Training and Technical Courses

Introduction

CIRCL offers courses to its members and organizations based in Luxembourg.

In their mission to improve information security, CIRCL is sharing its field experience through a set of training or technical courses. Due to diversity of competences within the team, CIRCL is able to provide a large diversity of information security trainings. Courses target technical experts but also non-technical staff in the topics of incident handling, malware analysis, operational security and system forensics.

CIRCL sees the trainings and technical course as a great opportunity to learn from their partners, too, and to improve the security handling procedures. By attending the courses, partners are not only helping their own organization but also the overall security in Luxembourg (i.e. it is beneficial for both the organization and CIRCL if the technical staff is prepared for Incident Response).

Courses can be held at CIRCL’s training room or the premises of the organization unless specific requirements are noted.

Courses however have specific requirements in terms of technical equipment. These requirements are specified in the course description or will be specified before the course starts.

CIRCL provides these courses under tailored terms and conditions in order to fit your organizational structure. Don’t hesitate to contact us for more information.

Training catalogue 2016 in PDF format.

Training Available

Introduction to Incident Response

Abstract
Incident detection and response introduction theory and practical examples from concrete incidents. The training includes an overview of the most common type of incidents encountered in Luxembourg.
Goals
  • How are the majority of security incidents detected
  • How to secure evidences after detecting an incident
  • How to perform acquisition of evidences (file-system, memory and network)
  • How to interact with local CERTs and/or international CERTs
  • How to balance remediation with incident response
Who
IT department staff and manager - Local Incident Response Team
Level
IT support - basic knowledge of operating systems is required
Duration
3 hours
Language
English, French, German or Luxembourgish

File-system Post-mortem Forensic Analysis

Abstract
Forensic Analysis is based on the assumption that everything leaves a trace behind. A trace in an information system can be any data that helps to identify space and time actions. Post mortem analysis is a key tool to discover and analyse security incidents. This course will teach the participant on how to find answers to what has happened by analysing different layer from the physical medium to the file system up to the application level.
Goals
  • Perform disk acquisition the right way
  • Introduce to file system analysis (NTFS/FAT)
  • Analyse operating system artifacts (MS Windows)
  • Find evidences in communication applications (e.g. browser or chat history)
Who
IT department staff - Local Incident Response Team
Level
Knowledge of operating systems and IT security is required
Duration
8 hours
Language
English, German

Digital Privacy Salon

Abstract
A digital privacy salon aims to present and explain how to use secure communication tools along with good Internet hygiene and understanding the associated risks.
Goals
  • Learning how to securely use:
  • Browsers (e.g. HTTPS, plugins, passwords, tracking, phishing)
  • Instant messaging (e.g. OTR, Cryptocat)
  • Emails (e.g. virus, spam, encryption (PGP - GnuPG))
  • Mobile devices (e.g. tracking, secure communication)
  • Disk encryption (e.g. FireVault, Bitlocker, LUKS, truecrypt)
  • Online and offline exchange of data (e.g. USB, Sharing platforms)
  • Network encryption (e.g. VPN, Tor)
Who
Citizens using IT equipment
Level
Beginner or Advanced
Duration
2 hours
Language
English, French, Luxembourgish, German

Introduction to Penetration Testing

Abstract
Besides classical security techniques like firewalls, VPN, AV among many others, offensive security is also a mandatory ability nowadays. This course gives an overview on how attackers prepare and execute a targeted attack. APT - Advanced Persistent Threats turn into the most critical risk for companies, today. This course will help the security responsible to see their corporate network from the attackers point of view and choose the necessary security mechanisms.
Goals
Learn to attack your network before others do
Who
IT security teams and administrators
Level
Good level of IT security
Duration
8 hours
Language
English, German

Introduction to (Malware) Reverse Engineering

Abstract
It is not unusual to detect unknown software on computer systems. Identifying if the software is malicious or benign is a critical (and expensive) task. This course aims to develop skills to perform basic Malware Reverse Engineering.
The goal of this course is to set up a malware laboratory for each student and to get introduced into the most successful malware reverse engineering strategies.
Goals
  • Get an overview of malware analysis techniques
  • Create a custom lab environment
  • Be able to collect indicators if a file is malicious or benign
  • Develop strategies to collect Indicators of Compromise (IOCs)
  • Build-up some solid grounds for further studies
Not in scope
  • Learn x86 assembler
  • Get deep into reverse engineering
Who
Security Engineers, Administrators, Managers
Prerequisites
  • Linux/UNIX experience
  • Good knowledge of Windows internals
  • Knowledge about control flows in programming languages
  • Understanding of TCP/IP networks, DNS, proxy, firewall
  • Very basic x86 assembler understanding is an advantage
Duration
16 hours or 24 hours
Language
English, German

MISP Malware Information Sharing Platform - Threat Sharing

Abstract
MISP is an advanced platform for sharing, storing and correlating Indicators of Compromises (IOCs) from attacks and cybersecurity threats. Today, MISP is used in multiple organizations to store, share, collaborate on malware, and also to use the IOCs to detect and prevent attacks. The aim of this trusted platform is to help improving the countermeasures used against targeted attacks and set up preventive actions. MISP becomes a full-feature information and threat sharing platform to support operational and tactical cybersecurity intelligence.
The training will show the platform, its functionalities and demonstrate how to benefit most from sharing, commenting and contributing on it. At the end of the day, every participant will be knowledgeable in information sharing about cybersecurity threats and become a proficient MISP user and threat intel handler.
Goals
  • MISP usage how it can be used to support your operational cybersecurity intelligence. A practical overview of MISP and how to use it from a user perspective.
  • MISP interfaces and API. How to use and extend MISP to support your information security operational teams using programmatic interfaces.
  • Be part of the MISP future, how to contribute to MISP not only as a developer but as an active contributor (from documentation to taxonomies).
Who
Security Engineers, ICT Administrators, …
Prerequisites
Good knowledge of information security fundamentals
Duration
4:30 hours
Language
English

How can I register for a training

If you would like to register for a training, you can contact us. Training are organized on request per organization, granting a safe and friendly place for open discussion about incident handling.