eLearnSecurity - IHRPv1 - Incident Handling and Reponse

eLearnSecurity is launching a new course focused on Incident Handling

Registration for the overview webinar is below.

https://www.elearnsecurity.com/resources/webinars/ihrpv1_preview

Find more posts tagged with

eLearnSecurity

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Penguineer

They said that they will release a new module every 2 weeks until the official March release date. No one asked how many labs there would be during the webinar, but I'll shoot them an email.

SleepyLCTL

u1tras said:

I hope this "later" will be before 31th December)

I don't think so, I guess it will take time to "stabilize" the content... I think the content is still living thing, they have a plan of what's going to be there, but can change... I just hope, that most of the content will be in Splunk/ELK and other tools. I hate "pcap labs" ...

u1tras

Penguineer said:

They said that they will release a new module every 2 weeks until the official March release date. No one asked how many labs there would be during the webinar, but I'll shoot them an email.

Agree, amount and quality (at least names) of the labs are very important. Please, share ELS answer here when you get a response.

u1tras

SleepyLCTL said:

u1tras said:

I hope this "later" will be before 31th December)

I don't think so, I guess it will take time to "stabilize" the content... I think the content is still living thing, they have a plan of what's going to be there, but can change... I just hope, that most of the content will be in Splunk/ELK and other tools. I hate "pcap labs" ...

Splunk/ELK would be great. There are plenty of different pcap labs in the Internet. But very small amount IR focused for Splunk/ELK.

SleepyLCTL

Okey, so I was not able to resist. I bought today. I went thru the first 50 slides, so far very good. Although the basics, I like the form same as in PTP, where everything is simple, directly applicable. I have already found one thing, which I am going to deploy in our company.

In next few days I will check out the rest and post more. However, at the first glance, I am satisfied, after some experience with pentesting and being a indirect T2 SOC responder, I find the material as very useful to broaden and "fine-tune" my IR knowledge, which is right now somehow very chaotic.

So far no info about the labs.

Penguineer

I couldn't get any information on the labs, but a couple of people have asked about the number of labs on twitter. Here's their response:

"... there will be labs for each topics covered in each modules of the course." and "... this course is lab-heavy, better be ready! The list of labs will be revealed along with the new course modules in the next weeks.

"

I did see a few PCAP files already available that you can download and inspect offline. There are no online labs at the moment. I'm just hoping that a majority of the labs will be online.

As far as the content of the first two modules, I would say that the content is pretty solid. There are a few grammatical errors, but they said that they are aware of them and will address them. If you're still on the fence, I'd recommend waiting until the 30th before buying. Hopefully they'll release another module and the lab listing by then.

Skyyyyy2001

This is the reply I got from eLS support:

The IHRP is a course in progress, so it is difficult to estimate the exact number of labs it will contain. If an analogy with another eLS course helps, it will certainly have the same amount of labs as PTPv5 and probably more.

u1tras

I've got the same answer from ELS about IHRP labs amount. Booked THP course today.

Skyyyyy2001

u1tras said:

I've got the same answer from ELS about IHRP labs amount. Booked THP course today.

@u1tras what're your thoughts so far for the given slides?

u1tras

Skyyyyy2001 said:

u1tras said:

I've got the same answer from ELS about IHRP labs amount. Booked THP course today.

@u1tras what're your thoughts so far for the given slides?

Slides looks pretty well so far. Give me a couple of days, I need to pass the material through my existent mindset. Will try to write a short review in THP thread after finishing the first module.

Skyyyyy2001

@SleepyLCTL any further updates or reviews? I am still holding on to purchase until end of the month

Penguineer

I finally got a response to my email. They said that they won't have a lab listing until March. At this point it's a gamble on how good the content/labs will be. However, eLearnSecurity does have a decent track record of producing quality courses.

The benefits of signing up now are:
1) Unlimited lab time ($299 value)
2) 50% off elite edition

I still suggest holding out until the end of December. Hopefully a new module or update comes out by then.

