Incident Response Black Hat Edition


Register Now


As the sophistication and threats caused by malicious attacks continue to increase, Mandiant has raised the bar of effective detection, response, and remediation by introducing their Incident Response (IR) class. This two-day Special Edition class has been specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area. Hands on exercises and labs in Windows Intrusion as well as the following topics are covered:

  • The incident response process
  • The roles and responsibilities of each member of the IR team
  • How to rapidly detect attacks
  • Reviewing and interpreting log files
  • Performing live response on compromised systems
  • Identifying, collecting and analyzing volatile evidence from a running system
  • Anti-forensic techniques used by attackers
  • Detecting malicious software, rootkits and backdoors through memory forensics

What to bring:

Students must bring their own Laptop with a version of Microsoft Windows installed and possess Administrator rights. Be prepared to install software, analyze drive images, and handle malicious code. Laptops should have the following software installed.

  • Microsoft Office or Open Office

Students who cannot meet the laptop requirements because of onsite registration or other reasons, please contact MANDIANT at to see if a laptop can be provided for you.

What You Will Get:

  • Student Manual
  • Class handouts
  • MANDIANT gear

Who Should Attend the Class:

Anyone involved in the information technology and information security fields responsible for responding to computer intrusions or securing corporate networks. The class covers the basics of the incident response process and proper handling of incidents as well as advanced investigative techniques used to respond to computer intrusions.


Students must be familiar with executing command line utilities as an Administrator and navigating the Windows file system using the command line.

Basic knowledge of the following concepts is required:

  • Microsoft Windows operating system fundamentals, including:
    • File system structure
    • Registry
    • Active Directory and basic Windows security controls
  • Networking fundamentals, including:
    • OSI model
    • TCP/IP basics
    • Common Windows protocols


Chris Nutt is a Manager within the Professional Services Division of MANDIANT. Mr. Nutt has seven years of experience in enterprise level incident response working with the federal government, defense industrial base, and fortune 100 companies. He has extensive experience in incident response, computer forensics, remediation strategies, and project management.

Mr. Nutt has extensive experience leading and conducting incident response and forensic analysis engagements for government entities and the Fortune 100. He has led high visibility investigations into government sponsored intelligence gathering operations as well as the theft of payment card industry information. He regularly assists organizations in developing remediation strategies designed to remove sophisticated attackers from client networks.

Mr. Nutt teaches computer incident response to the fortune 100, FBI, and other government agencies. He is responsible for delivery and technical content of incident response training courses during which Mr. Nutt teaches students how to manage investigations and collect and analyze data.

Prior to joining MANDIANT, Mr. Nutt was a member of the Marine Computer Emergency Response Team (MARCERT). During his time there, Mr. Nutt advanced the Marine Corps incident response capability by developing processes and tools utilized during intrusion investigations across the worldwide deployment of Marine networks and communities of interest. In this capacity, Mr. Nutt was the incident response duty expert and responsible for coordinating efforts with Joint Task Force Global Network Operations (JTF-GNO), service level CERT's, and Naval Criminal Investigative Service (NCIS). He has experience supervising and leading forensic analysts and incident responders, as well as software development teams.

Ryan Kazanciyan is a Principal Consultant with Mandiant and has eight years of experience specializing in incident response, forensic analysis, penetration testing, and web application security. He has most recently conducted intrusion investigations and remediation efforts for organizations in the technology, financial services, and defense industrial base sectors. Mr. Kazanciyan has experience with analysis of host and network-based indicators of compromise, disk and memory forensics, and malware identification and triage. He also helped victim organizations develop and implement remediation steps to address existing vulnerabilities and enhance security controls.

In addition to his experience in incident response, Mr. Kazanciyan has an extensive background managing and executing large penetration testing engagements in Windows and Unix environments, social engineering, and wireless assessments. Ryan also is proficient in application security and has conducted black-box and source-code assessments for web applications and "thick" clients.

Mr. Kazanciyan has leveraged his consulting experience to lead training sessions for a variety of audiences in law enforcement, the federal government, and corporate security groups. He has taught courses on incident response, forensic analysis, penetration testing, and web application security. He has also presented at a variety of security industry events including Black Hat Federal, ShmooCon, and the DoD CyberCrime Conference.

Ends August 15
Ends October 17
Ends December 12