SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Apply what you learn with hands-on exercises and labs
Acquire critical visibility, detection, and response capabilities to protect ICS/OT environments against sophisticated threats while ensuring the safety and reliability of operations.
ICS515 is so relevant to my day to day that I feel like I can't take notes fast enough. This is so critical for the ICS and OT community.
This ICS incident response course equips security professionals with practical skills to secure industrial environments. Through hands-on exercises using real industrial equipment, you'll learn to gain network visibility, identify assets, detect threats, and respond to incidents in critical infrastructure and other environments that rely on ICS/OT systems. The curriculum covers advanced defensive techniques against sophisticated threats like STUXNET, HAVEX, BLACKENERGY2, CRASHOVERRIDE, TRISIS/TRITON, FROSTYGOOP, EKANS, and PIPEDREAM. You'll work with a real programmable logic controller (PLC) kit, sector simulation board, and virtual machines that you keep post-course to continue skill development. Leveraging industry frameworks , you'll develop repeatable methodologies to secure industrial environments.
A former U.S. Air Force cyber warfare officer, Robert led the NSA’s first mission targeting threats to industrial infrastructure. Now at Dragos, he spearheads global defense of critical systems, shaping national policy and industry threat response.
Read more about Robert M. LeeExplore the course syllabus below to view the full range of topics covered in ICS515: ICS Visibility, Detection, and Response.
Learn to leverage threat intelligence to analyze threats, extract indicators of compromise, document tactics, techniques, and procedures, and guide security teams to protect industrial environments.
Understand the networked environment to build comprehensive asset inventories and develop effective collection strategies for both industrial operations and security operations.
Develop detection strategies to remain resilient against targeted and untargeted threats, with focus on safely conducting threat hunting and analyzing attack patterns in industrial environments.
Learn to safely perform ICS incident response with focus on acquiring digital evidence while scoping threats and their operational impact, using forensic techniques tailored for industrial environments.
Extract information from threats through malware analysis to reduce the effectiveness of threats and create shareable threat intelligence for improved defensive posture.
A full-day technical challenge where students apply all learned skills to analyze packet captures, logic, memory images, and more from compromised ICS ranges and equipment, simulating real-world scenarios.
Analyzes data from multiple sources to prepare environments, respond to information requests, and support intelligence planning and collection requirements.
Explore learning pathAdd a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Very good for any ICS program, security-focused or not.
Very good focus on the OT/ICS side & integrated into class.
This course was like a catalyst. It not only boosted my knowledge about the threats facing ICS environments and provided me with a framework to actively defend these threats, it also inspired me to learn more.
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources