Threat Analysis
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC.
Monthly Subscription Starting at AED 99 + VAT
- Level Foundation
- Duration 27 hours
- Course by Cisco Learning and Certifications
-
Offered by
About
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC. By the end of the course, you will be able to: •Use the classic kill chain model to perform network security incident analysis • Describe the reconnaissance phase of the classic kill chain model • Describe the weaponization phase of the classic kill chain model • Describe the delivery phase of the classic kill chain model • Describe the exploitation phase of the classic kill chain model •Describe the installation phase of the classic kill chain mode l• Describe the command-and-control phase of the classic kill chain model • Describe the actions on objectives phase of the classic kill chain model • Describe how the kill chain model can be applied to detect and prevent ransomware • Describe using the diamond model to perform network security incident analysis • Describe how to apply the diamond model to perform network security incident analysis using a threat intelligence platform, such as ThreatConnect • Describe the MITRE ATTACK framework and its use • Walk-through the classic kill chain model and use various tool capabilities of the Security Onion Linux distribution •Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.Modules
Introduction
-
1
Videos
-
1
Readings
-
1
Discussion
1
Discussions
- Learner Introduction
1
Videos
- Introduction to Understanding Incident Analysis in a Threat-Centric SOC
1
Readings
- Introduction to Understanding Incident Analysis in a Threat-Centric SOC
Classic Kill Chain Model Overview
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Classic Kill Chain Model Overview Practice Quiz
1
Videos
- Classic Kill Chain Model Overview
1
Readings
- Classic Kill Chain Model Overview
Kill Chain Phase 1: Reconnaissance
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Kill Chain Phase 1: Reconnaissance Practice Quiz
1
Videos
- Kill Chain Phase 1: Reconnaissance
1
Readings
- Kill Chain Phase 1: Reconnaissance
Kill Chain Phase 2: Weaponization
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Kill Chain Phase 2: Weaponization Practice Quiz
1
Videos
- Weaponization
1
Readings
- Weaponization
Kill Chain Phase 3: Delivery
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Kill Chain Phase 3: Delivery Practice Quiz
1
Videos
- Kill Chain Phase 3: Delivery
1
Readings
- Kill Chain Phase 3: Delivery
Kill Chain Phase 4: Exploitation
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Kill Chain Phase 4: Delivery Practice Quiz
1
Videos
- Kill Chain Phase 4: Exploitation
1
Readings
- Kill Chain Phase 4: Exploitation
Kill Chain Phase 5: Installation
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Kill Chain Phase 5: Delivery Practice Quiz
1
Videos
- Kill Chain Phase 5: Installation
1
Readings
- Kill Chain Phase 5: Installation
Kill Chain Phase 6: Command-and-Control
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Kill Chain Phase 6: Delivery Practice Quiz
1
Videos
- Kill Chain Phase 6: Command-and-Control
1
Readings
- Kill Chain Phase 6: Command-and-Control
Kill Chain Phase 7: Actions on Objectives
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Kill Chain Phase 7: Delivery Practice Quiz
1
Videos
- Kill Chain Phase 7: Actions on Objectives
1
Readings
- Kill Chain Phase 7: Actions on Objectives
Applying the Kill Chain Model
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Applying the Kill Chain Model Practice Quiz
1
Videos
- Applying the Kill Chain Model
1
Readings
- Applying the Kill Chain Model
Diamond Model Overview
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Diamond Model Overview Practice Quiz
1
Videos
- Diamond Model Overview
1
Readings
- Diamond Model Overview
Applying the Diamond Model
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Applying the Diamond Model Practice Exam
1
Videos
- Applying the Diamond Model
1
Readings
- Applying the Diamond Model
MITRE ATTACK™ Framework
-
8
Readings
-
1
Assignment
1
Assignment
- MITRE ATTACK™ Framework Practice Exam
8
Readings
- Topic Introduction
- Pyramid of Pain
- Getting Started with the MITRE ATT&CK Framework
- Enterprise ATT&CK Matrix Components
- MITRE ATT&CK Matrices and Tactics
