The Internet is full of powerful hacking tools and bad guys using them extensively. If your organisation has an Internet connection and one or two disgruntled employees (and whose does not!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth.

No events to show


In association with SANS Institute, PwC is pleased to showcase SANS Information security training within our course portfolio.

This course enables you to turn the tables on computer attackers by helping you to understand their tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan. It addresses the latest cutting-edge insidious attack vectors, the “oldie-butgoodie” attacks that are still prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course provides a timetested, step-by-step process for responding to computer incidents, and a detailed description of how attackers undermine systems so you can prepare for, detect, and respond to them.

In addition, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence. Finally, students will participate in a hands-on workshop that focuses on scanning, exploiting, and defending systems.

This course will enable you to discover the holes in your system before the bad guys do! 
The course is particularly well-suited to individuals who lead or are a part of an incident handling team. General security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks. 

Who Should Attend

  • Incident handlers
  • Leaders of incident handling teams
  • System administrators who are on the front lines defending their systems and responding to attacks
  • Other security personnel who are first responders when systems come under attack

You Will Be Able To:

  • Apply incident handling processes in-depth, including preparation, identification, containment, eradication, and recovery, to protect enterprise environments
  • Analyse the structure of common attack techniques in order to evaluate an attacker’s spread through a system and network, anticipating and thwarting further attacker activity
  • Utilise tools and evidence to determine the kind of malware used in an attack, including rootkits, backdoors, and trojan horses, choosing appropriate defences and response tactics for each
  • Use built-in command-line tools such as Windows tasklist, wmic, and reg as well as Linux netstat, ps, and lsof to detect an attacker’s presence on a machine
  • Analyse router and system ARP tables along with switch CAM tables to track an attacker’s activity through a network and identify a suspect
  • Use memory dumps and the Volatility tool to determine an attacker’s activities on a machine, the malware installed, and other machines the attacker used as pivot points across the network
  • Gain access to a target machine using Metasploit, and then detect the artifacts and impacts of exploitation through process, file, memory, and log analysis
  • Analyse a system to see how attackers use the Netcat tool to move files, create backdoors, and build relays through a target environment
  • Run the Nmap port scanner and Nessus vulnerability scanner to find openings on target systems, and apply tools such as tcpdump and netstat to detect and analyse the impacts of the scanning activity
  • Apply the tcpdump sniffer to analyse network traffic generated by a covert backdoor to determine an attacker’s tactics
  • Employ the netstat and lsof tools to diagnose specific types of traffic-flooding denial-of-service techniques and choose appropriate response actions based on each attacker’s flood technique
  • Analyse shell history files to find compromised machines, attacker-controlled accounts, sniffers, and backdoors 

For more information please click HERE

When registering please enter the registration code PWCNZ18

Session Information 

Monday, 3 September - Saturday, 8 September
9:00am - 7:15pm (Day 1)
9:00am - 5:00pm (Days 2-6)
37 CPEs
Laptop Required
Instructor: Steve Anson

Similar courses

Elearning Anti-money laundering
SANS ICS515: ICS Active Defense and Incident Response
Register interest Managing digital and cyber security risks