Tactical Response
$2,000 – $3,000
Tactical Response

Tactical Response

Event Information

Share this event
Date and Time

Attack Research

30 Bonnie View Drive

Los Alamos, NM 87544

View Map

Friends Who Are Going
Event description


Tactical Response is Attack Research's unique approach to building and operating an incident response program.  In this 2-day course students will become proficient in the basic skills necessary to triage, respond, contain, and work with management on compromises. Basic skills to be covered include: network forensics, log data mining, UNIX system analysis, introductory malware reverse engineering, discovering host based artifacts, and reporting strategies.

This course focuses primarily on Windows and Linux operating systems. In addition to the skillsets described above, the course will also describe real world attacker methodologies and how they appear in data sources as well as analysis evasion techniques.  Once finished with this course, students will have a solid foundation on compromises occur and strategies for effectively responding to them.

Like all classes offered by Attack Research, Tactical Response is hands on with a virtual environment for students to practice the techniques they learn from the course lecture.  Exercises are then demonstrated so each student gets a deep understanding.  For more advanced students, there are additional challenges within the environment for them to discover.

Target Audience:

  • Security Management

  • Beginning Incident Responders

  • System Administrators

  • Individuals Interested in Learning About Reverse Engineering and Network Forensics


Course Outline:

  • Introductory Concepts and Thinking Like an Attacker

  • Network Analysis

  • Log Analysis

  • Unix System Analysis

  • Host Analysis

  • File Artifact Analysis

  • Analysis Evasion

  • Reporting


Course Instructor Bio:

This course is taught by a highly experienced member of Attack Research staff.   Instructors have over 10 years of experience implementing, supporting, securing, and compromising large and complex multi-platform environments.  Instructors are currently engaged in senior level penetration testing of highly secured UNIX and Windows networks and frequently research, develop and deploy custom tools and techniques during engagements.

Tactical Exploitation: Attacking UNIX instructors also bring a wealth of knowledge gained from performing incident response on compromised systems in the field including analysis of attacker tools and techniques.  Many of the topics covered in the course are taken directly from instructors case studies and represent real world events.

Student Requirements

Students must bring their own machines. Student machines can be of any platform but must have the ability to run a VMWare based virtual machine.  Students must also have enough administrative access and understanding of configuring network settings.

Students must have:

  • An understanding of basic operating system concepts

  • The ability to use command line tools on Windows and Linux

  • Basic familiarity of file formats

  • Basic scripting ability (PERL, Python, Bash, etc.)

This course is not recommended for advanced incident response experts or high end reverse engineers.

Course Background:

Tactical Response has been taught at our local headquarters and been well received.  It has also been taught and well received multiple years at Blackhat.

Students Provided With:

Students leave the class with full documentation and the entire custom and non-custom toolsets. Students will also take away the custom tools that they design and build in the class. Students walk away from AR training sessions not only with the “usual” training materials, but with a wealth of knowledge for both defending networks, responding to attacks, and providing useful information to management.

Attack Research utilizes a very hands on approach to teaching by having the students spend a significant amount of class time performing practical exercises in a lab environment designed to simulate real world compromised systems. This type of class structure has been a proven success in retention of skills learned and student engagement. Our unique lab environments are replicas of the types of production networks that students will encounter in the real world.

Share with friends
Date and Time

Attack Research

30 Bonnie View Drive

Los Alamos, NM 87544

View Map

Save This Event

Event Saved