elearnsecurity labs for THP and IHRP

mohamed194 · July 2021

Does anyone have a premium plan with INE is it worth it to buy for labs for incident response courses like IHRP THP and DFP ?

SteveLavoie · July 2021

I have a premium plan. I can look for you.. any question?

mohamed194 · July 2021

SteveLavoie said:

I have a premium plan. I can look for you.. any question?

Yeah i planning to take iHRP and THP exams so I am preparing for them so I am asking about the labs is it worth it to buy or I can build my own lab to prepare for the exam

SteveLavoie · July 2021

Well the value is very dependent on what you are looking for.. I think @chrisone did those certification. Maybe he could tell you more

chrisone · July 2021

Hi @mohamed194 , in regards to your questions I can provide some background of a few key items here:

1. INE Premium labs for IHRP, THP, DFP

I have taken IHRP & THP and have obtained both certifications. Simply put, both exams were difficult and there is no way I could have passed without the labs provided.
You can build out some types of labs, but that time should be better spent on studying the content.
To build out labs for IHRP & THP, you will need Splunk & ELK stack. You will also need data sets to practice.
IHRP also covers PCAP investigations. You will need some PCAPs with malicious traffic to practice investigating.
THPv2 you will need to get memory images of compromised hosts as you will need to practice investigating using Volatility.
Learn how to use SIGMA and create your own queries based on IOCs.
DFP, I have not taken and will reserve attempting to comment much on this topic.

2. 100% of the above you can spend several months putting this stuff together and attempt to cover the subjects in the course outline. When you are done you should probably make your own course as you would have pretty much spent the time doing so by going this route.

3. Buying the premium subscription, allows you to test the waters of all courses. You may find out you probably do not like blue team and decide to go red team. The options to try other courses and labs as offered to you via the subscription.

4. You "COULD" learn a lot building out Splunk and ELK, but that is not the focus of IHRP or THP courses. If you wanted to really learn how to build Splunk and ELK, each respective company has their own certs. Honestly, and no disrespect to INE, but I would value a Splunk or elastic co certification on managing those products over what INE offers. To be clear, INE's THP and IHRP courses are not about building Splunk or ELK. Those courses are about threat hunting and investigating by using Splunk and ELK.

5. I do not own or have purchased INE's premium subscription. I have been a long customer of elearnsecurity since 2013 and I have bought most of their courses before this subscription came out. As a non subscriber trying to convince you to get the subscription should tell you enough.

As mentioned before, people will tell you things like "build your own lab and you will learn more" not in this case. IHRP and THP have nothing to do with building these systems and you will be waisting your time. If you want to learn how to build Splunk and ELK, both those companies have courses and certs geared towards those goals.

I hope this helps and sorry for the long post, but there is a lot to unpack.

mohamed194 · July 2021

chrisone said:

Hi @mohamed194 , in regards to your questions I can provide some background of a few key items here:

1. INE Premium labs for IHRP, THP, DFP
I have taken IHRP & THP and have obtained both certifications. Simply put, both exams were difficult and there is no way I could have passed without the labs provided.
You can build out some types of labs, but that time should be better spent on studying the content.
To build out labs for IHRP & THP, you will need Splunk & ELK stack. You will also need data sets to practice.
IHRP also covers PCAP investigations. You will need some PCAPs with malicious traffic to practice investigating.
THPv2 you will need to get memory images of compromised hosts as you will need to practice investigating using Volatility.
Learn how to use SIGMA and create your own queries based on IOCs.
DFP, I have not taken and will reserve attempting to comment much on this topic.
2. 100% of the above you can spend several months putting this stuff together and attempt to cover the subjects in the course outline. When you are done you should probably make your own course as you would have pretty much spent the time doing so by going this route.

3. Buying the premium subscription, allows you to test the waters of all courses. You may find out you probably do not like blue team and decide to go red team. The options to try other courses and labs as offered to you via the subscription.

