Instructor(s)

Chiheb Chebbi

Cyber Defense Consultant

Chiheb is a cyberdefense consultant and a blackhat speaker with core interests in incident response, threat hunting, cloud security, and detection engineering. He spent the past few years investigation advanced cyber attacks and researching cyber espionage and APT attacks.
He authored a couple of books such as Mastering Machine Learning for Penetration Testing and Advanced Infrastructure Penetration Testing and was awarded the Microsoft Most Valuable Professional (MVP) for his contributions.

Course curriculum

  • 1

    Incident Response Fundamentals

    • What is Incident Response?

    • What is an information security Incident?

    • Incident Response Phases

    • Incident Response Standards and Guidelines

    • Exercise

  • 2

    Security Operation Center (SOC)

    • What is a Security Operation Center (SOC)?

    • Security Operation Center (SOC) Elements

    • SOC Evaluation Metrics and Maturity Levels

    • SOC Planning

    • Exercise

  • 3

    Who are your Adversaries?

    • Adversaries and Threats

    • Advanced Persistent Threats (APT)

    • Adversarial Modeling

    • Exercise

  • 4

    Incident Response Playbooks

    • What is an Incident Response Playbook?

    • Exercise

  • 5

    Threat Emulation Fundamentals

    • Introduction to Threat Emulation

    • Threat Emulation Tools

    • Purple Teaming

    • Exercise

  • 6

    Threat Hunting Fundamentals

    • Introduction to Threat Hunting

    • Threat Hunting with DeepBlue CLI

    • Threat Hunting with OSQuery and Fleet

    • The Hunting Maturity Model (HMM)

    • Exercise

  • 7

    Active Defense

    • What is Active Defense?

    • Demonstration1: Decoy File Creation

    • Demonstration 2: SSH Honeypot Video

    • MITRE Shield

    • Exercise

  • 8

    Security Orchestration, Automation, and Response (SOAR)

    • What is Security Orchestration, Automation, and Response (SOAR)?

    • SOAR benefits

    • The RE&CT Framework

    • Shuffle Automation Platform

    • Exercise

  • 9

    Security Operations in the cloud

    • Cloud Computing Fundamentals

    • Why Incident Response in the Cloud?

    • Security Operations in the Cloud with Azure Sentinel SIEM/SOAR

    • Data Connectors

    • Detection Rules and Analytics

    • Incident Handling and Investigation

    • Threat Intelligence

    • Workbooks

    • Security Solutions

    • Automation

    • Azure Sentinel IR Demonstration Video: Malicious file Detection on Windows Victim Machine

    • Exercise

  • 10

    Miscellaneous and Final Notes

    • Alert fatigue

    • SOC pitfalls

    • SOC tips

    • Exercises

Course Objectives

  • Understand Cyber Threats, Attack Methodology, and Adversarial Models.

  • Understand the basics of Security Operation Center (SOC) and Incident Response.

  • Learn the fundamentals of Threat Hunting, Threat Emulation, SOAR, Incident Management, Cloud Incident response, and more.

  • Gain hands-on experience with many SOC tools that you will learn how to deploy by yourself.