- MITRE ATT&CK Techniques and Strategies for Detection and Mitigation
- MITRE ATT&CK Navigator Web Application
- Create A Threat Model Using ATT&CK Framework
Wrap-Up
-
1
Videos
-
1
Readings
1
Videos
- Wrap-Up
1
Readings
- Wrap-Up
Course Exam
-
1
Assignment
1
Assignment
- Understanding Incident Analysis in a Threat-Centric SOC Course Exam
Introduction
-
1
Videos
-
1
Readings
1
Videos
- Introduction to Identifying Common Attack Vectors
1
Readings
- Introduction to Identifying Common Attack Vectors
DNS Operations
-
1
Videos
-
7
Readings
-
1
Assignment
1
Assignment
- DNS Operations Practice Exam
1
Videos
- DNS Operations
7
Readings
- DNS Operations
- DNS Mappings
- DNS Ports
- DNS Distributed Database
- DNS Terminology
- DNS RR Types
- The nslookup Utility
Dynamic DNS
-
1
Videos
-
3
Readings
-
1
Assignment
1
Assignment
- Dynamic DNS Practice Exam
1
Videos
- Dynamic DNS
3
Readings
- Dynamic DNS
- DDNS Operations
- Dynamic DNS
Recursive DNS Query
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Recursive DNS Query Practice Exam
1
Videos
- Recursive DNS Query
2
Readings
- Topic Introduction
- Recursive DNS Query
HTTP Operations
-
1
Videos
-
8
Readings
-
1
Assignment
1
Assignment
- HTTP Operations Practice Exam
1
Videos
- HTTP Operations
8
Readings
- Topic Introduction
- HTTP Protocol Fundamentals
- URI and URL
- HTTP Request Methods
- HTTP Request and Response Packets Capture Example
- HTTP Status Codes
- HTTP Cookies
- HTTP Referer
HTTPS Operations
-
1
Videos
-
4
Readings
-
1
Assignment
1
Assignment
- HTTPS Operations Practice Exam
1
Videos
- HTTPS Operations
4
Readings
- HTTPS Operations
- Topic Introduction
- HTTPS Operations
- Web Server Digital Certificate
HTTP/2 Operations
-
7
Readings
-
1
Assignment
1
Assignment
- HTTP/2 Operations Practice Exam
7
Readings
- Topic Introduction
- HTTP/2 Operations
- HTTP/2 Streams
- HTTP/2 Version Identification
- Other Features of HTTP/2
- HTTP/2 PCAP Example
- HTTP/2 Vulnerabilities
SQL Operations
-
1
Videos
-
3
Readings
-
1
Assignment
1
Assignment
- SQL Operations Practice Exam
1
Videos
- SQL Operations
3
Readings
- SQL Operations
- Topic Introduction
- SQL Commands
SMTP Operations
-
1
Videos
-
5
Readings
-
1
Assignment
1
Assignment
- SMTP Operations Practice Exam
1
Videos
- SMTP Operations
5
Readings
- SMTP Operations
- Topic Introduction
- SMTP Terminology
- SMTP Flow
- SMTP Conversation
Web Scripting
-
1
Videos
-
4
Readings
-
1
Assignment
1
Assignment
- Web Scripting Practice Exam
1
Videos
- Web Scripting
4
Readings
- Web Scripting
- Web Scripting
- Web Scripting
- Server-Side and Client-Side Scripting
Obfuscated JavaScript
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Obfuscated JavaScript Practice Exam
1
Videos
- Obfuscated JavaScript
2
Readings
- Topic Introduction
- Obfuscated JavaScript
Shellcode and Exploits
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Shellcode and Exploits Practice Exam
1
Videos
- Shellcode and Exploits
2
Readings
- Shellcode and Exploits
- Topic Introduction
Common Metasploit Payloads
-
1
Videos
-
5
Readings
-
1
Assignment
1
Assignment
- Common Metasploit Payloads Practice Exam
1
Videos
- Common Metasploit Payloads
5
Readings
- Common Metasploit Payloads
- Singles
- Stagers
- Stages
- Other Payloads
Directory Traversal
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Directory Traversal Practice Exam
1
Videos
- Directory Traversal
2
Readings
- Directory Traversal
- Topic Introduction
SQL Injection
-
1
Videos
-
3
Readings
-
1
Assignment
1
Assignment
- SQL Injection Practice Exam
1
Videos
- SQL Injection
3
Readings
- SQL Injection
- Topic Introduction
- Intrusion Prevention System Signatures
Cross-Site Scripting
-
1
Videos
-
3
Readings
-
1
Assignment
1
Assignment
- Cross-Site Scripting Practice Exam
1
Videos
- Cross-Site Scripting
3
Readings
- Cross-Site Scripting
- Topic Introduction
- Cross-Site Scripting
Punycode
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Punycode Practice Exam
1
Videos
- Punycode
2
Readings
- Punycode
- Topic Introduction
DNS Tunneling
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- DNS Tunneling Practice Exam
1
Videos
- DNS Tunneling
2
Readings
- DNS Tunneling
- Topic Introduction
Pivoting
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Pivoting Practice Exam
1
Videos
- Pivoting
2
Readings
- Pivoting
- Topic Introduction
HTTP 302 Cushioning
