back to overview
For registration please reach out to us by email to:
CSR102 - CDC Incident Handling Level 2
Technical Detection, Analysis & Response
ISH certificate "Security Incident Analyst - Level 2"

Delivery: classroom // Duration: 5 days

Incident analysts and threat responders have a challenging time understanding complex, multi-level attacks and APT adversary intrusions without pre-built indicators of compromise or threat intelligence gathered before a breach. One of the best ways to enhance capabilities is to test personal readiness in advanced attack scenarios at a hyper-realisitic Cyber Simulation Range. This course sets the stage for level-1-finishers to handle more complex cyber-attack scenarios defending both IT landscapes, IoT and OT/production environments.


Learning Objectives

By the end of this course, participants will be able to:

  • Understand emerging challenges and possible solutions in the field of IT & OT security

  • Utilize advanced CDC tools to filter out the signal within the noise of security alerts

  • Efficiently detect, assess and determine complex, multi-level and targeted attacks

  • Respond efficiently to critical security incidents in situations of stress accordingly

  • Work in a team of security analysts, incident responders and forensic experts


Course Content

  • Advanced Cyber Defense Center

  • Next generation security tools for larger cyber defense centers

  • Monitoring of security-related events in both IT, IoT and OT environments

  • Orchestration and information enrichment of security-relevant events

  • Automation of routine tasks in order to free time to focus on important tasks

  • Deception and denial of attackers in realtime

  • Gathering, enrichment and sharing of IoCs using TI

  • Extended Cyber Simulation Range

    • Familiarize with the setup of a hyper-realistic advanced CSR infrastructure

    • Understand the need for advanced CDC tools and actively use the technology

    • Understand the specifics of industrial & production environments

    • Stay efficient and avoid mistakes even in situations of stress

  • Practical training sessions in IT and OT environments

    • Understand the adversaries kill chain, tactics, techniques

    • Search for indicators of compromise (IoC) in logs, flows, protocols, executables

    • Identify reconnaissance, lateral movement, compromise, critical function calls, post-exploitation

    • Scope single and multiple path attacks with increasing complexity

    • Find active and dormant malware, bots and backdoors

    • Discover common hiding & evasion techniques

    • Actively defend an industrial production site against targeted attacks

    • Collect evidence of persistence and apply forensic post mortem offline analysis


Target Audience

  • ISH-certified “SECURITY INCIDENT ANALYST - LEVEL 1” analysts who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across IT and OT environments

  • Threat hunters who are seeking to understand threats more fully and who want to learn from incidents in order to more effectively hunt threats and respond to future threats

  • Information security professionals who may encounter critical data breach incidents and targeted intrusions over a longer period of time


Pre-requisite for Course Registration

This courses focuses on detection and analysis and threat hunting of targeted and advanced persistent threats against IT and OT environments. It is a must to attend CSR101 first.


  • NICE TO HAVE: Hacking basics (Metasploit, Mimikatz, Kali, WebApp hacking etc.)

Upcoming Sessions

Dates Location Language Registration fee (plus VAT)


How to get to the ISH Campus?

Address: Südallee 1 85326 Munich, Germany
Phone: +49 (0)89 975 32275

By car - from the A92 / Munich

Leaving the motorway A92 you will find yourself at the "Zentralallee". When reaching the first bridge, turn right and leave the "Zentralallee" following the sign with direction "Fracht/Cargo/Wartungsallee/Südallee/FOC".  Continue to follow the street  until the end - for approx. 1,5 km -  and turn left. On your right you will reach the “Luftpostleitstelle” where the ISH is located. 

By S-Bahn / airplane

Take the S-Bahn line S8 or S1 and drive to the “Besucherpark”. Exit the S-Bahn station towards the Flight Operations Center (FOC / Lufthansa) and at the bottom of the stairs, turn left and follow the road for approx. 1,5 km, leaving the "Frachtgebäude/Cargo" at your right hand side. At its end turn left and you will reach the "Luftpostleitstelle" where the ISH is located. 

Are events and trainings in English or in German?

Since we want to provide the best trainings and events for “Securing the Global future” we offer our programs in both English and German. You can tell which language the training or event is in by which flag icon is listed next to the title. A British flag for English or the German flag for Deutsch.

How can I book an open class or company training?

For our "CDC Handling" open class trainings please register via our online registration form. If you plan a company training please arrange a date with our training department, as we offer these trainings on demand.

Which hotels are in the area?

While there is a wide range of hotels around the airport we personally have stayed at both the Hilton and Novotel hotel, and find them to be very nice and comfortable.

Hilton Munich Airport

Address: Terminalstraße Mitte 20, 85356 München-Flughafen
Phone: +49 (0)89 97820

Hotel Novotel

Address: Nordallee 29, 85356 München Phone: +49 (0)89 9705130