Black Friday Sale Happening Now! Learn More

Incident Response Simplified

Course Authored by .

Incident Response Simplified

Complexity is the enemy of security. This is especially true in crisis. When responding to a cybersecurity incident, you need a simple, effective, repeatable plan. In this course, we’ll discuss the three primary threat vectors, outline the two most important IR playbooks, and review the two most critical IT assets: identity and endpoint.

Live Training $295.00

Course Length: 8 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: April 3rd, 2026 @ 10:00 AM EDT

Description

Complexity is the enemy of security. This is especially true in crisis. When responding to a cybersecurity incident, you need a simple, effective, repeatable plan.

In this course, we’ll discuss the three primary threat vectors, outline the two most important IR playbooks, and review the two most critical IT assets: identity and endpoint. Then we’ll roll up our sleeves and practice identity and endpoint investigations, including forensic-artifact selection and acquisition, rapid processing, and prioritized investigative workflow in the context of a real-world business compromise.

We’ll discuss Active Directory and M365 Identity; Windows; and Linux OS “attack surface;” and get hands-on experience performing rapid endpoint investigations using PowerShell, Velociraptor offline collector, KAPE, and csv/xlsx output analysis.

  • System Requirements
    • A computer with a web browser. All lab VMs are cloud-hosted.

Syllabus

Developing a Tactical IR Plan

·      The Three Threat Vectors

·      The Two Most Important IR Playbooks

·      Asking the Right Incident-Response Questions

Identity Attack Surface

·      Identity: Your Most Critical IT Asset

·      M365 Identity Overview

·      Active Directory for IR Overview

Endpoint Attack Surface

·      Understanding How Threat-Actors/Malware Impact Endpoints

·      Windows Attack Surface

·      Linux Attack Surface

Rapid Endpoint Investigations Methodology

·      Endpoint Artifact Selection

·      Endpoint Artifact Acquisition

·      Investigative Workflow

Rapid Endpoint Investigations Tools & Techniques

·      Tools & Techniques Overview

·      Building an Artifact Collector (lab)

·      Parsing Triage Data (lab)

Case Study: Business Compromise Investigation

·      Reviewing Identity Indicators (lab)

·      Investigating Endpoint Artifacts (lab)

·      Deriving Actionable Intelligence (lab)

·      Answering the Right Incident-Response Questions

Conclusion

·      Workflow and Tooling Review

·      Reference and Additional Resources

FAQ

Who Should Attend

The course content is designed to help IT/Security Analysts develop and/or improve their tactical incident-response process and capabilities.

Audience Skill Level

Intermediate

Prerequisites

Basic understanding of Identity, Windows, and Linux security concepts.

Key Takeaways

·      Creating a tactical IR plan

·      Simplifying an incident-response workflow

·      Prioritizing operating system artifact collection and review

·      Using “rapid triage workflow” scripts, Velociraptor offline collector, and KAPE for rapid endpoint investigations

·      Investigating a real-world business compromise case

About the Instructor

Pixel splash background
Bio

Patterson Cake joined the Black Hills Information Security (BHIS) pirate ship in June of 2023 as a Security Analyst focusing primarily on detection engineering and digital forensics and incident response. He chose BHIS because, to paraphrase, “doing cool stuff with cool people” and “making the world a better/safer place” is exactly how he wants to spend his professional time and energy. It also helps that he has a bit of history with a couple of awesome folks that have been with BHIS for many moons. Prior to joining the team, Patterson helped build and lead a DFIR practice for an MSSP, worked as a senior security engineer for AWS Managed Services, and spent several years in enterprise cybersecurity, often healthcare related, focusing on intermingling offensive security and incident response in technical and leadership roles. Outside of work, he enjoys spending time with his family, which often involves motorcycles, outdoor sports, movies, and music.

Register for Upcoming

  • Filter by Product Date
  • Filter by Product Instructor
  • Filter by Product Type

This event is part of the Private: SOC Summit

Incident Response Simplified

Complete Package

Live Training Patterson Cake

Virtual

Includes:
  • Includes certificate of participation
  • 12 months access to Cyber Range
  • 6 months access to class recordings via Discord
  • Our appreciation

Free ticket to the Antisyphon Training SOC Summit on March 25, 2026, a virtual event that offers a practical look at what it’s like to work in a SOC. More details to come.

Content is loading, please wait.
Content is loading, please wait.
$295.00
April 3rd, 2026 10:00 AM EDT - 6:00 PM EDT

Registration End Date: 10:00 PM, EDT April 2nd 2026

Related products

Shopping Cart

No products in the cart.