-
1
Videos
-
3
Readings
-
1
Assignment
1
Assignment
- HTTP 302 Cushioning Practice Exam
1
Videos
- HTTP 302 Cushioning
3
Readings
- HTTP 302 Cushioning
- Topic Introduction
- HTTP 302 Cushioning
Gaining Access Via Web-Based Attacks
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Gaining Access Via Web-Based Attacks Practice Exam
1
Videos
- Gaining Access Via Web-Based Attacks
2
Readings
- Gaining Access Via Web-Based Attacks
- Topic Introduction
Exploit Kits
-
2
Videos
-
4
Readings
-
1
Assignment
1
Assignment
- Exploit Kits Practice Exam
2
Videos
- Exploit Kits
- Exploit Kits
4
Readings
- Exploit Kits
- Topic Introduction
- Exploit Kits
- Exploit Kits
Emotet Advanced Persistent Threat
-
1
Readings
-
1
Assignment
1
Assignment
- Emotet Advanced Persistent Threat Practice Exam
1
Readings
- Emotet Advanced Persistent Threat
Wrap-Up
-
1
Videos
-
1
Readings
1
Videos
- Wrap-Up
1
Readings
- Wrap-Up
Course Exam
-
1
Assignment
1
Assignment
- Identifying Common Attack Vectors Course Exam
Introduction
-
1
Videos
-
1
Readings
-
1
Discussion
1
Discussions
- Learner Introduction
1
Videos
- Introduction to Identifying Malicious Activity
1
Readings
- Introduction to Identifying Malicious Activity
Understanding the Network Design
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Understanding the Network Design Practice Quiz
1
Videos
- Understanding Network Design
1
Readings
- Topic Introduction
Zero Trust Model
-
5
Readings
-
1
Assignment
1
Assignment
- Zero Trust Model Practice Quiz
5
Readings
- Topic Introduction
- Zero Trust Workforce Protections
- Zero Trust Workload Protections
- Zero Trust Workplace Protections
- Zero Trust Model Security Vision
Identifying Possible Threat Actors
-
1
Videos
-
6
Readings
1
Videos
- Identifying Possible Threat Actors
6
Readings
- Topic Introduction
- Script Kiddies
- Hacktivists
- Organized Crime
- State-Sponsored/Nation-State Actors
- Insider Threat
Log Data Search
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Log Data Search Practice Quiz
1
Videos
- Log Data Search
2
Readings
- Topic Introduction
- Modeling Network Attacks
System Logs
-
1
Videos
-
5
Readings
-
1
Assignment
1
Assignment
- Practice Quiz
1
Videos
- System Logs
5
Readings
- System Logs
- Log File Locations and Log Files
- Configuring Syslog
- Selector Syntax
- Action Syntax
Windows Event Viewer
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- System Logs Practice Quiz
1
Videos
- Windows Event Viewer
1
Readings
- Windows Event Viewer
Firewall Log
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Firewall Log Practice Quiz
1
Videos
- Firewall Log
1
Readings
- Firewall Log
DNS Log
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- DNS Log Practice Quiz
1
Videos
- DNS Log
1
Readings
- DNS Log
Web Proxy Log
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Web Proxy Log Practice Quiz
1
Videos
- Web Proxy Log
1
Readings
- Web Proxy Log
Email Proxy Log
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Email Proxy Log Practice Quiz
1
Videos
- Email Proxy Log
1
Readings
- Email Proxy Log
AAA Server Log
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- AAA Server Log Practice Quiz
1
Videos
- AAA Server Log
1
Readings
- AAA Server Log
Next Generation Firewall Log
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Next Generation Firewall Log Practice Quiz
1
Videos
- Next Generation Firewall Log
1
Readings
- Next Generation Firewall Log
Applications Log
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Applications Log Practice Quiz
1
Videos
- Applications Log
1
Readings
- Applications Log
NetFlow
-
1
Videos
-
3
Readings
-
1
Assignment
1
Assignment
- Netflow Practice Quiz
1
Videos
- NetFlow
3
Readings
- NetFlow
- NetFlow
- References
NetFlow as a Security Tool
-
1
Videos
-
3
Readings
-
1
Assignment
1
Assignment
- NetFlow as a Security Tool Practice Quiz
1
Videos
- NetFlow as a Security Tool
3
Readings
- NetFlow as a Security Tool
- Network as a Sensor
- NetFlow as Security Tool Examples
Network Behavior Anomaly Detection
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Network Behavior Anomaly Detection Practice Quiz
1
Videos
- Network Behavior Anomaly Detection
1
Readings
- Network Behavior Anomaly Detection
Data Loss Detection Using NetFlow Example
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Data Loss Detection Using NetFlow Example Practice Quiz