SleepyLCTL

Hi... ,

response from ELS:

The IHRP is a course in progress, so it is difficult to estimate the exact number of labs it will contain. If an analogy with another eLS course helps, it will certainly have the same amount of labs as PTPv5 and probably more.

A customized ELK stack, Splunk and OSquery are going to be heavily used in IHRP for endpoint analytics and anomaly/intrusion detection.
During IHRP the student will focus on practically leveraging those platforms for detection purposes ONLY. We are not going to dive a lot into each solutions’s architecture/full capabilities etc., because those concern a security engineer not an analyst. To conclude IHRP covers ELK/Splunk/Osquery from an analyst’s perspective only. There is no need to teach students everything about ELK/Splunk and Osquery.

The number of ELK/Splunk/Osquery labs is not known since a lot of topics related to them could be covered in videos or slides as well.

This is all the info we can provide you with…

I haven't had a time to finish the second available part. However, first available section quite well describes NIST guide - Incident response. The second part focuses on Layer 2 attack - therefore lots of info about ARP, MAC tables... some examples of ARP spoofing, finding a suspicious packets... I will write more once I finish the section and can make some conclusions.

Yeah, maybe I would wait for end of December, I can write you more about the concent, however.... if you want to get some hands on on this topic, this is the only easy/relatively affordable... I want to comfortably get to T2 SOC, and I think this is the least time consuming option. Yeah... I can build my own lab, like my colleague - but that would take me months. With this I believe I will grasp everything within 2 months and with my previous experience I can get comfortable in this position. So... I guess you can either build your own lab and have it free (how much does your time cost?) or you can invest into this... and hopefully get the same similar results... (+ as mentioned in ELS answer... building a lab - that's SecEnginner job, not analyst... good to know? Definitively! Do I have time for everything? No one has!)

r3nzsec

So everyone is waiting for the exact lab information for this IHRP course and ELS stated that the official release of the complete course will be on March, for me it is safe to say that the price offer for this month plus the unlimited lab for all existing students are quite amazing and fair enough. Knowing how ELS made a tremendous effort on building lab exercises, and myself have gone through several courses (PTS, DFP) and currently taking eCPPT, I would say that this course will be worth it. I've done GCIH last year and I would say I will still get this course for me. I've encountered these topics to a lot of interviews just this year for a Senior SOC position and I do believe that this course will eventually a life saver for all blue teamers out there!

u1tras

Just got a personalized offer for existing students with 50% off and unlimited labs time. Considering quality of THP course I'm seriously thinking of taking IHRP course. I'll make my final decision after completing the first section of THP course as I also want to check video and labs.

u1tras

"A customized ELK stack, Splunk and OSquery are going to be heavily used in IHRP for endpoint analytics and anomaly/intrusion detection" - that's exactly what I wanted to hear from ELS

Skyyyyy2001

SleepyLCTL said:

Hi... ,
response from ELS:
The IHRP is a course in progress, so it is difficult to estimate the exact number of labs it will contain. If an analogy with another eLS course helps, it will certainly have the same amount of labs as PTPv5 and probably more.

A customized ELK stack, Splunk and OSquery are going to be heavily used in IHRP for endpoint analytics and anomaly/intrusion detection.
During IHRP the student will focus on practically leveraging those platforms for detection purposes ONLY. We are not going to dive a lot into each solutions’s architecture/full capabilities etc., because those concern a security engineer not an analyst. To conclude IHRP covers ELK/Splunk/Osquery from an analyst’s perspective only. There is no need to teach students everything about ELK/Splunk and Osquery.

The number of ELK/Splunk/Osquery labs is not known since a lot of topics related to them could be covered in videos or slides as well.

This is all the info we can provide you with…
I haven't had a time to finish the second available part. However, first available section quite well describes NIST guide - Incident response. The second part focuses on Layer 2 attack - therefore lots of info about ARP, MAC tables... some examples of ARP spoofing, finding a suspicious packets... I will write more once I finish the section and can make some conclusions.

