eLearnSecurity - IHRPv1 - Incident Handling and Reponse

1246

Comments

  • SexyLemurSexyLemur Member Posts: 9 ■■□□□□□□□□
    And for clarity that 1 video is like 32 minutes....how the heck is that "hours of videos". 
  • SleepyLCTLSleepyLCTL Member Posts: 28 ■■■□□□□□□□
    Agreed, my main problem, on a contrary is the quality of the slides. I just cannot accept the fact, that PTP had so much info in it and these slides feels like 1/5 of book is empty sides. I just went thru everything... and ... learned nothing.

  • SexyLemurSexyLemur Member Posts: 9 ■■□□□□□□□□
    edited April 2019
    I haven't really gone through the slides to make a comment on it tbh. I was going to start this week since now I had time however from the previous comments on the post, it sounds worrying to me . Ive only gone through 1 module and half of the second. Its been okay but just okay. 
  • SexyLemurSexyLemur Member Posts: 9 ■■□□□□□□□□
    edited April 2019
    I'm not a fan of "death by PowerPoint" unless those are grouped with labs and video . However so far it feels that way and only 1 video and 8/9 labs is not enough...
  • SleepyLCTLSleepyLCTL Member Posts: 28 ■■■□□□□□□□
    Let's see, I am not going to give up on this. I believe, other people in this thread will find out our findings relatable.
  • SexyLemurSexyLemur Member Posts: 9 ■■□□□□□□□□
    Yeah I moved my comment and posted it on a new forum. Thought it deserved its own forum since its a valid complaint about the course. 
  • u1trasu1tras Member Posts: 81 ■■■□□□□□□□
    @SleepyLCTL, I've just finished reading your thread on ELS forum. This is a key phrase from Dimitrios: "I have an obligation to support students questions regarding course matters. I would really like to spend more time but this is the last time i comment on IHRP's contents".
    Dimitrios also has arguments agains all your and mine objections: 
    "Not enough slides?" - to describe blue side I just need less slides than for red. Really? I didn't mention that SANS blue courses are less than red. "Just 8 labs instead of promised 30?" - each lab is twice bigger than in PTP. Ok, it's 16. Where are another 16 labs?
    "Not enough SOC stuff?" - you are not a manager/engineer, it's not your concern. Ok, maybe, but even for SOC analysts these topics should be covered, at least in general.
    Section "Practical Incident Handling" is my favourite. 0 labs. Maybe it should be renamed to "Theoretical Incident Handling"?
    Summarizing, you expectations from the course are just your expectations. From my perspective, the content for this money could and should be done much better. I expected much more from IHRP based on eLS stuff advertisements. I don't want to spend my time on discussions with eLS. Personally for me I did all conclusions for the future.
    Certs: OSCP, eCTHP
    2019 Goals:
    eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610
  • SleepyLCTLSleepyLCTL Member Posts: 28 ■■■□□□□□□□
    u1tras said:
    .... From my perspective, the content for this money could and should be done much better. I expected much more from IHRP based on eLS stuff advertisements. I don't want to spend my time on discussions with eLS. Personally for me I did all conclusions for the future.
    Thanks for your opinion. However, please raise the voice at least once... I spend plenty of money for that and I am not going to give up.
  • u1trasu1tras Member Posts: 81 ■■■□□□□□□□
    u1tras said:
    .... From my perspective, the content for this money could and should be done much better. I expected much more from IHRP based on eLS stuff advertisements. I don't want to spend my time on discussions with eLS. Personally for me I did all conclusions for the future.
    Thanks for your opinion. However, please raise the voice at least once... I spend plenty of money for that and I am not going to give up.
    Ok, give me some time I will write my opinion on the forum. But, I'm sure there will be no effect.
    Certs: OSCP, eCTHP
    2019 Goals:
    eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610
  • new2Secnew2Sec Member Posts: 24 ■■□□□□□□□□
    Not only that, they will say digital property. You look you keep. No refund. 
  • SleepyLCTLSleepyLCTL Member Posts: 28 ■■■□□□□□□□
    I can spam bad reviews to internet the whole day. :smiley:
  • SexyLemurSexyLemur Member Posts: 9 ■■□□□□□□□□
    edited April 2019
    To whoever posted the comment below in the elearn forums, THANK YOU!!! Thats how I feel about IHRP.


