIAC Certified Incident Handler (GCIH)

What you'll learn

Get the skills you need to detect, respond to and resolve computer security incidents in just 5 days. On this accelerated GIAC Certified Incident Handler (GCIH) course, you'll develop the skills and knowledge needed to manage sensitive security incidents.

As organisations strive to improve their cyber security, Incident Handlers are increasingly in demand and the GCIH certification qualifies you for this critical role.

You’ll build knowledge of common attack techniques, vectors and tools as you learn how to defend and respond to potentially devastating cyber attacks. On this GCIH course, you’ll also learn:

  • The incident handling process
  • How to detect malicious applications and network activity
  • High-level containment strategies to prevent attackers causing further damage
  • Incident recovery and system restoration
  • How to detect and analyse system and network vulnerabilities

Firebrand's GCIH training will prepare you for the GIAC Certified Incident Handler (GCIH) exam and provides knowledge equivalent to the SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling.

Firebrand’s unique Lecture | Lab | Review methodology will immerse you in your accelerated GCIH course as you combine GIAC curriculum with practical and technical hands-on labs. This is crucial as GIAC recommends hands-on experience with the technology covered by your certification.

This accelerated GCIH training is ideal for IT Incident Handlers, IT Operational Team Leaders, Managers of incident handling teams, IT Security staff, IT System administrators and IT Support staff.

Curriculum

18 modules

Incident Handling: Identification

  • Get an understanding of important strategies to gather events, analyse them, and determine if you have an incident

Incident Handling: Overview and Preparation

  • Prove your understanding of Incident Handling, why it is important, and gain an understanding of best practices to take in preparation for an incident

Buffer Overflows and Format String Attacks

  • Demonstrate an understanding of how buffer overflows and format string attacks work and how to defend against them

Client Attacks

  • Gain an understanding of various client attacks and how to defend against them

Covering Tracks: Networks

  • Learn how attackers use tunnelling and covert channels to cover their tracks on a network, and the strategies involved in defending against them

Covering Tracks: Systems

  • Discover how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks

Denial of Service Attacks

  • Get a comprehensive understanding of the different kinds of Denial of Service attacks and how to defend against them

Incident Handling: Containment

  • You’ll demonstrate an understanding of high-level strategies to prevent an attacker from causing further damage to the victim after discovering the incident.

Incident Handling: Eradication, Recovery, and Lessons Learned

  • Gain an understanding of the general approaches to get rid of the attacker's artefacts on compromised machines, the general strategy to safely restore operations, and the importance of the incident report and lessons learned meetings

Network Attacks

  • You’ll get an understanding of various network attacks and how to defend against them

Password Attacks

  • Prove your detailed understanding of the three methods of password cracking

Reconnaissance

  • Demonstrate your understanding of public and open source reconnaissance techniques

Scanning: Discovery and Mapping

  • Get introduced to scanning fundamentals; to discover and map networks and hosts, and reveal services and vulnerabilities

Scanning: Techniques and Defence

  • Learn the techniques and tools used in scanning, and how to response and prepare against scanning

Session Hijacking and Cache Poisoning

  • Demonstrate an understanding of tools and techniques used to perform session hijacking and cache poisoning, and how to respond and prepare against these attacks

Techniques for maintaining access

  • Learn how Trojan horses and rootkits operate, what their capabilities are and how to defend against them

Web Application Attacks

  • Demonstrate an understanding of the value of the Open Web Application Security Project (OWASP), as well as different Web App attacks such as account harvesting, SQL injection, Cross-Site Scripting and other Web Session attacks

Worms, Bots & Bot-Nets

  • Demonstrate a detailed understanding of what worms, bots and bot-nets are, and how to protect against them

Prerequisites

You should possess:

  • An understanding of basic computer networking and security principles
  • Knowledge of networking protocols
  • Knowledge of the Windows command line

Exam info

This accelerated GCIH course will prepare you for the following exam. The exam fee is not included in the course price; if you wish to take the exam, we’ll provide instructions on how to register with GIAC.

  • GIAC Certified Incident Handler (GCIH) exam
    • Number of Questions: 150
    • Duration: 4 hours
    • Type: Proctored Exam
    • Passing score: 73%

You will be required to renew your GCIH certification every four years through Continuing Professional Experience (CPE) credits.

Course Dates

Sorry, there are currently no dates available for this course. Please submit an enquiry and one of our team will contact you about potential future dates or alternative options.

FAQs

4 question

Yes, we do provide courses suitable for beginners. However, Firebrand's accelerated courses aren't easy and it's essential that you are interested and actively pursuing a career in IT.

Traditional training providers usually run their courses from 9am to 5pm. At Firebrand Training we maximise the number of learning hours to minimise the number of training days, so you’ll be back to your job as quickly as possible. You don’t waste time travelling to several courses and finding an exam centre after that.

Firebrand's accelerated courses are constantly reviewed. We ask our delegates for feedback after every course. We are official partners with leading vendors and therefore, we're provided with certification changes and updates, which we can then implement in our course delivery at a very early stage. This feedback is then analysed in view of changes or discrepancies. We will then address the topics mentioned and have a panel of subject matter experts provide us with valuable suggestions for improvement and solutions.

If you need to learn new skills and you want to be able to put them into practice quickly, then Firebrand is the right training company for you.

Our unique accelerated training method means that we are your fastest way to learn. By delivering training for up to 12 hours per day, seven days per week, with exam centres on-site, we ensure that you are trained and certified quicker than anywhere else, having spent less time out of the office away from the day job.

Can't find the answer you're looking for?

Our expert learning advisors are ready to help. Whether you need course recommendations, have technical queries, or want to discuss your learning goals, we're just a message away.

Related courses

All GIAC Courses

Train your team

Since 2001 we've trained 134,561 employees from thousands of large and small organisations, saving them more than one million hours in training time.

Learn More