Yeah, maybe I would wait for end of December, I can write you more about the concent, however.... if you want to get some hands on on this topic, this is the only easy/relatively affordable... I want to comfortably get to T2 SOC, and I think this is the least time consuming option. Yeah... I can build my own lab, like my colleague - but that would take me months. With this I believe I will grasp everything within 2 months and with my previous experience I can get comfortable in this position. So... I guess you can either build your own lab and have it free (how much does your time cost?) or you can invest into this... and hopefully get the same similar results... (+ as mentioned in ELS answer... building a lab - that's SecEnginner job, not analyst... good to know? Definitively! Do I have time for everything? No one has!)

Thanks so much for sharing - guess the best bet is to wait till end of dec

securityorc

I'm also very interested to hear more opinions about this one, as I'm considering to get it because that 50% discount is a rare opportunity. I can't decide based on the syllabus and demo alone, I've worked in incident response, so I want to make sure I will get value and new skills out of it.

u1tras

When the next 2 modules of the course will be released? Does anybody know?

SleepyLCTL

u1tras said:

When the next 2 modules of the course will be released? Does anybody know?

Well, I am still having only the initial modules available. I guess they won't make it till New Year. IDK, I bought it, I expect a lot, after eCPPT and OSCP and Comptia courses I have taken I believe they will deliver the best value. Let's see.

u1tras

SleepyLCTL said:

u1tras said:

When the next 2 modules of the course will be released? Does anybody know?

Well, I am still having only the initial modules available. I guess they won't make it till New Year. IDK, I bought it, I expect a lot, after eCPPT and OSCP and Comptia courses I have taken I believe they will deliver the best value. Let's see.

eLS promised to release 2 new modules every 2 weeks. The launch webinar was exactly 2 weeks ago.

SleepyLCTL

u1tras said:

SleepyLCTL said:

u1tras said:

When the next 2 modules of the course will be released? Does anybody know?

Well, I am still having only the initial modules available. I guess they won't make it till New Year. IDK, I bought it, I expect a lot, after eCPPT and OSCP and Comptia courses I have taken I believe they will deliver the best value. Let's see.

eLS promised to release 2 new modules every 2 weeks. The launch webinar was exactly 2 weeks ago.

I checked ELS forum, someone asked Dimitros, when can we expect new materials, he said we should expect new content every 2 weeks as was mentioned in the webinar. Well, I was expecting something like.. Yeah, we gonna do a release every 3rd Monday or so, however he just said what he said without a clear answer. So... who knows. Today? Tomorrow? Who knows.

u1tras

Answer from eLS on Twitter: "Indeed, it'll be released in the next couple of days. Stay tuned!"

r3nzsec

I've also purchased the course. The 2 modules served as a review for some basic of IR processes. I really love how ELS explain things as easy as possible. I can wait for them to complete the whole course while I am taking eCPPT so I don't mind having limited IHRP slides and labs for now

For those blue teamers out there, you won't miss this course specially the great deal offer this month!

u1tras

Agree with @r3nzsec. I will take it too, before 31th December.

Skyyyyy2001

Guys, I took the courage and used up my next year training budget by signing up for this course. I hope this is the right decision as I have high hopes for eLS courses

Happy new year in advance to all!

securityorc

For those who took eLS courses before, what was your opinion of the labs? Were they different than the examples shown in the courses and sufficiently challenging? I'm still undecided about this one.

chrisone

Does anyone know what training paths the IHRP course will fulfill? obviously the indicent responder but wondering if it covers other training paths such as purple team or enterprise defender. I emailed elearnsecurity so if I find out soon, I will reply here.

edit:
got a response.

"Chris,

Sorry, I do not have the answer for your questions, we will announce this a soon as we release the complete content on March 2019."

Hmmm still debating this course, I guess I have 40 some hours to make a decision.

chrisone

Last day, I caved in and bought the course. I doubt I will be able to get to it in 2019, but should be a fantastic hands on course/certification based on incident handling/threat hunting/SOC. Good luck to everyone on this path.

securityorc

I also bought it. I have some other certs to knock off before getting to this one though, so it suits me well that they won't release it until March. Here's to a solid return on investment!