back to overview

For registration please reach out to us by email to:

CSR101 - CDC Incident Handling Level 1
Technical Detection, Analysis & Response
ISH certificate “Security Incident Analyst - Level 1”

Delivery: classroom // Duration: 5 days

To respond effectively to cyber security challenges, SOC-Members must constantly develop and test their knowledge and effectiveness. One of the best ways to do this is to test their readiness against simulated attack scenarios at a hyper-realisitic Cyber Simulation Range (CSR). This course sets the stage for future security analysts to deal with cyber-attack scenarios – ranging from basic to complex – which include legacy, current and emerging threat vectors.


Learning Objectives

By the end of this course, students will be able to:

  • Understand the functionality of a state-of-the-art CDC

  • Utilize integrated tools of the complete CDC technology stack

  • Efficiently detect, assess and determine the scope of incidents

  • Enrich event information utilizing external threat intelligence

  • Perform tasks in various CDC roles in situations of stress


Course Content

  • Cyber Defense Center

    • Mission statement, services and maturity level

    • Team structure, roles and responsibilities

    • CDC tools including crash courses

    • Incident categorization, triage process, information enrichment & correlation

    • IR processes & playbooks

  • Cyber Simulation Range

  • Understand the hyper-realistic CSR architecture

  • Work with the CDC technology stack and toolbase

  • Identfiy criticalities of assets and information

  • Slip into different CDC roles

  • Perform teamwork and individual tasks

  • Practical training sessions in IT environments

    • Understand the adversaries kill chain, tactics and techniques

    • Search for indicators of compromise (IoC) in logs, flows and payloads

    • Identifiy compromised systems

    • Detect indicators of reconnaissance, lateral movement and post-exploitation

    • Scope single and multiple path attacks with increasing complexity

    • Find active and dormant malware, bots and backdoors

    • Discover common hiding and evasion techniques

    • Understand the full picture of targeted attacks and collect evidence of persistence


Target Audience

  • CDC analysts who are faced with security incidents on a regular basis and need to know how to detect, investigate, remediate, and recover from compromised systems across an IT infrastructure

  • Threat hunters who are seeking to understand threats more fully and who want to learn from incidents in order to more effectively hunt threats and respond to future threats

  • Technically oriented CISOs, risk managers and security experts who are responsible for the organisational management of serious cyber crises


Pre-requisite for Course Registration

This course focuses on detection and analysis of cyber threats against IT environments. We will give short crash courses for required CDC tools before jumping into concrete realistic cases. The complexity of attacks and scenarios will increase over time. Therefore the audience is expected to have basic knowledge and experience in IT security.

  • MUST: Most important: A passion for IT security

  • MUST: OS basics for Windows and Linux

  • MUST: Network basics regarding the OSI model

  • MUST: Logging and log analysis basics

  • NICE TO HAVE: Hacking basics (Metasploit, Mimikatz, Kali, WebApp hacking etc.)

Upcoming Sessions

Dates Location Language Registration fee (plus VAT)
April 24-28, 2023 ISH Campus Munich Airport German 4900€
May, 22-26, 2023 ISH Campus Munich Airport German 4900€
September, 11-15, 2023 ISH Campus Munich Airport English 4900€
October, 9-13, 2023 ISH Campus Munich Airport English 4900€
November, 6-10, 2023 ISH Campus Munich Airport German 4900€
December, 4-8,2023 ISH Campus Munich Airport German 4900€


How to get to the ISH Campus?

Address: Südallee 1 85326 Munich, Germany
Phone: +49 (0)89 975 32275

By car - from the A92 / Munich

Leaving the motorway A92 you will find yourself at the "Zentralallee". When reaching the first bridge, turn right and leave the "Zentralallee" following the sign with direction "Fracht/Cargo/Wartungsallee/Südallee/FOC".  Continue to follow the street  until the end - for approx. 1,5 km -  and turn left. On your right you will reach the “Luftpostleitstelle” where the ISH is located. 

By S-Bahn / airplane

Take the S-Bahn line S8 or S1 and drive to the “Besucherpark”. Exit the S-Bahn station towards the Flight Operations Center (FOC / Lufthansa) and at the bottom of the stairs, turn left and follow the road for approx. 1,5 km, leaving the "Frachtgebäude/Cargo" at your right hand side. At its end turn left and you will reach the "Luftpostleitstelle" where the ISH is located. 

Are events and trainings in English or in German?

Since we want to provide the best trainings and events for “Securing the Global future” we offer our programs in both English and German. You can tell which language the training or event is in by which flag icon is listed next to the title. A British flag for English or the German flag for Deutsch.

How can I book an open class or company training?

For our "CDC Handling" open class trainings please register via our online registration form. If you plan a company training please arrange a date with our training department, as we offer these trainings on demand.

Which hotels are in the area?

While there is a wide range of hotels around the airport we personally have stayed at both the Hilton and Novotel hotel, and find them to be very nice and comfortable.

Hilton Munich Airport

Address: Terminalstraße Mitte 20, 85356 München-Flughafen
Phone: +49 (0)89 97820

Hotel Novotel

Address: Nordallee 29, 85356 München Phone: +49 (0)89 9705130