eLearnSecurity - IHRPv1 - Incident Handling and Reponse
Comments
-
Penguineer Member Posts: 16 ■■■□□□□□□□They said that they will release a new module every 2 weeks until the official March release date. No one asked how many labs there would be during the webinar, but I'll shoot them an email.
-
SleepyLCTL Member Posts: 28 ■■■□□□□□□□u1tras said:I hope this "later" will be before 31th December)
-
u1tras Member Posts: 81 ■■■□□□□□□□Penguineer said:They said that they will release a new module every 2 weeks until the official March release date. No one asked how many labs there would be during the webinar, but I'll shoot them an email.Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
u1tras Member Posts: 81 ■■■□□□□□□□SleepyLCTL said:u1tras said:I hope this "later" will be before 31th December)Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
SleepyLCTL Member Posts: 28 ■■■□□□□□□□Okey, so I was not able to resist. I bought today. I went thru the first 50 slides, so far very good. Although the basics, I like the form same as in PTP, where everything is simple, directly applicable. I have already found one thing, which I am going to deploy in our company. In next few days I will check out the rest and post more. However, at the first glance, I am satisfied, after some experience with pentesting and being a indirect T2 SOC responder, I find the material as very useful to broaden and "fine-tune" my IR knowledge, which is right now somehow very chaotic.So far no info about the labs.
-
Penguineer Member Posts: 16 ■■■□□□□□□□I couldn't get any information on the labs, but a couple of people have asked about the number of labs on twitter. Here's their response:
"... there will be labs for each topics covered in each modules of the course." and "... this course is lab-heavy, better be ready! The list of labs will be revealed along with the new course modules in the next weeks. "
I did see a few PCAP files already available that you can download and inspect offline. There are no online labs at the moment. I'm just hoping that a majority of the labs will be online.
As far as the content of the first two modules, I would say that the content is pretty solid. There are a few grammatical errors, but they said that they are aware of them and will address them. If you're still on the fence, I'd recommend waiting until the 30th before buying. Hopefully they'll release another module and the lab listing by then. -
Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□This is the reply I got from eLS support:
The IHRP is a course in progress, so it is difficult to estimate the exact number of labs it will contain. If an analogy with another eLS course helps, it will certainly have the same amount of labs as PTPv5 and probably more.
-
u1tras Member Posts: 81 ■■■□□□□□□□I've got the same answer from ELS about IHRP labs amount. Booked THP course today.Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
-
u1tras Member Posts: 81 ■■■□□□□□□□Skyyyyy2001 said:Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□@SleepyLCTL any further updates or reviews? I am still holding on to purchase until end of the month
-
Penguineer Member Posts: 16 ■■■□□□□□□□I finally got a response to my email. They said that they won't have a lab listing until March. At this point it's a gamble on how good the content/labs will be. However, eLearnSecurity does have a decent track record of producing quality courses.
The benefits of signing up now are:
1) Unlimited lab time ($299 value)
2) 50% off elite edition
I still suggest holding out until the end of December. Hopefully a new module or update comes out by then. -
SleepyLCTL Member Posts: 28 ■■■□□□□□□□Hi... ,response from ELS:
The IHRP is a course in progress, so it is difficult to estimate the exact number of labs it will contain. If an analogy with another eLS course helps, it will certainly have the same amount of labs as PTPv5 and probably more.
A customized ELK stack, Splunk and OSquery are going to be heavily used in IHRP for endpoint analytics and anomaly/intrusion detection.
During IHRP the student will focus on practically leveraging those platforms for detection purposes ONLY. We are not going to dive a lot into each solutions’s architecture/full capabilities etc., because those concern a security engineer not an analyst. To conclude IHRP covers ELK/Splunk/Osquery from an analyst’s perspective only. There is no need to teach students everything about ELK/Splunk and Osquery.The number of ELK/Splunk/Osquery labs is not known since a lot of topics related to them could be covered in videos or slides as well.
This is all the info we can provide you with…
I haven't had a time to finish the second available part. However, first available section quite well describes NIST guide - Incident response. The second part focuses on Layer 2 attack - therefore lots of info about ARP, MAC tables... some examples of ARP spoofing, finding a suspicious packets... I will write more once I finish the section and can make some conclusions.Yeah, maybe I would wait for end of December, I can write you more about the concent, however.... if you want to get some hands on on this topic, this is the only easy/relatively affordable... I want to comfortably get to T2 SOC, and I think this is the least time consuming option. Yeah... I can build my own lab, like my colleague - but that would take me months. With this I believe I will grasp everything within 2 months and with my previous experience I can get comfortable in this position. So... I guess you can either build your own lab and have it free (how much does your time cost?) or you can invest into this... and hopefully get the same similar results... (+ as mentioned in ELS answer... building a lab - that's SecEnginner job, not analyst... good to know? Definitively! Do I have time for everything? No one has!) -
r3nzsec Member Posts: 39 ■■■□□□□□□□So everyone is waiting for the exact lab information for this IHRP course and ELS stated that the official release of the complete course will be on March, for me it is safe to say that the price offer for this month plus the unlimited lab for all existing students are quite amazing and fair enough. Knowing how ELS made a tremendous effort on building lab exercises, and myself have gone through several courses (PTS, DFP) and currently taking eCPPT, I would say that this course will be worth it. I've done GCIH last year and I would say I will still get this course for me. I've encountered these topics to a lot of interviews just this year for a Senior SOC position and I do believe that this course will eventually a life saver for all blue teamers out there!
