Hacker Tools, Techniques, and Incident Handling (SEC504) Online Training

This intermediate SEC504 training prepares learners to detect and respond to threats that your company will inevitably face in the digital realm, deploying a dynamic response according to the attack.

It's a cliche to claim that the best defense is a strong offense, but in the case of digital security it's a cliche that's as true as it's ever been. One of the most fundamental skills a security administrator can gain is an understanding of the tools that hostile actors use to penetrate networks and extract valuable information.

This training on hacker tools, techniques and incident handling is about recognizing the strengths and limitations of tools that will be deployed against you and your network so that you can prevent them before they occur, stop them when they do, and understand what happened afterward.

After finishing the videos in this SEC504 training, you'll know how to detect and respond to threats that your company will inevitably face in the digital realm, deploying a dynamic response according to the attack.

For anyone who leads an IT team, this Cyber Security training can be used to onboard new security admins, curated into individual or team training plans, or as a Cyber Security reference resource.

SEC504: What You Need to Know

This SEC504 training has videos that cover cybersecurity tools, techniques, and topics including:

Minimizing loss to your company and organization after a digital attack
Building necessary protections to prevent and identify digital attacks
Applying dynamic approaches to incident response to slow, mitigate, prevent, or respond to attacks on the fly
Extracting useful information after an attack and generating useful reports

Who Should Take SEC504 Training?

This SEC504 training is considered associate-level Cyber Security training, which means it was designed for security admins. This incident response skills course is designed for security admins with three to five years of experience with cybersecurity tools and techniques.

New or aspiring security admins. Taking a course like this in hacker tools, techniques, and incident handling is a little bit like taking cooking classes from Gordon Ramsey before you've moved past Mac 'n Cheese in your cooking ability. You'll learn a ton, but a lot of what you'll learn is a way of thinking about cybersecurity that can eventually be applied to your career.

Experienced security admins. A security administrator with about five years of experience is the perfect audience for this course in hacker tools, techniques, and incident handling. At that point in your career, you're leaving behind the rote button-clicking and report-running of an early-career and approaching the dynamic, threat anticipation of a security engineer. Use this course to launch yourself into a more exciting and fulfilling cybersecurity career.

