eLearnSecurity - IHRPv1 - Incident Handling and Reponse

averageguy72

eLearnSecurity is launching a new course focused on Incident Handling

Registration for the overview webinar is below.

https://www.elearnsecurity.com/resources/webinars/ihrpv1_preview

r3nzsec

Excited about this course launch!!

Sylabicuma

Just registered. Thanks for this!

cyberguypr

I am very curious. I just hired a kid fresh out of college for my IR team and this has potential. 

r3nzsec

cyberguypr said:

I am very curious. I just hired a kid fresh out of college for my IR team and this has potential. 

kudos to those hiring managers who are giving chance to these young fellows. Give him eLearnSecurity courses and he will be good for sure!

u1tras

Really want to see the syllabus of the course! 

impelse

Look interesting

DatabaseHead

For junior and intermediate roles I prefer freshers from quality schools.  In regards to the course look promising!  Thanks for sharing

r3nzsec

Can't wait for the syllabus to come out. Just received an email from ELS last night and they said they got a thousand of registrants 48 hours after releasing the webinar invite. They also revealed that this IR course is based on standard framework (NIST) with cutting edge and proven real life experience.

Danielm7

I'm interested in seeing it too, FWIW they always say they got a thousand registrants and to register quickly. At this point it just sounds like a sales tactic 

Skyyyyy2001

Cost will be my number 1 decision factor to consider and also what types of labs it offers.

Penguineer

Price is a big factor for me as well. I'm predicting that it is going to be priced similarly to eCPPT (1,199 - 1,599) because they're calling it "the eCPPT of IR" 

u1tras

Will be available any discounts for existing courses? That's an interesting question too.

wd40

They usually give discounts to existing students.

u1tras

wd40 said:

They usually give discounts to existing students.

Do you mean to those who was previosly completed some other their courses?

r3nzsec

u1tras said:

wd40 said:

They usually give discounts to existing students.

Do you mean to those who was previosly completed some other their courses?

They do provide normally 40% off to the existing students. Meaning, those who we were able to purchased at least one of their courses. 

u1tras

That's interesting. If I purchase a new IHRP course with launch discount then I become an ELS student. And if I purchase another one course - will I get 40% off as a student?  

TimBaker

The 40% discount usually applies only to newly launched courses. 

TimBaker

I'm just curious how this will differ in content to THP since threat hunting is a part of incident response. I will wait and see what the course syllabus is like but I'm not so sure at the moment if it will offer any depth.

chrisone

TimBaker said:

I'm just curious how this will differ in content to THP since threat hunting is a part of incident response. I will wait and see what the course syllabus is like but I'm not so sure at the moment if it will offer any depth.

Just make sure you watch the Webinar because they go into the syllabus and they do demonstrations. Sometime just looking at the syllabus may not do the content justice. A syllabus does not show "HOW" the subject is taught, only that the subject is taught. 

u1tras

Just checked out last year's discounts from eLS. There was about 40% off for the new launched THP course and $200 gift card for other courses. Hope they'll repeat it again:) 

Sylabicuma

Did anyone attend this webinar? I wasn't able to attend.

Danielm7

I got a bit in and then someone came in and I had to run out. Beginning was all hype so I didn't get to see actual content yet. 

r3nzsec

I was able to attend and I was impressed. They are giving 50% off up to this month. If you are a current els student, you will get 50% off plus unlimited lab time. Regarding the syllabus, the content looks very competitive and helpful to soc team members. I always encounter all those topics in interview for a senior soc position. I would definitely purchase this one. 

Skyyyyy2001

It's hard to say no when given a 50% discount off and unlimited lab time.... haha

But I will need a weekend to seriously think about it though and look at what others have to say in the forum before flashing my credit card.

Penguineer

So I just compared the syllabus of IHRP to a couple of SANS courses and there is A LOT of overlap between this course and SANS SEC504/SANS SEC555.

