-
We provide hands-on instruction on performing tunneling from SSH tunnels, proxy tunnels, TOR tunneling over SOCKS and other tunneling mechanisms through open-source projects and commercial systems. Participants of this course will be able to tunnel traffic using our cyber-range to become adept and familiarized with tunneling techniques by the first day. The second day of this course focuses on tradecraft associated with tunneling techniques learned. We provide the tools to visualize and understand how network defenders can identify tunneling techniques and how they can prevent such activity. Designed by operators for operators, this accelerated course is designed to help understand communications tunneling techniques and tradecraft related to cyber operations. NICCS Course Link -
This self-paced 16-hour course teaches participants how to perform initial incident response on Windows systems, covering both basic and advanced responder actions to minimize incident impact and cost. The curriculum is tailored for Windows system administrators at an intermediate (Level 2) proficiency. Through scenario-based lessons and hands-on labs, students will learn to respond to unexpected outages, malicious activities (sabotage, insider threats, ransomware), and perform forensic evidence collection (disk imaging, memory capture) using only open-source tools. Emphasis is placed on secure out-of-band communication during incidents, effective team coordination, and sound tactical decision-making under pressure. By course end, attendees will be equipped to handle Windows security incidents using modern techniques and tools relevant to FY2026, without relying on any commercial software. Designed by operators for operators, this accelerated course is designed to help perform initial incident response activity on Windows systems. NICCS Course Link -
This self-paced 16-hour course teaches participants how to perform initial incident response on Linux systems, covering both basic and advanced responder actions to minimize incident impact and cost. The curriculum is tailored for Linux system administrators (e.g. Ubuntu and Red Hat/CentOS environments) at an intermediate (Level 2) proficiency. Through scenario-based lessons and hands-on labs, students will learn to respond to unexpected outages, malicious activities (sabotage, insider threats, ransomware), and perform forensic evidence collection (disk imaging, memory capture) using only open-source tools. Emphasis is placed on secure out-of-band communication during incidents, effective team coordination, and sound tactical decision-making under pressure. By course end, attendees will be equipped to handle Linux security incidents using modern techniques and tools relevant to FY2026, without relying on any commercial software. Designed by operators for operators, this accelerated course is designed to help perform initial incident response activity on Linux systems. NICCS Training Link -
Designed by operators for managers and leaders, this accelerated course is designed to help perform incident response management. This course instructs on managing first responders during incidents. This course is built on the latest NIST guidelines and best practices. Incident response is treated as a critical component of enterprise risk management, integrated across organizational operations. Participants will learn to align their incident handling with the NIST Cybersecurity Framework (CSF) 2.0; covering all six core Functions (Identify, Protect, Detect, Respond, Recover, and the newly added Govern function and follow the updated NIST SP 800-61 Rev. 3 incident management recommendations. Special emphasis is placed on robust log management (per NIST SP 800-92 Rev. 1) to enable early threat detection and forensic analysis, since continuous monitoring and analysis of logs is highly beneficial for identifying security incidents shortly after they have occurred Target audience: IT managers, CISOs, and cybersecurity team leaders in both public and private sector. This course will leave you with the confidence and a proven framework to manage cyber incidents from preparation through recovery. NICCS Training Catalogue Link -
This intensive 2-day course delivers a deep dive into securing, hardening, and testing containerized workloads. Participants gain hands-on experience with container internals, kernel-level isolation, and orchestration security, while also learning to simulate and mitigate real-world attack scenarios.
Over 16 hours of instruction and labs, you’ll explore both Linux and Windows container escape prevention, Kubernetes auditing, and controlled offensive testing techniques. By the end, you will be able to:
-
Identify and mitigate common misconfigurations.
-
Apply kernel capabilities, namespaces, and mandatory access controls for stronger isolation.
-
Audit Kubernetes deployments for security gaps.
-
Use containers to safely analyze malware and observe network behaviors.
-
Run security-critical workflows in isolated container environments.
Level: Intermediate— Technical practitioners with container experience
Designed by operators for operators, this accelerated course is designed to help understand container security. NICCS Course List
Duration: 2 Days (16 Hours) -
