eLearnSecurity - IHRPv1 - Incident Handling and Reponse
Comments
-
SexyLemur Member Posts: 9 ■■□□□□□□□□And for clarity that 1 video is like 32 minutes....how the heck is that "hours of videos".
-
SleepyLCTL Member Posts: 28 ■■■□□□□□□□Agreed, my main problem, on a contrary is the quality of the slides. I just cannot accept the fact, that PTP had so much info in it and these slides feels like 1/5 of book is empty sides. I just went thru everything... and ... learned nothing.
-
SexyLemur Member Posts: 9 ■■□□□□□□□□I haven't really gone through the slides to make a comment on it tbh. I was going to start this week since now I had time however from the previous comments on the post, it sounds worrying to me . Ive only gone through 1 module and half of the second. Its been okay but just okay.
-
SexyLemur Member Posts: 9 ■■□□□□□□□□I'm not a fan of "death by PowerPoint" unless those are grouped with labs and video . However so far it feels that way and only 1 video and 8/9 labs is not enough...
-
SleepyLCTL Member Posts: 28 ■■■□□□□□□□Let's see, I am not going to give up on this. I believe, other people in this thread will find out our findings relatable.
-
SexyLemur Member Posts: 9 ■■□□□□□□□□Yeah I moved my comment and posted it on a new forum. Thought it deserved its own forum since its a valid complaint about the course.
-
u1tras Member Posts: 81 ■■■□□□□□□□@SleepyLCTL, I've just finished reading your thread on ELS forum. This is a key phrase from Dimitrios: "I have an obligation to support students questions regarding course matters. I would really like to spend more time but this is the last time i comment on IHRP's contents".
Dimitrios also has arguments agains all your and mine objections:
"Not enough slides?" - to describe blue side I just need less slides than for red. Really? I didn't mention that SANS blue courses are less than red. "Just 8 labs instead of promised 30?" - each lab is twice bigger than in PTP. Ok, it's 16. Where are another 16 labs?
"Not enough SOC stuff?" - you are not a manager/engineer, it's not your concern. Ok, maybe, but even for SOC analysts these topics should be covered, at least in general.
Section "Practical Incident Handling" is my favourite. 0 labs. Maybe it should be renamed to "Theoretical Incident Handling"?
Summarizing, you expectations from the course are just your expectations. From my perspective, the content for this money could and should be done much better. I expected much more from IHRP based on eLS stuff advertisements. I don't want to spend my time on discussions with eLS. Personally for me I did all conclusions for the future.Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
SleepyLCTL Member Posts: 28 ■■■□□□□□□□u1tras said:.... From my perspective, the content for this money could and should be done much better. I expected much more from IHRP based on eLS stuff advertisements. I don't want to spend my time on discussions with eLS. Personally for me I did all conclusions for the future.
-
u1tras Member Posts: 81 ■■■□□□□□□□SleepyLCTL said:u1tras said:.... From my perspective, the content for this money could and should be done much better. I expected much more from IHRP based on eLS stuff advertisements. I don't want to spend my time on discussions with eLS. Personally for me I did all conclusions for the future.Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
new2Sec Member Posts: 24 ■■□□□□□□□□Not only that, they will say digital property. You look you keep. No refund.
-
SexyLemur Member Posts: 9 ■■□□□□□□□□To whoever posted the comment below in the elearn forums, THANK YOU!!! Thats how I feel about IHRP." I think the bigger issue is that a lot of things were promised and not delivered on. While quality over quantity is certainly a valid argument, it is not addressing the main issue. As seen, elarnsecurity promised a number of things with this course, including "hours of videos". Now whether hours of videos were required for this course is certainly something to consider, but promising "hours of videos" among other things and not delivering on them is a significant violation of customer's trust. Quite frankly, if refunds were available, I would take one, and I certainly will not purchase any more courses from elearnsecurity in the future as it is clear they do not deliver what they promise, nor will I recommend this company to anyone. While you can respond however you want want, maybe take a step back and try and understand why your customers are frustrated. "
-
beads Member Posts: 1,533 ■■■■■■■■■□TL;DR much the above but my take on skipping the middle two sections here is that you get what you pay for? SANS versus eLearn? With SANS you know what your getting and has some name recognition to boot.- b/eads
-
SleepyLCTL Member Posts: 28 ■■■□□□□□□□I agree with infosec from ELS. Very well addressed, much better than my trials to argue.beads said:TL;DR much the above but my take on skipping the middle two sections here is that you get what you pay for? SANS versus eLearn? With SANS you know what your getting and has some name recognition to boot.- b/eadsI look at it from a side, where I either go with ELS which is maximum possible price I can pay and I expect high added value(because it's high price, but manageable), or I buy nothing and expect my employer to pay for e.g. SANS. ELS tries to fill the void of being reasonable priced, but with great value. This time they failed, therefore we revolt.Average guy cannot buy SANS, but they can ELS. That's what I call business competition.
-
ISOman Member Posts: 6 ■■□□□□□□□□Doesn't ELS only let you get to areas where you have purchased the course on the forum?
-
SleepyLCTL Member Posts: 28 ■■■□□□□□□□ISOman said:Doesn't ELS only let you get to areas where you have purchased the course on the forum?
