• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

The Certified Incident Handling Engineer course is designed to help Incident Handlers, System Administrators, and any General Security Engineers understand how to: plan, create and utilize their systems in order to prevent, detect and respond to attacks.

In this in depth training, students will learn step-by-step approaches used by hackers globally. Including the latest attack vectors and how to safeguard against them, Incident Handling procedures (including developing the process from start to finish and establishing your Incident Handling team), and strategies for each type of attack, recovering from attacks and much more.

Furthermore, students will enjoy numerous hands-on laboratory exercises that focus on topics, such as reconnaissance, vulnerability assessments using Nessus, network sniffing, web application manipulation, malware and using Netcat plus several additional scenarios for both Windows and Linux systems.

This 4-day course retails for $3,500 and is delivered via: classroom, live online or self-study. The self-study course retails for $1,500.

Learning Objectives


Module 1: Introduction

Module 2: Threats, Vulnerabilities, and Exploits

Module 3: Identification and Initial Response

Module 4: RTIR

Module 5: Preliminary Response

Module 6: Identification and Initial Response

Module 7: Sysinternals

Module 8: Containment

Module 9: Eradication

Module 10: Follow-Up

Module 11: Recovery

Module 12: Virtual Machine Security

Module 13: Malware Incident Response


This is an intensive hands-on class; you will spend 20 hours or more performing labs; rather than spend too much time installing 300 tools, our focus will be on the Pen Testing model. The latest Pen Testing Tools and methods will be taught. Laboratories change weekly as new methods are found. We will be using many different tools from GUI to command line. As we work through structured attacks, we try and cover tools for both Windows and Linux systems.


Netcat (Basics of Backdoor Tools)

Exploiting and Pivoting our Attack

Creating a Trojan

Capture FTP Traffic

ARP Cache Poisoning Basics

ARP Cache Poisoning - RDP

Input Manipulation

Shoveling a Shell

Virus Total

Create Malware using SET

The Trojans

Examine System Active Processes and Running Services

Examine Startup Folders

The Local Registry

The IOC Finder - Collect

IOC Finder - Generate Report

Malware Removal

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Operations
  • Cybersecurity Management
  • Program/Project Management and Acquisition
  • Threat Analysis