-
u1tras Member Posts: 81 ■■■□□□□□□□Just got a personalized offer for existing students with 50% off and unlimited labs time. Considering quality of THP course I'm seriously thinking of taking IHRP course. I'll make my final decision after completing the first section of THP course as I also want to check video and labs.
Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
u1tras Member Posts: 81 ■■■□□□□□□□"A customized ELK stack, Splunk and OSquery are going to be heavily used in IHRP for endpoint analytics and anomaly/intrusion detection" - that's exactly what I wanted to hear from ELSCerts: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□SleepyLCTL said:Hi... ,response from ELS:
The IHRP is a course in progress, so it is difficult to estimate the exact number of labs it will contain. If an analogy with another eLS course helps, it will certainly have the same amount of labs as PTPv5 and probably more.
A customized ELK stack, Splunk and OSquery are going to be heavily used in IHRP for endpoint analytics and anomaly/intrusion detection.
During IHRP the student will focus on practically leveraging those platforms for detection purposes ONLY. We are not going to dive a lot into each solutions’s architecture/full capabilities etc., because those concern a security engineer not an analyst. To conclude IHRP covers ELK/Splunk/Osquery from an analyst’s perspective only. There is no need to teach students everything about ELK/Splunk and Osquery.The number of ELK/Splunk/Osquery labs is not known since a lot of topics related to them could be covered in videos or slides as well.
This is all the info we can provide you with…
I haven't had a time to finish the second available part. However, first available section quite well describes NIST guide - Incident response. The second part focuses on Layer 2 attack - therefore lots of info about ARP, MAC tables... some examples of ARP spoofing, finding a suspicious packets... I will write more once I finish the section and can make some conclusions.Yeah, maybe I would wait for end of December, I can write you more about the concent, however.... if you want to get some hands on on this topic, this is the only easy/relatively affordable... I want to comfortably get to T2 SOC, and I think this is the least time consuming option. Yeah... I can build my own lab, like my colleague - but that would take me months. With this I believe I will grasp everything within 2 months and with my previous experience I can get comfortable in this position. So... I guess you can either build your own lab and have it free (how much does your time cost?) or you can invest into this... and hopefully get the same similar results... (+ as mentioned in ELS answer... building a lab - that's SecEnginner job, not analyst... good to know? Definitively! Do I have time for everything? No one has!) -
securityorc Member Posts: 58 ■■■□□□□□□□I'm also very interested to hear more opinions about this one, as I'm considering to get it because that 50% discount is a rare opportunity. I can't decide based on the syllabus and demo alone, I've worked in incident response, so I want to make sure I will get value and new skills out of it.
-
u1tras Member Posts: 81 ■■■□□□□□□□When the next 2 modules of the course will be released? Does anybody know?Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
SleepyLCTL Member Posts: 28 ■■■□□□□□□□u1tras said:When the next 2 modules of the course will be released? Does anybody know?
-
u1tras Member Posts: 81 ■■■□□□□□□□SleepyLCTL said:u1tras said:When the next 2 modules of the course will be released? Does anybody know?Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
SleepyLCTL Member Posts: 28 ■■■□□□□□□□u1tras said:SleepyLCTL said:u1tras said:When the next 2 modules of the course will be released? Does anybody know?
-
u1tras Member Posts: 81 ■■■□□□□□□□Answer from eLS on Twitter: "Indeed, it'll be released in the next couple of days. Stay tuned!"Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
r3nzsec Member Posts: 39 ■■■□□□□□□□I've also purchased the course. The 2 modules served as a review for some basic of IR processes. I really love how ELS explain things as easy as possible. I can wait for them to complete the whole course while I am taking eCPPT so I don't mind having limited IHRP slides and labs for now For those blue teamers out there, you won't miss this course specially the great deal offer this month!
-
Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□Guys, I took the courage and used up my next year training budget by signing up for this course. I hope this is the right decision as I have high hopes for eLS courses
Happy new year in advance to all! -
securityorc Member Posts: 58 ■■■□□□□□□□For those who took eLS courses before, what was your opinion of the labs? Were they different than the examples shown in the courses and sufficiently challenging? I'm still undecided about this one.
-
chrisone Member Posts: 2,278 ■■■■■■■■■□Does anyone know what training paths the IHRP course will fulfill? obviously the indicent responder but wondering if it covers other training paths such as purple team or enterprise defender. I emailed elearnsecurity so if I find out soon, I will reply here.
edit:
got a response.
"Chris,Sorry, I do not have the answer for your questions, we will announce this a soon as we release the complete content on March 2019."
Hmmm still debating this course, I guess I have 40 some hours to make a decision.
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
chrisone Member Posts: 2,278 ■■■■■■■■■□Last day, I caved in and bought the course. I doubt I will be able to get to it in 2019, but should be a fantastic hands on course/certification based on incident handling/threat hunting/SOC. Good luck to everyone on this path.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
securityorc Member Posts: 58 ■■■□□□□□□□I also bought it. I have some other certs to knock off before getting to this one though, so it suits me well that they won't release it until March. Here's to a solid return on investment!