Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Technical cybersecurity training

Technical Training Courses

Learn cybersecurity to be ready for the threats and industry demands of tomorrow
Choose your course Request a custom program
Choose your course Request a custom program
500+
sessions delivered
worldwide
6,000
cybersecurity
professionals trained
30+
countries where our
sessions are delivered
4
training languages

Choose the cybersecurity
course your team needs

Scheduled courses for open groups

Regular open-group sessions run year-round on a published global schedule.
They can also be arranged for private groups on request.

3 days Coming soon
Threat Hunter
Advanced, hypothesis-driven threat hunting training for technical specialists who need to move beyond reactive detection and recognize attacker behavior across complex multi-host environments.
Learn more
3 days Coming soon
Threat Intelligence Analyst
Practical threat intelligence training for analysts who need to operationalize intelligence within SOC and incident response workflows, from foundational concepts through to structured reporting for technical teams and stakeholders.
Learn more
3 days Coming soon
Incident Responder
Structured incident response training covering the full lifecycle, from initial triage through to post-incident activity, with hands-on work across Windows forensic artifacts, event logs, registry data, and malicious documents.
Learn more

On-request courses for private groups

These courses are designed for specialized audiences and are available only on request.

2 days Only for law enforcement
OSINT Specialist
Specialized OSINT training course covering anonymity techniques, open-source intelligence collection, dark web analysis, and the preservation of findings as legally admissible evidence.
Learn more
2 days Online | Offline English | Arabic Only for law enforcement
Cyber Investigator
Advanced cyber investigation training course focused on underground ecosystem analysis, attacker deanonymization, network infrastructure correlation, and cryptocurrency tracing.
Learn more
2 days
Fraud Analyst
Practical antifraud training course covering behavioral analytics, device identification, session-based attack detection, and fraud investigation methodology for risk teams, technical specialists, and security leaders.
Learn more
4 days
Windows DFIR Analyst
Advanced digital forensics training course that covers forensic image acquisition, Windows artifact analysis, memory forensics, and attack reconstruction using intelligence-driven investigation workflows.
Learn more
2 days
Linux DFIR Analyst
Practical Linux forensics training course covering evidence collection, file system analysis, memory acquisition, and detection of persistence and attack traces in *nix environments.
Learn more
2 days
Network Forensics Analyst
Practical network forensics training course focused on network evidence collection, traffic capture and analysis, DNS and HTTP artifact examination, and attack reconstruction for incident response.
Learn more

From theoretically ready
to genuinely prepared

When a breach hits, certificates and completed lectures are not the ones to make the
decisions. Your team is. Group-IB training courses turn attendees into strong
professionals who can prevent, detect, respond, and investigate with confidence.

Methodology as a priority
Methodology as a priority

Courses are built around the methodology and AI-driven approaches that Group-IB experts use in daily engagements. Theory can be found in an always-accessible knowledge base, while live sessions are reserved for practice.

Scenarios from real-life cases
Scenarios from real-life cases

Training scenarios are drawn from actual adversary behavior observed across ransomware, APT, BEC, fraud operations, and dark web investigations. All scenarios are tailored to the threats most relevant to your team.

Practitioners as instructors
Practitioners as instructors

Every session is delivered by practicing Group-IB specialists who handled real incidents recently, not many years ago.

Full execution, not just exposure
Full execution, not just exposure

Participants build hypotheses, analyze telemetry, examine forensic artifacts, correlate attacker infrastructure, and produce analytical reports under realistic conditions.

Access to Group-IB technology
Access to Group-IB technology

Training includes hands-on access to the following Group-IB tools: Threat Intelligence, Managed XDR, Investigation Graph, Attack Surface Management, and Fraud Protection — the same stack we use in live operations.

Relevant regional threats
Relevant regional threats

Group-IB’s Digital Crime Resistance Centers across EMEA, APAC, AMER, and LATAM mean that every scenario reflects the threat landscape your team actually operates in, not a generic template.

Tailored cybersecurity training programs

No two teams have the same gaps. We can build tailored Group-IB training programs after conducting skills assessments and operational interviews. Just like puzzle pieces, you can put modules together into a structured program that addresses what your team needs to improve on specifically.

Programs may run hours to months, depending on the request scope and complexity, and can be delivered on-site, remotely, or in a hybrid format, in any region where Group-IB operates a Digital Crime Resistance Center.

