Webinar - IR225 - Enterprise Cyber Threat Analysis and Response

#1733343: Webinar - IR225 - Enterprise Cyber Threat Analysis and Response

Description:	The Cyber Training Branch is pleased to announce the upcoming IR225: Enterprise Cyber Threat Analysis and Response course — a 5-day, in-person, instructor-led training opportunity specifically designed for federal cybersecurity professionals. Course Location: Arlington, VA Time: 9 a.m. to 5 p.m. EDT, daily This course is ideal for beginner to intermediate-level federal personnel responsible for incident response and cybersecurity operations. This intensive training will equip participants to utilize incident response (IR) tools to identify, mitigate, and operationalize attack data following the CISA IR Process and NIST 800-61 guidelines. The course begins with a primer on foundational enterprise digital forensic and incident response skills and tools, progresses to detecting and triaging threat actor activity, then culminates in an immersive, live-fire Capture-the-Flag (CTF) exercise. Participants will be provided with a laptop for the duration of the training to access the secure training environment and operational tools. At the end of this training, participants will be able to: · Analyze SIEM alerts, logs, and network traffic to detect Indicators of Attack (IoA) and Indicators of Compromise (IoC). · Investigate unauthorized Remote Desktop Protocol (RDP) activities and credential misuse. · Examine PowerShell abuse and web shell installations through Security Onion and Splunk. · Trace the use of PSExec, credential theft, and Active Directory database compromises. · Detect data exfiltration attempts and monitor external communications. · Utilize PowerShell and system event logs to identify persistence mechanisms. · Develop triage techniques to prioritize investigation targets and validate containment measures. · Derive actionable defensive measures from discovered IoC and IoA. · Apply insights from threat advisories to uncover Advanced Persistent Threat (APT) activity. · Recommend strategies to mitigate Command and Control (C2) traffic, Living off the Land (LoTL) techniques, and data exfiltration attempts. · Implement monitoring metrics to measure incident response effectiveness.
More info:	https://cisa.webex.com/webappng/sites/cisa/webinar/webinarSeries/register/52f2894f8b2340d68636fbc41195ee7e

Description:

The Cyber Training Branch is pleased to announce the upcoming IR225: Enterprise Cyber Threat Analysis and Response course — a 5-day, in-person, instructor-led training opportunity specifically designed for federal cybersecurity professionals.

Course Location: Arlington, VA
Time: 9 a.m. to 5 p.m. EDT, daily

This course is ideal for beginner to intermediate-level federal personnel responsible for incident response and cybersecurity operations.

This intensive training will equip participants to utilize incident response (IR) tools to identify, mitigate, and operationalize attack data following the CISA IR Process and NIST 800-61 guidelines. The course begins with a primer on foundational enterprise digital forensic and incident response skills and tools, progresses to detecting and triaging threat actor activity, then culminates in an immersive, live-fire Capture-the-Flag (CTF) exercise.

Participants will be provided with a laptop for the duration of the training to access the secure training environment and operational tools.

At the end of this training, participants will be able to:

· Analyze SIEM alerts, logs, and network traffic to detect Indicators of Attack (IoA) and Indicators of Compromise (IoC).

· Investigate unauthorized Remote Desktop Protocol (RDP) activities and credential misuse.

· Examine PowerShell abuse and web shell installations through Security Onion and Splunk.

· Trace the use of PSExec, credential theft, and Active Directory database compromises.

· Detect data exfiltration attempts and monitor external communications.

· Utilize PowerShell and system event logs to identify persistence mechanisms.

· Develop triage techniques to prioritize investigation targets and validate containment measures.

· Derive actionable defensive measures from discovered IoC and IoA.

· Apply insights from threat advisories to uncover Advanced Persistent Threat (APT) activity.

· Recommend strategies to mitigate Command and Control (C2) traffic, Living off the Land (LoTL) techniques, and data exfiltration attempts.

· Implement monitoring metrics to measure incident response effectiveness.

More info:

https://cisa.webex.com/webappng/sites/cisa/webinar/webinarSeries/register/52f2894f8b2340d68636fbc41195ee7e

Date added	April 16, 2026, 4:25 p.m.
Source	Webex
Subjects	Incident Response / Incident Handling PodCasts / Webcast / Webinar / eSummit / Virtual Event etc.
Venue	May 11, 2026, midnight - May 15, 2026, midnight