CIRCL offers courses to its members and organizations based in Luxembourg.
In their mission to improve information security, CIRCL is sharing its field experience through a set of training or technical courses. Due to diversity of competences within the team, CIRCL is able to provide a large diversity of information security trainings. Courses target technical experts but also non-technical staff in the topics of incident handling, malware analysis, operational security and system forensics.
CIRCL sees the trainings and technical course as a great opportunity to learn from their partners, too, and to improve the security handling procedures. By attending the courses, partners are not only helping their own organization but also the overall security in Luxembourg (i.e. it is beneficial for both the organization and CIRCL if the technical staff is prepared for Incident Response).
Courses can be held at CIRCL’s training room or the premises of the organization unless specific requirements are noted.
Courses however have specific requirements in terms of technical equipment. These requirements are specified in the course description or will be specified before the course starts.
CIRCL provides these courses under tailored terms and conditions in order to fit your organizational structure. Don’t hesitate to contact us for more information.
Training catalogue 2017 in PDF format. The training catalogue is also valid for 2017.
Introduction to Incident Response
- Incident detection and response introduction theory and practical examples from concrete incidents. The training includes an overview of the most common type of incidents encountered in Luxembourg.
- How are the majority of security incidents detected
- How to secure evidences after detecting an incident
- How to perform acquisition of evidences (file-system, memory and network)
- How to interact with local CERTs and/or international CERTs
- How to balance remediation with incident response
- IT department staff and manager - Local Incident Response Team
- IT support - basic knowledge of operating systems is required
- 3 hours
- English, French, German or Luxembourgish
File-system Post-mortem Forensic Analysis
- Forensic Analysis is based on the assumption that everything leaves a trace behind. A trace in an information system can be any data that helps to identify space and time actions. Post mortem analysis is a key tool to discover and analyse security incidents. This course will teach the participant on how to find answers to what has happened by analysing different layer from the physical medium to the file system up to the application level.
- Perform disk acquisition the right way
- Introduce to file system analysis (NTFS/FAT)
- Analyse operating system artifacts (MS Windows)
- Find evidences in communication applications (e.g. browser or chat history)
- IT department staff - Local Incident Response Team
- Knowledge of operating systems and IT security is required
- 8 hours
- English, German
Digital Privacy Salon
- A digital privacy salon aims to present and explain how to use secure communication tools along with good Internet hygiene and understanding the associated risks.
- Learning how to securely use:
- Browsers (e.g. HTTPS, plugins, passwords, tracking, phishing)
- Instant messaging (e.g. OTR, Cryptocat)
- Emails (e.g. virus, spam, encryption (PGP - GnuPG))
- Mobile devices (e.g. tracking, secure communication)
- Disk encryption (e.g. FireVault, Bitlocker, LUKS, truecrypt)
- Online and offline exchange of data (e.g. USB, Sharing platforms)
- Network encryption (e.g. VPN, Tor)
- Citizens using IT equipment
- Beginner or Advanced
- 2 hours
- English, French, Luxembourgish, German
Introduction to Penetration Testing
- Besides classical security techniques like firewalls, VPN, AV among many others, offensive security is also a mandatory ability nowadays. This course gives an overview on how attackers prepare and execute a targeted attack. APT - Advanced Persistent Threats turn into the most critical risk for companies, today. This course will help the security responsible to see their corporate network from the attackers point of view and choose the necessary security mechanisms.
- Learn to attack your network before others do
- IT security teams and administrators
- Good level of IT security
- 8 hours
- English, German
- Training materials freely available
- Penetration Testing - An Introduction - Training Materials
Introduction to (Malware) Reverse Engineering
- It is not unusual to detect unknown software on computer systems. Identifying if the software is malicious or benign is a critical (and expensive) task. This course aims to develop skills to perform basic Malware Reverse Engineering.
The goal of this course is to set up a malware laboratory for each student and to get introduced into the most successful malware reverse engineering strategies.
- Get an overview of malware analysis techniques
- Create a custom lab environment
- Be able to collect indicators if a file is malicious or benign
- Develop strategies to collect Indicators of Compromise (IOCs)
- Build-up some solid grounds for further studies
- Not in scope
- Learn x86 assembler
- Get deep into reverse engineering
- Security Engineers, Administrators, Managers
- Linux/UNIX experience
- Good knowledge of Windows internals
- Knowledge about control flows in programming languages
- Understanding of TCP/IP networks, DNS, proxy, firewall
- Very basic x86 assembler understanding is an advantage
- 16 hours or 24 hours
- English, German
MISP Malware Information Sharing Platform - Threat Sharing
- MISP is an advanced platform for sharing, storing and correlating Indicators of Compromises (IOCs) from attacks and cybersecurity threats. Today, MISP is used in multiple organizations to store, share, collaborate on malware, and also to use the IOCs to detect and prevent attacks. The aim of this trusted platform is to help improving the countermeasures used against targeted attacks and set up preventive actions. MISP becomes a full-feature information and threat sharing platform to support operational and tactical cybersecurity intelligence.
- The training will show the platform, its functionalities and demonstrate how to benefit most from sharing, commenting and contributing on it. At the end of the day, every participant will be knowledgeable in information sharing about cybersecurity threats and become a proficient MISP user and threat intel handler.
- MISP usage how it can be used to support your operational cybersecurity intelligence. A practical overview of MISP and how to use it from a user perspective.
- MISP interfaces and API. How to use and extend MISP to support your information security operational teams using programmatic interfaces.
- Be part of the MISP future, how to contribute to MISP not only as a developer but as an active contributor (from documentation to taxonomies).
- Security Engineers, ICT Administrators, Analysts
- Good knowledge of information security fundamentals
- 6:00 hours
- Training materials freely available, contains also a schedule of announced trainings
- MISP - Malware Information Sharing Platform & Threat Sharing - Training Materials
How can I register for a training
If you would like to register for a training, you can contact us. Training are organized on request per organization, granting a safe and friendly place for open discussion about incident handling. Some of the trainings, especially the MISP training, are usually scheduled and given at various places throughout the world.