Certified Incident Handling Engineer (CIHE)


Who should attend

  • Security Professionals
  • Incident Handling Professionals
  • Anyone in a Security Operations Center
  • Forensics Experts
  • Cybersecurity Analysts


This course is part of the following Certifications:


Suggested (Any of the following Mile2 Courses):

  • Certified Security Principles
  • Certified Digital Forensics Examiner
  • Certified Incident Handling Engineer
  • Certified Professional Ethical Hacker
  • Certified Penetration Testing Engineer
  • or Equivalent Knowledge

Course Objectives

This course helps you prepare an organization to create a complete end to end solution for monitoring, preventing, detecting, and mitigating threats as they arise in real time.

Do not fool yourself, this course is far more advanced than you may expect. It is fast paced and thorough, so you can enjoy a well-rounded experience. Be ready to dig deep into the details of security analysis for today's needs.

You will be able to set up and deploy state of the art open source and commercial analysis tools, intrusion detection tools, syslog servers, and SIEMs. You will also be able to integrate them for an entire organization.

*This course maps to the mile2 Certified Cyber Security Analyst Exam as well as the Comp TIA CySA+CS0-001 certification exam.

Outline: Certified Incident Handling Engineer (CIHE)

Chapter 1 - Blue Team Principles 

  • Network Architecture and how it lays the groundwork 
  • Security Data Locations and how they tie together 
  • Security Operations Center 
  • Automation, Improvement, and Tuning 

Chapter 1 Labs – Blue Team Principles

  • Analyze Initial Compromise Vector
  • Network Forensics
  • System Forensics

Chapter 2 - Digital Forensics 

  • Investigative Theory and Processes 
  • Computer Forensics Laboratory 
  • Advanced Forensics for Today’s Exploitations 

Chapter 2 Labs – Digital Forensics

  • Analysis of Captured Network Activity
  • Analysis of Captured Zip File

Chapter 3 - Malware Analysis

  • Creating the Safe Environment 
  • Static Analysis 
  • Dynamic Analysis 
  • Behavior Based Analysis 
  • What is different about Ransomware? 
  • Manual Code Reversing 

Chapter 3 Labs – Malware Analysis

  • Analysis of an MSFVenom Executable
  • Analysis of Locky Ransomware
  • Creating YARA Rules based on Analysis Results
  • Final Assessment

Chapter 4 - Traffic Analysis 

  • Manual Analysis Principles 
  • Automated Analysis Principles 
  • Application Protocols Analysis Principles 
  • Networking Forensics 

Chapter 4 Labs – Traffic Analysis

  • Traffic Analysis of a Website Defacement Attack
  • Traffic Analysis Based on IDS Alerts
  • Traffic Analysis of a ZLoader Delivery Attempt
  • Bonus: Find the Backdoor!!!

Chapter 5 - Assessing the Current State of Defense with the Organization 

  • Network Architecture and Monitoring 
  • Endpoint Architecture and Monitoring 
  • Automation, Improvement, and continuous monitoring 

Chapter 5 Labs – Assessing the Current State of Defense within the Organization

  • Configuring a Firewall
  • Configuring SIEM
  • Configuring IPDS
  • Upgrading Detection/Protection Capabilities

Chapter 6 - Leveraging SIEM for Advanced Analytics 

  • Architectural Benefits 
  • Profiling and Baselining 
  • Advanced Analytics 

Chapter 6 Labs – Leveraging SIEM for Advanced Analytics

  • Deploying Agent
  • Implementing User Behavior Analytics through Machine Learning
  • Simulate an Attack and Analyze Alerts

Chapter 7 - Defeating the Red Team with Purple Team tactics 

  • Penetration Testing with full knowledge 

Chapter 7 Labs – Defeating the Red Team with Purple Team Tactics

  • Configuring Defensive Systems
  • Purple Team Testing
  • Mitigation
  • Bypass Anti-Virus and LSASS Patch through edited Mimikatz

Prices & Delivery methods

Online Training

5 days

  • Online Training: CAD 4,550
  • Online Training: US$ 3,500
Classroom Training

5 days

  • Canada: CAD 4,550


Currently there are no training dates scheduled for this course.