    " I think the bigger issue is that a lot of things were promised and not delivered on. While quality over quantity is certainly a valid argument, it is not addressing the main issue. As seen, elarnsecurity promised a number of things with this course, including "hours of videos". Now whether hours of videos were required for this course is certainly something to consider, but promising "hours of videos" among other things and not delivering on them is a significant violation of customer's trust. Quite frankly, if refunds were available, I would take one, and I certainly will not purchase any more courses from elearnsecurity in the future as it is clear they do not deliver what they promise, nor will I recommend this company to anyone. While you can respond however you want want, maybe take a step back and try and understand why your customers are frustrated. "
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    TL;DR much the above but my take on skipping the middle two sections here is that you get what you pay for? SANS versus eLearn? With SANS you know what your getting and has some name recognition to boot.

    - b/eads
  • SleepyLCTLSleepyLCTL Member Posts: 28 ■■■□□□□□□□
    I agree with infosec from ELS. Very well addressed, much better than my trials to argue.

    beads said:
    TL;DR much the above but my take on skipping the middle two sections here is that you get what you pay for? SANS versus eLearn? With SANS you know what your getting and has some name recognition to boot.

    - b/eads
    Well, I would disagree, SANS might be perfect, but it is ridiculously expensive. ELS came with different approach. They deliver same or better value for lower money, that's why they were successful so far, with "lower" budget customers - usually endpoints users, not business customers.

    I look at it from a side, where I either go with ELS which is maximum possible price I can pay and I expect high added value(because it's high price, but manageable), or I buy nothing and expect my employer to pay for e.g. SANS. ELS tries to fill the void of being reasonable priced, but with great value. This time they failed, therefore we revolt.

    Average guy cannot buy SANS, but they can ELS. That's what I call business competition.
  • ISOmanISOman Member Posts: 6 ■■□□□□□□□□
    Doesn't ELS only let you get to areas where you have purchased the course on the forum?
  • SleepyLCTLSleepyLCTL Member Posts: 28 ■■■□□□□□□□

    ISOman said:
    Doesn't ELS only let you get to areas where you have purchased the course on the forum?
    Yes, I have access to PTP and IHRP.
  • ISOmanISOman Member Posts: 6 ■■□□□□□□□□
    good catch 22 then as you can only complain ONCE you purchase lol
  • SleepyLCTLSleepyLCTL Member Posts: 28 ■■■□□□□□□□
    Well, you can complain here. I have managed to get another course instead of IHRP. It's something. I hope it will kinda recover my hope in ELS.
  • SexyLemurSexyLemur Member Posts: 9 ■■□□□□□□□□
    @SleepyLCTL wait they credited you for a different course? I was going to ask to get credit to take the ecppt instead.
  • SleepyLCTLSleepyLCTL Member Posts: 28 ■■■□□□□□□□
    SexyLemur said:
    @SleepyLCTL wait they credited you for a different course? I was going to ask to get credit to take the ecppt instead.
    I asked for refund, did not get that, however he offered me with an alternative to choose something else. I chose ecpx as I already have ecppt. I find it fair.
  • SexyLemurSexyLemur Member Posts: 9 ■■□□□□□□□□
    Sounds fair to me. Ill be satisfied if they do the same with me. 
  • securityorcsecurityorc Member Posts: 58 ■■■□□□□□□□
    I don't think I'll be able to get an exchange since I bought the course at half price during end of the year offer
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    edited April 2019
    SexyLemur said:
    @SleepyLCTL wait they credited you for a different course? I was going to ask to get credit to take the ecppt instead.
    I asked for refund, did not get that, however he offered me with an alternative to choose something else. I chose ecpx as I already have ecppt. I find it fair.

    I have done the same as well and ask for a refund or change to another course and I'm a very unhappy customer at this point in time. 

    I hope Armando is looking at this thread.

