back to overview

For registration please reach out to us by email to:

CSR101 - CDC Incident Handling Level 1
Technical Detection, Analysis & Response
ISH certificate “Security Incident Analyst - Level 1”

Delivery: classroom // Duration: 5 days

To respond effectively to cyber security challenges, SOC-Members must constantly develop and test their knowledge and effectiveness. One of the best ways to do this is to test their readiness against simulated attack scenarios at a hyper-realisitic Cyber Simulation Range (CSR). This course sets the stage for future security analysts to deal with cyber-attack scenarios – ranging from basic to complex – which include legacy, current and emerging threat vectors.


Learning Objectives

By the end of this course, students will be able to:

  • Understand the functionality of a state-of-the-art CDC

  • Utilize integrated tools of the complete CDC technology stack

  • Efficiently detect, assess and determine the scope of incidents

  • Enrich event information utilizing external threat intelligence

  • Perform tasks in various CDC roles in situations of stress


Course Content

  • Cyber Defense Center

    • Mission statement, services and maturity level

    • Team structure, roles and responsibilities

    • CDC tools including crash courses

    • Incident categorization, triage process, information enrichment & correlation

    • IR processes & playbooks

  • Cyber Simulation Range

  • Understand the hyper-realistic CSR architecture

  • Work with the CDC technology stack and toolbase

  • Identfiy criticalities of assets and information

  • Slip into different CDC roles

  • Perform teamwork and individual tasks

  • Practical training sessions in IT environments

    • Understand the adversaries kill chain, tactics and techniques

    • Search for indicators of compromise (IoC) in logs, flows and payloads

    • Identifiy compromised systems

    • Detect indicators of reconnaissance, lateral movement and post-exploitation

    • Scope single and multiple path attacks with increasing complexity

    • Find active and dormant malware, bots and backdoors

    • Discover common hiding and evasion techniques

    • Understand the full picture of targeted attacks and collect evidence of persistence


Target Audience

  • CDC analysts who are faced with security incidents on a regular basis and need to know how to detect, investigate, remediate, and recover from compromised systems across an IT infrastructure

  • Threat hunters who are seeking to understand threats more fully and who want to learn from incidents in order to more effectively hunt threats and respond to future threats

  • Technically oriented CISOs, risk managers and security experts who are responsible for the organisational management of serious cyber crises


Pre-requisite for Course Registration

This course focuses on detection and analysis of cyber threats against IT environments. We will give short crash courses for required CDC tools before jumping into concrete realistic cases. The complexity of attacks and scenarios will increase over time. Therefore the audience is expected to have basic knowledge and experience in IT security.

  • MUST: Most important: A passion for IT security

  • MUST: OS basics for Windows and Linux

  • MUST: Network basics regarding the OSI model

  • MUST: Logging and log analysis basics

  • NICE TO HAVE: Hacking basics (Metasploit, Mimikatz, Kali, WebApp hacking etc.)

Upcoming Sessions

Dates Location Language Registration fee (plus VAT)
July 12 - 16, 2021 ISH Campus Munich Airport German 4900€
September 27 - October 01, 2021 ISH Campus Munich Airport English 4900€
November 08 - 12, 2021 ISH Campus Munich Airport German 4900€
December 06 - 10, 2021 ISH Campus Munich Airport English 4900€


How to get to the ISH Campus?

Address: Südallee 1 85326 Munich, Germany
Phone: +49 (0)89 975 32275

Mit dem Auto- von der A92/München

Orientieren Sie sich an der Beschilderung “Frachtgebaude” unde verlassen Sie die Autobahn. Folgen Sie der Straße nach rechts, Sie überqueren auf der Brücke die S-Bahn Linie. Biegen Sie bei der nächsten Möglichkeitne rechts ab un folgen dem Straßenverlauf über eine langgezogene Rechtsverurve. Fogen Sie der Straße weiterhin bis Sie links abbiegen können. Biegen Sie links ab. Zu Ihrer Rechten erreichen Sie die “Luftpostleitstelle”.

By car - from the A92 / Munich

Follow the signs “Frachtgebaude” and leave the motorway. Follow the road to the right and cross the S-Bahn line on the bridge. At the next opportunity, turn right and follow the road over a long right turn. Continue to follow the street until you can turn left. Turn left. On your right you will reach the “Luftpostleitstelle”.

Mit der S-Bahn / dem Flugzeug

Steigen Sie in die S-Bahn-Linie S8 oder S1 und fahren Sie bis zum “Besucherpark”. Verlassen Sie in die S-Bahn-Station in Richtung Flight- Operations-Center (FOC/Lufthanasa) und folgen Sie am Ende der Treppen nach unten der Straße zu Ihrer Linken bis zum Ende der “Frachtgebäide”. Gehen Sie weiter gerade aus und folgen Sie der Straße nach rechts. Am Ende dieser Straße erreichen Sie die “Luftpostleitstelle”.

By S-Bahn / airplane

Get on the S-Bahn line S8 or S1 and drive to the “Besucherpark”. Exit the S-Bahn station towards the Flight-Operations-Center (FOC / Lufthanasa) and at the bottom of the stairs, follow the road to the left to the end of the “Frachtgebäide”. Continue straight ahead and follow the road to the right. At the end of this street you reach the “Luftpostleitstelle”.

Are events and trainings in English or in German?

Since we want to provide the best trainings and events for “Securing the Global future” we offer our programs in both English and German. You can tell which language the training or event is in by which flag icon is listed next to the title. A British flag for English or the German flag for Deutsch.

Where can I check my ticket order?

You can always check or make changes to your ticket order by using the link in the email you received after you completed your booking. If you don’t have this link anymore, you can request a new mail through our ticketshop.

What hotels are in the area?

While there are a wide range of hotels around the airport we have personally stay at both the Hilton and Hotel Novotel, and find them to be very nice and accommodating.

Hilton Munich Airport

Address: Terminalstraße Mitte 20, 85356 München-Flughafen
Phone: +49 (0)89 97820

Hotel Novotel

Address: Nordallee 29, 85356 München Phone: +49 (0)89 9705130

I have further questions and would like to speak to someone in person, who do I call?

Yes, you can email us at or call us at +49 89 975 32275. We are fluent in English or German.