Skill:
Incident Response
- 1. Incident response
  1 min
- 2. Incident Handling Process
  7 mins
- 3. Preparing for the Incident
  5 mins
- 4. Event Detection
  6 mins
- 5. Eradicate and Recover
  6 mins
- 6. Writing Everything Up
  8 mins
- 7. When is it a Legal Problem?
  5 mins
- 8. Interfacing With Law Enforcement
  5 mins
Skill:
Digital Investigations
- 1. Digital Investigations
  2 mins
- 2. Identify Digital Evidence
  7 mins
- 3. Understanding the Disc
  7 mins
- 4. Basics of Coding
  7 mins
- 5. Network Devices
  7 mins
- 6. Operating Systems
  8 mins
- 7. Reading Materials
  4 mins
Skill:
Live Examination
- 1. Live Examination
  1 min
- 2. Approaching the System
  6 mins
- 3. Working with FTK
  10 mins
- 4. Working with EnCase
  4 mins
- 5. Watching the System Talk
  8 mins
- 6. Cloning a System
  11 mins
- 7. Moving to the Next Step
  4 mins
Skill:
Network Investigations
- 1. Network Investigations
  1 min
- 2. Session Monitoring
  8 mins
- 3. Too Many Connections
  10 mins
- 4. Knowing the Boundaries
  6 mins
- 5. Packet Reading Basics
  11 mins
- 6. Network Analysis WITH SSL/TLS
  6 mins
Skill:
Memory Investigations
- 1. Memory Investigations
  2 mins
- 2. How RAM Operates
  8 mins
- 3. Volatile Memory
  9 mins
- 4. Extracting the Memory
  9 mins
- 5. Volatility
  10 mins
- 6. Comparing to the System
  5 mins
Skill:
Malware Investigations
- 1. Malware Investigations
  1 min
- 2. Know the Enemy
  6 mins
- 3. Malware Alert!
  6 mins
- 4. Finding the Malware
  9 mins
- 5. The Hunt Begins
  7 mins
- 6. What’s in the Payload?
  5 mins
- 7. Find the Evidence on the Network
  9 mins
- 8. Report the Findings
  2 mins
Skill:
Cloud Investigations
- 1. Cloud Investigations
  2 mins
- 2. Identifying the Different Clouds
  7 mins
- 3. Specializing Those Clouds
  5 mins
- 4. Where is the cloud?
  9 mins
- 5. Where are we going?
  9 mins
- 6. Understand the flow
  7 mins
- 7. Tool Usage
  5 mins
Skill:
Federal Rules of Evidence
- 1. Federal Rules of Evidence
  6 mins
- 2. Daubert Standard
  12 mins
- 3. Rule 702
  6 mins
- 4. Rule 701
  5 mins
- 5. Rule 901
  6 mins
- 6. Rule 902
  5 mins
- 7. Tying it all together
  4 mins
Skill:
MITRE ATT&CK Framework Introduction
- 1. MITRE ATT&CK Framework Introduction
  1 min
- 2. Damage Assessment
  8 mins
- 3. Enter the Matrix
  9 mins
- 4. Organizational Assessment
  10 mins
- 5. Whose Fault is it?
  9 mins
- 6. Moving to Contain
  9 mins
Skill:
Open-Source Intelligence
- 1. Open-Source Intelligence
  2 mins
- 2. Open-Source Legality
  5 mins
- 3. Public Records
  8 mins
- 4. Publications and Other Print
  9 mins
- 5. Walking Around the Neighborhood
  5 mins
- 6. The Google
  6 mins
- 7. Time Traveling
  5 mins
- 8. Technical Recon
  7 mins
Skill:
DNS Interrogation
- 1. DNS Interrogation
  1 min
- 2. What is DNS?
  7 mins
- 3. DNS records
  5 mins
- 4. Hijacking DNS
  10 mins
- 5. Crafting DNS Packets
  6 mins
- 6. Verify the DNS
  7 mins
- 7. Zone Transfers
  4 mins
- 8. DNS Defenses
  6 mins
Skill:
Website Reconnaissance
- 1. Website Reconnaissance
  3 mins
- 2. Understand the Structure
  9 mins
- 3. HTML Basics
  9 mins
- 4. Behind the Scenes
  7 mins
- 5. Crawling Around
  9 mins
- 6. Network Signatures
  5 mins
Skill:
Network and Host Scanning with Nmap
- 1. Network and Host Scanning with Nmap
  5 mins
- 2. Types of Scans
  10 mins
- 3. What the Scans Look Like
  10 mins
- 4. Dusting for Prints
  11 mins
- 5. What’s Under the Mask?
  8 mins
Skill:
Enumerating Shadow Cloud Targets
- 1. Enumerating Shadow Cloud Targets
  3 mins
- 2. Shadow Components
  11 mins
- 3. Scanning for Clouds
  12 mins
- 4. Finding the Key Master
  10 mins
- 5. Great Cloud Attacks in History
  7 mins
Skill:
Server Message Block (SMB) Sessions
- 1. Server Message Block (SMB) Sessions
  1 min
- 2. What is SMB?
  6 mins
- 3. SMB Security Features
  11 mins
- 4. Using SMB
  8 mins
- 5. SMB Defense
  6 mins
- 6. Exploiting SMB
  13 mins
Skill:
Defense Spotlight: DeepBlueCLI
- 1. DeepBlueCLI
  1 min
- 2. Installing DeepBlueCLI
  6 mins
- 3. Using DeepBlueCLI
  8 mins
- 4. Using DeepBlueCLI For Tidbits
  10 mins
- 5. The Alternatives
  9 mins
- 6. Breaking Some Events
  9 mins
Skill:
Password Attacks
- 1. Password Attacks
  2 mins
- 2. What to Attack
  10 mins
- 3. When to Attack
  7 mins
- 4. Where to Attack
  10 mins
- 5. Why (How) to Attack
  7 mins
- 6. Crossing the Rainbow Bridge
  11 mins
- 7. Rainbow Addendum
  5 mins
Skill:
Microsoft 365 Attacks
- 1. Microsoft 365 Attacks
  3 mins
- 2. Out with the old…
  11 mins
- 3. Phishing is Still an Issue
  6 mins
- 4. If We Can’t Play, No One Can
  9 mins
- 5. Crossing the Different Sites
  8 mins
- 6. Pivoting and Traffic Analysis
  9 mins
Skill:
Understanding Password Hashes
- 1. Understanding Password Hashes
  1 min
- 2. What is Hashing?
  6 mins
