COURSE DESCRIPTION

The student will have a two-and-a-half-hour session, which should enable him to understand the required skills, decision impacts and needs in order to react efficiently before and during a security incident.

The following knowledge will be share:

• Case A – Breach for money
  • In this scenario, an attacker breached the information system by using a simple drive-by download impersonating a Firefox update. The attacker pivoted and mapped the internal network then deployed a backdoor on all the accounting workstation in order to inject transactions in the payment system.
• Case B – Worm inside the information system
  • In this scenario, the information system was breached by a common malware send through phishing. Besides quarantine in place, due to a simple mistake of an operator with privileged access, the malware had wormed through the entire information system. The incident response investigations where complex to perform due to other simple mistakes in log management.
• Case C – Ransomware Attack
  • In this scenario, the information system was breached by the exploitation of a vulnerability on the remote access month’s ago. The attacker took control of the Information system; exfiltrated data then deploy a ransom attack over the entire infrastructure. Finally, he published publicly the stolen data.

REQUIREMENTS

To perform this activity, the client must attend to the training. The list of the participants should be communicated to Excellium one week before the training.