Evergreen Alliance Training Program for GIAC Certified Incident Handler Certification (GCIH)

Detecting Covert Communications
You will learn how to identify and defend against covert communication tools, such as netcat, used by attackers to covertly exfiltrate data or maintain communication within a compromised network.

Detecting Evasive Techniques
You will gain expertise in recognizing and defending against methods attackers use to erase evidence, conceal their actions, and avoid detection, ensuring that hidden threats are exposed and mitigated.

Detecting Exploitation Tools
You will develop the skills to identify, defend against, and mitigate the use of exploitation tools like Metasploit, which are commonly used by attackers to exploit vulnerabilities in systems and applications.

Drive-By Attacks
You will learn how to detect, block, and neutralize drive-by attacks, where malicious code is executed when a user visits a compromised website, taking action to safeguard your network and users.

Endpoint Attack and Pivoting
You will understand how to identify attacks targeting endpoints and pivoting strategies used by attackers to move laterally through the network after compromising a system. You’ll also learn how to mitigate such threats effectively.

Incident Response and Cyber Investigation
You will develop a comprehensive understanding of the incident response lifecycle, including the industry-standard PICERL framework, and best practices for conducting thorough cyber investigations to resolve and recover from security incidents.

Memory and Malware Investigation
You will gain practical knowledge of memory forensics, including techniques to analyze volatile data, identify malicious processes, detect network-based attacks, and perform basic malware analysis to uncover hidden threats.

Network Investigations
You will learn the critical techniques and tools required to investigate network data, analyze network traffic, and detect suspicious activities that could indicate a breach or ongoing attack within your environment.

Networked Environment Attack
You will gain the skills to defend against and mitigate attacks targeting shared network environments such as Windows Active Directory and cloud infrastructures, preventing attackers from exploiting vulnerabilities in these systems.

Password Attacks
You will learn how to identify, defend against, and mitigate password cracking techniques and other attacks targeting weak or improperly managed credentials, improving the security of user authentication systems.

Post-Exploitation Attacks
You will understand how attackers maintain access, escalate privileges, and move laterally within a compromised environment. You’ll learn how to detect these activities and stop attackers from causing further harm.

Reconnaissance and Open-Source Intelligence
You will acquire the skills to identify, counter, and block reconnaissance activities, including the use of publicly available information by adversaries to plan their attacks, preventing attackers from gathering useful data for later exploitation.

Scanning and Mapping
You will learn to detect and mitigate scanning and mapping techniques used by attackers to discover vulnerable hosts, open ports, and services in your network, strengthening your defenses against network enumeration.

SMB Scanning
You will understand how attackers use SMB scanning techniques to identify weaknesses in your network and how to defend against and mitigate such reconnaissance activities to protect critical network resources.

Web App Attacks
You will gain the knowledge to detect, block, and mitigate web application attacks such as SQL injection, cross-site scripting (XSS), and other vulnerabilities that could compromise sensitive data or disrupt operations.