GIAC Certified Incident Handler (GCIH) Certification Training

GCIH Certification Training Course Overview

The certification course validates a practitioner's ability to detect, respond, and resolve computer security incidents using a wide range of essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.


  • Incident handlers
  • Incident handling team leads
  • System administrators
  • Security practitioners
  • Security architects
  • Any security personnel that are first responders

GIAC Certified Incident Handler (GCIH) Certification Training (Duration : 40 Hours) Download Course Contents

Course Details Schedule
Live Virtual Classroom (Instructor-Led)
Duration : 5 Days (10 Days for 4 Hours/Day)
Fee : On Request
9 AM - 5 PM (Flexible Time Slots for 4 hours option)

8 Hours/Day
8 Hours/Day
8 Hours/Day
Client's Location
As per mutual convenience
Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request

Special Solutions for Corporate Clients! Click here

Hire Our Trainers! Click here

Request More Information

Course Prerequisites

  • There are no special prerequisites for candidates wishing to take the GCIH exam.

Upon completion of this course, you will be able to accomplish:

  • Gathering information about any inbuilt tools like and be able to interpret the information generated from such them.
  • Knowledge around the DNS and how misconfiguration like DNS Zone can be identified using tools such as nslookup, dig, etc.
  • Knowledge of how to use web search engines for reconnaissance such as GHDB.
  • How to map networks to reveal misconfigurations and vulnerabilities.
  • An understanding of ports mapping and OS fingerprinting.
  • How to evade certain network security tools such as IDS/IPS when launching a mock Cyber-attack.
  • Knowledge of different vulnerability management tools such as Nessus, Nikto, etc.
  • How to configure SMB mapping to gather information around the Windows environment. This includes executing various commands to map and enumerate smb shares both from Windows to Windows and Linux to Windows OS environments.
  • Gathering information and mapping network, services.
  • Knowledge around Netcat to achieve persistence and data transfer.
  • Configuring around IP address and the ability to spoof with tools like Wireshark and Dsniff etc.
  • Know the fundamentals around Session hijacking using tools like Ettercap.
  • How to launch DNS cache poisoning attacks and mitigating them as well.
  • How Buffer overflow attack works as well as the various parser problems such as protocol parser for a buffer overflow situation.
  • How the Windows OS stores password hashes and how they can be extracted via a brute force attack using tools such as John the Ripper, Cain & Abel, Rainbow Tables, etc.
  • How the Pass the Hash attack works.
  • A knowledge of worms
  • Knowledge of Bots, how are they distributed, and communicate amongst one another.
  • An understanding on the OWASP Top 10 Attacks list, such as SQL Injections, Cross Site Scripting, etc.
  • How Distributed Denial (DDoS) attacks can be launched, their types and defenses.
  • How to maintain access to a rooted system.
  • Know what backdoors are and how they work in the software development world.
  • A working knowledge around rootkits, in particular (User Mode Rootkit and Kernel Mode Rootkit)