IHRP Section: Practical Incident Handling
Aligns with: SEC 504 heavily.
25 bullet points in this section align with the bullet points in the SANS 504 course. Don't believe me? Crack open your books and have a look for yourself. I found it interesting that IHRP is covering BGP hijacking as one of the exploitation techniques. I also found it interesting that war driving/war dialing is covered in the Reconnaissance section.

IHRP Section: SOC3.0 Operations and Analytics
Aligns with: SANS SEC 555 heavily.

I think that this course is definitely worth it just based off of the Table of Contents alone and the alignment to the above SANS courses. It also comes with downloadable materials, videos, and unlimited lab time at a fraction of the price of SANS. I was on the fence about buying it until I saw the similarities that it had with 504/555. 

What do you guys think about these similarities?

Skyyyyy2001

Penguineer said:

So I just compared the syllabus of IHRP to a couple of SANS courses and there is A LOT of overlap between this course and SANS SEC504/SANS SEC555.

IHRP Section: Practical Incident Handling
Aligns with: SEC 504 heavily.
25 bullet points in this section align with the bullet points in the SANS 504 course. Don't believe me? Crack open your books and have a look for yourself. I found it interesting that IHRP is covering BGP hijacking as one of the exploitation techniques. I also found it interesting that war driving/war dialing is covered in the Reconnaissance section.

IHRP Section: SOC3.0 Operations and Analytics
Aligns with: SANS SEC 555 heavily.

I think that this course is definitely worth it just based off of the Table of Contents alone and the alignment to the above SANS courses. It also comes with downloadable materials, videos, and unlimited lab time at a fraction of the price of SANS. I was on the fence about buying it until I saw the similarities that it had with 504/555. 

What do you guys think about these similarities?

Wow that is great to know. 

TimBaker

Penguineer said:

So I just compared the syllabus of IHRP to a couple of SANS courses and there is A LOT of overlap between this course and SANS SEC504/SANS SEC555.

IHRP Section: Practical Incident Handling
Aligns with: SEC 504 heavily.
25 bullet points in this section align with the bullet points in the SANS 504 course. Don't believe me? Crack open your books and have a look for yourself. I found it interesting that IHRP is covering BGP hijacking as one of the exploitation techniques. I also found it interesting that war driving/war dialing is covered in the Reconnaissance section.

IHRP Section: SOC3.0 Operations and Analytics
Aligns with: SANS SEC 555 heavily.

I think that this course is definitely worth it just based off of the Table of Contents alone and the alignment to the above SANS courses. It also comes with downloadable materials, videos, and unlimited lab time at a fraction of the price of SANS. I was on the fence about buying it until I saw the similarities that it had with 504/555. 

What do you guys think about these similarities?

That's an interesting observation you've made there. I too was on the fence, I thought it wouldn't cover much especially since they have a threat hunting course. I actually expected some fluff and then some overlap with THP content but as @chrisoneadvised, I looked at the content, saw the topics you've highlighted and concluded that there's definitely a lot of value in this course especially with the 50% discount.

Has anyone here bought or done the THP course?  Which would you rather do, THP or IHRP and why?

u1tras

50% off for sure is very good. But what about practical labs? When we'll be able to see the list? I'll definitely enroll in THP course (thanks to $200 gift card), but without labs can't make a decision about IHRP.

SleepyLCTL

The practical labs are going to be published later. I guess they have finished barely half of the course so far. Also it's end of the year, so it's marketing move to do this pre-order.

I think I am going to buy this, the content looks really nice, I think as a pentester, SOC T2 I could learn a lot, as I have basic usage of SIEM however I haven't seen anything like those "Practical anti-reconnaissance, exploitation" SIEM stuff...

I am just concerned about the way how it's learned... Do we get only shitload of .pcaps? > very bad idea, would sue them. Or are going to do everything via Splunk > Awesome. Or ELK > also really good.

u1tras

I hope this "later" will be before 31th December)