  • new2Secnew2Sec Member Posts: 24 ■■□□□□□□□□
    Armando not on employee list. Maybe took all IHRL money and go. Or quit cause products more worse now. David Carmeci listed boss. I meet him at BH. Not IT or security person explain bad product.
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    SexyLemur said:
    @SleepyLCTL wait they credited you for a different course? I was going to ask to get credit to take the ecppt instead.
    I asked for refund, did not get that, however he offered me with an alternative to choose something else. I chose ecpx as I already have ecppt. I find it fair.

    @SleepyLCTL I have ask to swap to ewaptx instead and they agreed.
  • new2Secnew2Sec Member Posts: 24 ■■□□□□□□□□
    It obvious armando and els don't care about their products any more. 
  • SleepyLCTLSleepyLCTL Member Posts: 28 ■■■□□□□□□□
    edited April 2019
    Well, at least some success. I am way more satisfied with PTX. Still... I think I maybe started understading methodology of ELS. They release course V1, which is getting better over time. That's why I liked PTPv4 because it's pretty huge. However IHRP... is nothing in comparison with that. Well... Now I have access to PTX and seems much more mature that IHRP, however... have seen only a tip of iceberg so far.

    IDK, I think their V1 courses are maybe not the best options. If it's a blackbox and no reviews available.
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    Well, at least some success. I am way more satisfied with PTX. Still... I think I maybe started understading methodology of ELS. They release course V1, which is getting better over time. That's why I liked PTPv4 because it's pretty huge. However IHRP... is nothing in comparison with that. Well... Now I have access to PTX and seems much more mature that IHRP, however... have seen only a tip of iceberg so far.

    IDK, I think their V1 courses are maybe not the best options. If it's a blackbox and no reviews available.

    i will spend abit more and go for offsec certifications moving forward. i hope to clear wapt and waptx and then awae.
  • securityorcsecurityorc Member Posts: 58 ■■■□□□□□□□
    My thoughts after going through the course:

    Module 1 - Incident Handling Overview

    General IR stuff. Some cheatsheets at the end, but pretty basic. The 2 labs show 2 infection scenarios with different EDR software, GRR and Velociraptor, but are really similar. Could have combined them in a single lab.

    Module 2 - Network Traffic Flow & Analysis

    Describes IPv4 and IPv6 and network layer protocols. The accompanying lab is some basic PCAP analysis. A lot of material is spent on describing networking concepts and protocol headers. Surely an incident responder doesn't need another primer on TCP handshakes and the like, but it's there. Nothing unseen before, but points for showcasing ICMP tunneling. There's also an introduction to netflows and tools that can visualize flows.

    The labs are based on PCAP analysis and using Suricata rules, Bro scripts and Snort.

    Module 3 - Practical Incident Handling

    Starts with a primer on information gathering. The OWA section is interesting but gone over briefly and this would have made a suitable lab. The scanning part that covers war dialing and port scanning...really? Waste of material for a course focused on practical IR, such knowledge should be a prerequisite. The same with the section on attacks where buffer overflows are explained.

    The best part of this section and of the course in my opinion is the part about explaining and detecting various AD attacks. And this should have been the most heavily labbed, but this section has no labs or accompanying practical resources.

    Module 4 - SOC 3.0 Operations & Analytics

    Goes over SIEM concepts. Has a useful event log section. The labs are Splunk and Helk-based. The one and only video of the course is in this section and showcases osquery.

    All in all, the course is not worth its full price. You can get the knowledge and build your own labs with open source resources. The hype was better than the execution in this case.

    My main criticisms are:

    - no memory forensics. The EDR addition should have opened up this option, but they're probably saving it for a dedicated course
    - no AD. In the most advanced incident response course of the world, you're looking at standalone hosts. I did not expect this. There are sections going over event logs and the like, but this is where the labs needed to shine! Go over lateral movement in the enterprise, compromised DCs, attacks against Exchange, AD recon, all these practical bits that are relevant to a modern enterprise environment are missing from the labs.

    @SleepyLCTL - How did you find the PTX content? In retrospect, and after reading other reviews, that one or the Threat Hunting course might have been a better choice for me.
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Thanks @securityorc, sounds like a pass on this one. I was interested in it for one of my guys but looking at most of the content it seems like things he mostly already knows or could pick up otherwise pretty easily. I thought this was billed as having tons of labs?
Sign In or Register to comment.