For non-technical staff and management
Cybersecurity awareness Hi-tech crime trends Crisis management strategies
For security leadership
Incident response preparedness gaps Threat intelligence program development Building the ultimate SOC
For technical specialists
Cybersecurity fundamentals SOC fundamentals Monitoring and detection Vulnerability management Incident response Threat intelligence Digital forensics Network forensics Cloud forensics Threat hunting Malware analysis Cybercrime investigations Penetration testing Red and purple teaming
Request a custom program

Meet the trainers

They are the best in their domain. Hard to access. Straight from the battlefield.

Svetlana Ostrovskaya
Svetlana Ostrovskaya
Head of Education Practice
Svetlana Ostrovskaya

Experienced DFIR practitioner who has delivered educational programs in 30+ countries. Co-author of Practical Memory Forensics and Incident Response for Windows. Designs training courses grounded in response methodology and executive counseling experience.
Jia Hwei Soh
Jia Hwei Soh
Head of High-Tech Crime Investigation, APAC
Jia Hwei Soh

10+ years of experience in threat intelligence, threat hunting, and digital forensics. Led investigations with INTERPOL and regional law enforcement.

Anna Yurtaeva
Anna Yurtaeva
Head Of High-Tech Crime Investigation, META
Anna Yurtaeva

100+ high-tech cybercrime investigations into cases involving crimes such as ransomware, DDoS, and phishing. Expert in deanonymization and infrastructure attribution.
Nam
Le Phuong
Nam
Le Phuong
Senior Dfir Specialist
Nam
Le Phuong

13+ years of experience in cybersecurity. MITRE ATT&CK® contributor. Specializes in advanced ransomware and post-compromise incident support.
Stepan Kechko
Stepan Kechko
Head Of Fraud Analysis, Meta
Stepan Kechko

Leads cyber fraud analytics in the Middle East, Turkey, and Africa. Expert in financial crime investigation and high-risk market fraud patterns.
Ahmed Nosir
Ahmed Nosir
Cybersecurity Consultant
Ahmed Nosir

Former penetration tester who transitioned to DFIR. 3+ years in SOC operations and participation in many complex incident response cases..
Daria Shcherbatyuk
Daria Shcherbatyuk
Graph Product Owner & Cybercrime Investigation Specialist
Daria Shcherbatyuk

6+ years of experience in threat hunting and digital forensics. Bridges investigative methodology with graph-based cybercriminal infrastructure analysis.
Moataz
Nasr
Moataz
Nasr
Cybersecurity Consultant
Moataz
Nasr

Specialist in penetration testing and incident response. Leads hands-on sessions in incident response, digital forensics and offensive security.
Andrei Loshchev
Andrei Loshchev
Team Lead, Fraud Consulting Analyst, Meta
Andrei Loshchev

Leads fraud analytics and research. Focuses on detecting anomalies, protecting digital identity, and integrating machine learning into practical fraud defense.
Alisher Abdullaev
Alisher Abdullaev
Cyber Fraud Analyst
Alisher Abdullaev

Background in data engineering and analytics. His training courses emphasize data-driven antifraud investigations and systematic analytical thinking.
Anvar Anarkulov
Anvar Anarkulov
Team Lead, Fraud Analyst, Central Asia
Anvar Anarkulov

Expert in cyber fraud prevention in fintech. Covers mobile malware-based fraud and bypass techniques used by attackers to evade protection systems.
“Group-IB trainers don't need to imagine what attackers might do. We teach what we've seen them do, across more than 1,600 investigations conducted in every major region and industry. Every course module can be traced back to a real case.”
Svetlana Ostrovskaya
Svetlana Ostrovskaya
Head of Education Practice

What our attendees say

“This training helped me gain a better understanding of current cybersecurity trends and the different levels of threat intelligence. The approach to Priority Intelligence Requirements will help me structure intelligence needs according to business priorities. The instructors were knowledgeable and engaging, effectively explaining complex concepts with practical examples.”

— Threat Intelligence Analyst Course

“This training course has changed my mindset from operational to Threat Hunter. The hands-on labs were the most valuable part — I already knew the theory, but learning the tools and actually using them made the difference.”