-
SleepyLCTL Member Posts: 28 ■■■□□□□□□□Well, you can complain here. I have managed to get another course instead of IHRP. It's something. I hope it will kinda recover my hope in ELS.
-
SexyLemur Member Posts: 9 ■■□□□□□□□□@SleepyLCTL wait they credited you for a different course? I was going to ask to get credit to take the ecppt instead.
-
SleepyLCTL Member Posts: 28 ■■■□□□□□□□SexyLemur said:@SleepyLCTL wait they credited you for a different course? I was going to ask to get credit to take the ecppt instead.
-
SexyLemur Member Posts: 9 ■■□□□□□□□□Sounds fair to me. Ill be satisfied if they do the same with me.
-
securityorc Member Posts: 58 ■■■□□□□□□□I don't think I'll be able to get an exchange since I bought the course at half price during end of the year offer
-
Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□SleepyLCTL said:SexyLemur said:@SleepyLCTL wait they credited you for a different course? I was going to ask to get credit to take the ecppt instead.
I have done the same as well and ask for a refund or change to another course and I'm a very unhappy customer at this point in time.
I hope Armando is looking at this thread.
-
new2Sec Member Posts: 24 ■■□□□□□□□□Armando not on employee list. Maybe took all IHRL money and go. Or quit cause products more worse now. David Carmeci listed boss. I meet him at BH. Not IT or security person explain bad product.
-
Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□SleepyLCTL said:SexyLemur said:@SleepyLCTL wait they credited you for a different course? I was going to ask to get credit to take the ecppt instead.
@SleepyLCTL I have ask to swap to ewaptx instead and they agreed. -
new2Sec Member Posts: 24 ■■□□□□□□□□It obvious armando and els don't care about their products any more.
-
SleepyLCTL Member Posts: 28 ■■■□□□□□□□Well, at least some success. I am way more satisfied with PTX. Still... I think I maybe started understading methodology of ELS. They release course V1, which is getting better over time. That's why I liked PTPv4 because it's pretty huge. However IHRP... is nothing in comparison with that. Well... Now I have access to PTX and seems much more mature that IHRP, however... have seen only a tip of iceberg so far.IDK, I think their V1 courses are maybe not the best options. If it's a blackbox and no reviews available.
-
Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□SleepyLCTL said:Well, at least some success. I am way more satisfied with PTX. Still... I think I maybe started understading methodology of ELS. They release course V1, which is getting better over time. That's why I liked PTPv4 because it's pretty huge. However IHRP... is nothing in comparison with that. Well... Now I have access to PTX and seems much more mature that IHRP, however... have seen only a tip of iceberg so far.IDK, I think their V1 courses are maybe not the best options. If it's a blackbox and no reviews available.
i will spend abit more and go for offsec certifications moving forward. i hope to clear wapt and waptx and then awae. -
securityorc Member Posts: 58 ■■■□□□□□□□My thoughts after going through the course:Module 1 - Incident Handling OverviewGeneral IR stuff. Some cheatsheets at the end, but pretty basic. The 2 labs show 2 infection scenarios with different EDR software, GRR and Velociraptor, but are really similar. Could have combined them in a single lab.Module 2 - Network Traffic Flow & AnalysisDescribes IPv4 and IPv6 and network layer protocols. The accompanying lab is some basic PCAP analysis. A lot of material is spent on describing networking concepts and protocol headers. Surely an incident responder doesn't need another primer on TCP handshakes and the like, but it's there. Nothing unseen before, but points for showcasing ICMP tunneling. There's also an introduction to netflows and tools that can visualize flows.The labs are based on PCAP analysis and using Suricata rules, Bro scripts and Snort.Module 3 - Practical Incident HandlingStarts with a primer on information gathering. The OWA section is interesting but gone over briefly and this would have made a suitable lab. The scanning part that covers war dialing and port scanning...really? Waste of material for a course focused on practical IR, such knowledge should be a prerequisite. The same with the section on attacks where buffer overflows are explained.The best part of this section and of the course in my opinion is the part about explaining and detecting various AD attacks. And this should have been the most heavily labbed, but this section has no labs or accompanying practical resources.Module 4 - SOC 3.0 Operations & AnalyticsGoes over SIEM concepts. Has a useful event log section. The labs are Splunk and Helk-based. The one and only video of the course is in this section and showcases osquery.All in all, the course is not worth its full price. You can get the knowledge and build your own labs with open source resources. The hype was better than the execution in this case.My main criticisms are:- no memory forensics. The EDR addition should have opened up this option, but they're probably saving it for a dedicated course- no AD. In the most advanced incident response course of the world, you're looking at standalone hosts. I did not expect this. There are sections going over event logs and the like, but this is where the labs needed to shine! Go over lateral movement in the enterprise, compromised DCs, attacks against Exchange, AD recon, all these practical bits that are relevant to a modern enterprise environment are missing from the labs.@SleepyLCTL - How did you find the PTX content? In retrospect, and after reading other reviews, that one or the Threat Hunting course might have been a better choice for me.
-
Danielm7 Member Posts: 2,310 ■■■■■■■■□□Thanks @securityorc, sounds like a pass on this one. I was interested in it for one of my guys but looking at most of the content it seems like things he mostly already knows or could pick up otherwise pretty easily. I thought this was billed as having tons of labs?