1
Videos
- Data Loss Detection Using NetFlow Example
1
Readings
- Data Loss Detection Using NetFlow Example
DNS Risk and Mitigation Tool
-
1
Videos
-
4
Readings
-
1
Assignment
1
Assignment
- DNS Risk and Mitigation Tool Practice Quiz
1
Videos
- DNS Risk and Mitigation Tool
4
Readings
- DNS Risk and Mitigation Tool
- Fast Flux and Botnets
- Double IP Flux
- Domain Generation Algorithm
IPS Evasion Techniques
-
1
Videos
-
7
Readings
-
1
Assignment
1
Assignment
- IPS Evasion Techniques Practice Quiz
1
Videos
- IPS Evasion Techniques
7
Readings
- IPS Evasion Techniques
- Traffic Fragmentation
- Traffic Substitution and Insertion
- Encryption and Tunneling
- Protocol-Level Misinterpretation
- Resource Exhaustion
- Timing Attacks
The Onion Router
-
3
Readings
-
1
Assignment
1
Assignment
- The Onion Router Practice Quiz
3
Readings
- The Onion Router
- Tor Relays
- Detecting Tor Traffic
Gaining Access and Control
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Gaining Access and Control Practice Quiz
1
Videos
- Gaining Access and Control
2
Readings
- Gaining Access and Control
- Nyetya Ransomware Event
Peer-to-Peer Networks
-
5
Readings
-
1
Assignment
1
Assignment
- Peer-to-Peer Networks Practice Quiz
5
Readings
- Peer-to-Peer Networks
- BitTorrent Application
- Risks of P2P File Sharing
- Botnets
- Detecting Malicious Encrypted P2P Traffic
Encapsulation
-
3
Readings
-
1
Assignment
1
Assignment
- Encapsulation Practice Quiz
3
Readings
- Encapsulation
- DNS Tunnels
- Other Tunnels
Altered Disk Image
-
3
Readings
-
1
Assignment
1
Assignment
- Altered Disk Image
3
Readings
- Altered Disk Image
- Software Image Verification
- Secure Boot
Wrap-Up
-
1
Videos
-
1
Readings
1
Videos
- Wrap-Up
1
Readings
- Wrap-Up
Course Exam
-
1
Assignment
1
Assignment
- Identifying Malicious Activity
Introduction
-
1
Videos
-
1
Readings
1
Videos
- Introduction
1
Readings
- I
Network Baselining
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Network Baselining Practice Quiz
1
Videos
- Network Baselining
2
Readings
- Network Baselining
- Core Baseline Process
Identifying Anomalies and Suspicious Behaviors
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Identifying Anomalies and Suspicious Behaviors Practice Quiz
1
Videos
- Identify Anomalies and Suspicious Behaviors
1
Readings
- Identifying Anomalies and Suspicious Behaviors
PCAP Analysis
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- PCAP Analysis Practice Quiz
1
Videos
- PCAP Analysis
1
Readings
- PCAP Analysis
Delivery
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Delivery Practice Quiz
1
Videos
- Delivery
1
Readings
- Delivery
Wrap-Up
-
1
Videos
-
1
Readings
1
Videos
- Wrap-Up
1
Readings
- Wrap-Up
Course Exam
-
1
Assignment
1
Assignment
- Identifying Patterns of Suspicious Behavior Course Exam
Auto Summary
Embark on a comprehensive journey into cybersecurity with the "Threat Analysis" course, designed specifically for associate-level cybersecurity analysts working in Security Operation Centers. This foundational course dives into the intricacies of Incident Analysis in a Threat-Centric SOC, leveraging essential models and frameworks to enhance your analytical capabilities. Throughout the course, you will master the classic kill chain model, learning to dissect each phase—from reconnaissance to actions on objectives. Gain the skills to apply this model in detecting and preventing ransomware. Additionally, explore the diamond model and its application in network security incident analysis using tools like ThreatConnect. The course also covers the MITRE ATTACK framework, providing a robust understanding of its uses in threat detection and response. Practical sessions include a walk-through of the classic kill chain model, utilizing the capabilities of the Security Onion Linux distribution for hands-on experience. To excel in this course, a background in Cisco Solutions (CCNA), knowledge of Ethernet and TCP/IP networking, and familiarity with Windows and Linux operating systems are recommended. Basic networking security concepts will also be advantageous. Offered by Coursera, this extensive 1620-minute course is available under the Starter subscription. Join this course to fortify your cybersecurity expertise and advance your career in IT & Computer Science.
Cisco Learning & Certifications