The REvil (also known as Sodinokibi) ransomware operation has taken the spotlight in recent years. The Russian group operates by direct attacks, and also in a ransomware-as-a-service (RaaS) model, through affiliates who provide access to networks, carry out ransomware attacks or negotiate on behalf of REvil. In the RaaS model, [...]
Our aim is to give our students hands-on, real-life oriented practical knowledge that can instantly be used by those who play – or wish to play – a role in the security team in an enterprise environment.
Throughout the course we illustrate and analyse the individual steps of the defence procedure through the incident management of a lifelike APT attack – how the subsequent phases are structured, how they interact, and what roles this necessitates on the personnel side. We study in detail the following Blue Team and SOC (Security Operations Center) roles: L1 analyst; Threat intelligence analyst; L2 analyst; Forensics and Network forensics experts; Malware analyst; Threat Hunter; SOC system administrator, coordinator and manager; CISO.