4. You "COULD" learn a lot building out Splunk and ELK, but that is not the focus of IHRP or THP courses. If you wanted to really learn how to build Splunk and ELK, each respective company has their own certs. Honestly, and no disrespect to INE, but I would value a Splunk or elastic co certification on managing those products over what INE offers. To be clear, INE's THP and IHRP courses are not about building Splunk or ELK. Those courses are about threat hunting and investigating by using Splunk and ELK.

5. I do not own or have purchased INE's premium subscription. I have been a long customer of elearnsecurity since 2013 and I have bought most of their courses before this subscription came out. As a non subscriber trying to convince you to get the subscription should tell you enough.

As mentioned before, people will tell you things like "build your own lab and you will learn more" not in this case. IHRP and THP have nothing to do with building these systems and you will be waisting your time. If you want to learn how to build Splunk and ELK, both those companies have courses and certs geared towards those goals.

I hope this helps and sorry for the long post, but there is a lot to unpack.

Thanks so much for your answer it clarifies a lot of things for me. I have taken certifications from ec-council ECIH and CHFI so I want to explore more with other certifications in blue teaming.I was thinking to go with elearnsecurity or CompTIA (cysa+)

JDMurray · July 2021

chrisone said:

5. I do not own or have purchased INE's premium subscription. I have been a long customer of elearnsecurity since 2013 and I have bought most of their courses before this subscription came out. As a non subscriber trying to convince you to get the subscription should tell you enough.

So these labs and certs are originally part of eLearnSecurity and did not originate with INE? I have INE All Access Pass where I work and I do not see any mention of labs or certifications in the INE dashboard.

yoba222 · July 2021

INE acquired the eLearn courses/labs in 2019.
https://ine.com/blogs/ine-news-updates/ine-expands-cybersecurity-content-with-elearnsecurity
IIRC the eLearn guy went over to HTB. Still not sure how I feel about this impacting the success and growth of the current eLearn offerings in INE, but the price is phenomenally cheaper now. $750 for one year access to everything eLearn had, which probably adds up to several thousand yesteryear dollars.

chrisone · July 2021

JDMurray said:

chrisone said:

5. I do not own or have purchased INE's premium subscription. I have been a long customer of elearnsecurity since 2013 and I have bought most of their courses before this subscription came out. As a non subscriber trying to convince you to get the subscription should tell you enough.
So these labs and certs are originally part of eLearnSecurity and did not originate with INE? I have INE All Access Pass where I work and I do not see any mention of labs or certifications in the INE dashboard.

Correct eLearnSecurity was its own entity prior to INE's purchase. The current list of Cyber Security course training in INE's catalog are all the previous courses from elearnsecurity.

eLearnSecurity still manages the cert/validation portion, while INE is providing the platform for course streaming and lab access.

I am not sure how it looks in the dashboard or how you would access the labs, but the premium license states you get lab access. You just need to purchase additional certification attempts, as I believe they now grant you one attempt with 1yr subscription.

chrisone · July 2021

yoba222 said:

INE acquired the eLearn courses/labs in 2019.
https://ine.com/blogs/ine-news-updates/ine-expands-cybersecurity-content-with-elearnsecurity
IIRC the eLearn guy went over to HTB. Still not sure how I feel about this impacting the success and growth of the current eLearn offerings in INE, but the price is phenomenally cheaper now. $750 for one year access to everything eLearn had, which probably adds up to several thousand yesteryear dollars.

It definitely is hard to tell what is going on now with eLearnSecurity course content. It is still very early and many changes have occurred.

eLearnSecurity used to have updated cycles and would have events on a yearly bases on courses that were due to be updated at that year. < (really tried to concise this sentence lol)
COVID, have to eliminate 2020 year cycle as most companies were making internal changes.
Many course instructors no longer work for elearnsecurity.
INE has hired a few new instructors.

There has been a lot of changes for them. Hoping the best for them and looking forward to any new content.

On another note, I just logged into the INE website and browsed their cyber security courses, saw a new Azure Pentesting course. Never heard of it and never knew they had something new, even if its entry level. Not sure how people want to look at that but never seen the marketing or promoting of this course by email or social media......

elearnsecurity labs for THP and IHRP

Comments