— Threat Hunter Course

“The training sessions were incredibly valuable, offering detailed insights that will significantly benefit our teams in Information Security, Anti-Fraud, AML, Card Fraud, and IT. The strategies and knowledge shared will help strengthen our defence against cyber threats, and we deeply appreciate the depth of expertise brought to the table.”

— Fraud Analyst Course participant

“10 out of 10. The course gave me a strong grasp of the tools, sharpened my investigation skills, and changed the way I think about incident response — how to work smarter with collected data.”

— Incident Responder Course participant

Don’t see what you need?

Our team can walk you through choosing the right course or scope a tailored
program for your organization.

Technical training can be delivered as part of the Group-IB Services Retainer

Group-IB Services Retainer

FAQ

What is technical cybersecurity training?

Technical cybersecurity training develops hands-on operational skills in threat hunting, incident response, digital forensics, threat intelligence, cyber investigation, and fraud protection.

Who would benefit from Group-IB cybersecurity training?

Group-IB training is designed for SOC analysts, incident response teams, threat hunters, threat intelligence analysts, digital forensics specialists, fraud analysts, and law enforcement investigators. It is suitable for enterprise security teams, MSSPs, financial institutions, telecom operators, government entities, and critical infrastructure organizations.

What cybersecurity courses does Group-IB offer?

Group-IB offers the Threat Hunter, Threat Intelligence Analyst, SOC Analyst, Penetration Tester, Building Ultimate SOC, and Incident Responder courses on a published global schedule. The OSINT Specialist Course, the Cyber Investigator Course, and the Fraud Analyst Course are available for private groups, on request.

Are Group-IB courses available online?

Yes. All the regular courses are delivered online. However, all the tailored courses and private groups are available both online and on-site.

Can training be delivered on-site at our organization?

Yes. Group-IB delivers tailored training on-site, remotely, or in a hybrid format in Europe, the Middle East, Asia-Pacific, Central Asia, Latin America, and other regions, through its Digital Crime Resistance Center network.

Is Group-IB training suitable for financial institutions and regulated industries?

Yes. Training scenarios reflect the attack types that most often target regulated industries, including ransomware, fraud, APT activity, and business email compromise. Group-IB regularly trains teams from banks, fintech companies, insurance providers, and government agencies across EMEA, APAC, LATAM, and META.

How do I justify the training cost internally?

For tailored training programs, Group-IB can provide capability assessment results and a structured capability development narrative to support internal budget discussions.
All training programs are built around real investigative methodology and practical exercises, so teams develop operational skills and gain direct exposure to threat intelligence, attacker behavior, and investigation workflows observed in real incidents.

These outcomes help organizations demonstrate improved incident response readiness, reduced dwell time, and documented team capability — all of which support board-level risk reporting, regulatory compliance, and cyber insurance underwriting conversations.

How do we measure whether the training was successful?

Tailored programs begin with a skills assessment that establishes a baseline. Outcomes are measured against defined capability objectives, and Group-IB provides a clear capability development report at the end of the tailored program. For regular courses, participant performance during practical cases provides a clear indicator of readiness gains.

For Incident Response, Threat Hunting, and Threat Intelligence courses, we also use a flag-based evaluation system that measures participants’ ability to complete practical tasks.

What is a tailored cybersecurity training program?

A tailored program is a custom training journey built specifically for your organization. It begins with a skills assessment and operational interviews, then combines content across the domains most relevant to your team into a structured program aligned to your gaps. Programs can be delivered on-site, remotely, or in a hybrid format.

Can Group-IB training help develop SOCs?

Yes. Our tailored programs can be designed to support SOC capability development, detection engineering improvement, incident response maturity, and threat intelligence integration. They are often delivered alongside Group-IB SOC consulting or broader security transformation initiatives.

Can training be included in a Group-IB Services Retainer?

Yes. Technical cybersecurity training can be delivered as part of the Group-IB Services Retainer, which allows organizations to use pre-allocated hours for ongoing capability development without a separate procurement process.

Do participants receive a completion certificate?

Yes. Participants receive an official Group-IB course certificate upon successful completion of any training program.

How do we choose the right course for our team?

For tailored programs, Group-IB conducts an initial consultation to assess team maturity, operational challenges, industry exposure, and capability objectives. Based on our conclusions, we recommend a custom program that reflects any gaps in your team’s knowledge and experience.

For on-request courses and open-group sessions, our AI-powered assistant helps to identify the most relevant training based on your needs.