- 3. Which Hash to Pick?
  7 mins
- 4. Hash Collisions
  6 mins
- 5. Is Hashing Enough?
  8 mins
- 6. Building Some Known Hashes
  8 mins
- 7. Custom Hash Tables
  9 mins
Skill:
Password Attack Examples
- 1. Password Attack Exercise
  1 min
- 2. Hiren (boot disc)
  10 mins
- 3. Salting our Passwords
  9 mins
- 4. Hashcat
  8 mins
- 5. John the Ripper
  10 mins
- 6. Network Device Cracking
  10 mins
Skill:
Cloud Spotlight - Insecure Storage
- 1. Cloud Spotlight – Insecure Storage
  2 mins
- 2. The Harm in Sharing Too Much
  6 mins
- 3. Default Storage in Windows
  12 mins
- 4. File Sharing in Windows Server
  9 mins
- 5. POSIX-based File Permissions
  8 mins
- 6. Sharing on a Web Server in IIS
  7 mins
Skill:
Multi-Purpose Netcat
- 1. Multi-purpose Netcat
  2 mins
- 2. What is Netcat?
  8 mins
- 3. Making Someone Use Netcat
  11 mins
- 4. What Does Netcat Look Like on the Network
  10 mins
- 5. Command Access
  9 mins
- 6. Covering the Tracks
  10 mins
Skill:
Metasploit Framework
- 1. Metasploit Framework
  5 mins
- 2. Metasploit on Kali
  11 mins
- 3. Systems Without Metasploit
  11 mins
- 4. How to Prep the Target
  6 mins
- 5. Other Metasploit Add-Ins
  5 mins
- 6. Options Outside of Metasploit
  5 mins
Skill:
Drive-By Attacks
- 1. Drive-By Attacks
  1 min
- 2. How a Drive-By Attack is Planned
  11 mins
- 3. Usual Suspects
  9 mins
- 4. Turning the Sandbox into a Honeypot
  13 mins
- 5. Analyze an Attack to Build Against it
  7 mins
- 6. Using Those Results to Help
  4 mins
Skill:
Defense Spotlight: System Resource Usage Monitor
- 1. System Resource Usage Monitor
  1 min
- 2. Windows Resource Monitor
  14 mins
- 3. Windows Process IDs
  10 mins
- 4. POSIX-Based Resource Monitors
  6 mins
- 5. POSIX-Based Process IDs
  8 mins
- 6. Sledding Season
  9 mins
- 7. Making a NOP Sled
  4 mins
Skill:
Command Injection
- 1. Command Injection
  1 min
- 2. The Good
  8 mins
- 3. The Bad
  13 mins
- 4. And The Ugly
  11 mins
- 5. Where to Command Inject
  8 mins
- 6. More Detailed Hunting
  6 mins
Skill:
Cross-Site Scripting (XSS)
- 1. Cross-Site Scripting (XSS)
  2 mins
- 2. Common Weak Points
  10 mins
- 3. Directory Browsing
  7 mins
- 4. Using a Site as Our Own
  9 mins
- 5. Third-party Protection
  11 mins
- 6. XSS Review
  5 mins
Skill:
Cloud Spotlight - SSRF and IMDS Attacks
- 1. Cloud Spotlight – SSRF, IMDS, and SQL Injection Attacks
  1 min
- 2. WebGoat
  7 mins
- 3. Server-Side Request Forgery (SSRF)
  8 mins
- 4. Cloud Instance Metadata Services Attack
  8 mins
- 5. SQL Injection
  12 mins
- 6. Famous for the Wrong Reasons
  5 mins
Skill:
Endpoint Security Bypass
- 1. Endpoint Security Bypass
  2 mins
- 2. Bypassing Through Websites
  11 mins
- 3. Piggybacking Off Trusted Applications
  8 mins
- 4. It's a Phony!
  6 mins
- 5. Doing the Research
  6 mins
- 6. Damage the Security
  11 mins
- 7. Keep Updated
  2 mins
Skill:
Pivoting and Lateral Movement
- 1. Pivoting and Lateral Movement
  2 mins
- 2. What’s the Point?
  8 mins
- 3. Digging on the Initial System
  10 mins
- 4. I’m Not Done With You Yet!
  8 mins
- 5. Persistence
  11 mins
- 6. Internal Threats
  5 mins
Skill:
Hijacking Attacks
- 1. Hijacking Attacks
  1 min
- 2. Predictability
  9 mins
- 3. Hijacks on the Client Side
  7 mins
- 4. Man-in-the-Middle
  6 mins
- 5. Man-in-the-Browser
  9 mins
- 6. Sending a Care Package
  9 mins
- 7. Back to the Classics
  4 mins
Skill:
Covering Tracks
- 1. Covering Tracks
  2 mins
- 2. Why Cover Your Tracks
  5 mins
- 3. Event Logs
  12 mins
- 4. Network Traffic
  14 mins
- 5. It Wasn’t Me!
  6 mins
- 6. Destroy the Evidence
  6 mins
Skill:
Establishing Persistence
- 1. Establishing Persistence
  2 mins
- 2. What is Establishing Persistence?
  10 mins
- 3. Applying Open-Source Intelligence
  8 mins
- 4. Reconnaissance Information-Gathering
  12 mins
- 5. Post-Exploitation
  5 mins
- 6. Cloud Post-Exploitation
  8 mins
Skill:
Data Collection
- 1. Data Collection
  1 min
- 2. Importance
  8 mins
- 3. Choosing and Configuring Exploits
  11 mins
- 4. Delivering Those Exploits
  9 mins
- 5. Real Intelligence Threat Analytics
  10 mins
- 6. Where to go From Here?
  7 mins
Skill:
Attacking Windows Active Directory
- 1. Attacking Windows Active Directory
  1 min
- 2. Knowing Active Directory
  9 mins
- 3. Target Discovery and Enumeration
  9 mins
- 4. Asset Compromise
  10 mins
- 5. Internal Attacker Compromise Attribution
  7 mins
- 6. Known Active Directory Attacks
  4 mins
- 7. Email Compromises
  6 mins
Skill:
Password Spray, Guessing, and Credential Stuffing Attacks
- 1. Password Spray, Guessing, and Credential Stuffing Attacks
  1 min
- 2. Password Spraying
  10 mins
- 3. Password Guessing
  11 mins
- 4. Credential Stuffing
  8 mins
- 5. Using the Same Thing Over and Over
  9 mins
- 6. Time for Reviewing
  5 mins

No Transcript Available

Incident response

Access all premium content with a free week!

Start a free week

Course overview

28 HOURS OF TRAINING

36 SKILLS

232 VIDEOS

0 VIRTUAL LABS

0 PRACTICE EXAMS

Erik Choron

Nugget trainer since 2022

Read the full bio

What is it like to train with us?

Our learners say it best.

Helps me learn the skills I need when I need them

THOMAS S. | SYSTEMS ENGINEER & CONSULTANT

Read Reviews

Hacker Tools, Techniques, and Incident Handling (SEC504) FAQs: Cost, Training, Value

Is the GIAC Certified Incident Handler Certification (GCIH) worth it?

This is a specialized course that covers the tools and techniques used by hackers, as well as the steps necessary to respond to such attacks when they happen. The skills this SEC504 course develops are highly particular and especially valuable for those in roles where regulatory compliance and legal requirements are important. If your organization needs an officially certified security incident handler, the GCIH and this course are very much worth it.

How much does the GIAC Certified Incident Handler Certification (GCIH) cost?

The certification that this course on hacker tools, techniques and incident handling prepares you for is the GCIH from GIAC. All of GIAC's certification exams cost $949 to attempt, but GIAC also offers courses to help you prepare for the GCIH. If you're planning on taking the GCIH preparatory course, hopefully your employer helps cover the costs, because the courses start at $8,275 before the cost of the exam is added.

How difficult is the GCIH (SEC504) certification exam?

It's safe to say that the GCIH exam is difficult: it's a 4-hour long, 106-question exam with significant restrictions (no internet and only a few hardcopy books and notes are allowed). Half the GCIH tests your ability to detect covert communications and evasive techniques while detecting exploitation tools and monitoring for endpoint attacks. The other half covers incident response and cyber investigation. It's a difficult exam even for experienced cybersecurity professionals.

Does the GIAC Certified Incident Handler Certification (GCIH) expire?

Yes, the certification that this course on hacker tools, techniques and incident handling (SEC 504) prepares you for expires four years after you earn it. If you wish to keep the certification up-to-date and valid (a legal and compliance requirement for many organizations), then during those four years you'll need to pay GIAC $469 as well as take a number of continuing education credits, the details of which are available on GIAC's website.

How to study for the GIAC Certified Incident Handler Certification (GCIH)?

The GCIH is a robust and specialized certification that covers familiarity with hacking techniques as well as administrative know-how in responding to security incidents. Even in the largest networks, those skills can be hard to come by without direct and deliberate training and preparation. You'll want to prepare for the GCIH with a course that educates you and gives you chances to practice, first-hand, security procedures and techniques in equal measure.

CompTIA Security+ (SY0-601)

Cisco Certified CyberOps Associate (200-201 CBROPS)

What is it like to train with us?

Our learners say it best.

Hacker Tools, Techniques, and Incident Handling (SEC504) FAQs: Cost, Training, Value

Let's chat!