Module 1 – Incident management and threat assessment
- Engagement lifecycle management
- Incident chronology
- Record keeping, interim reporting, and final results
- Threat assessment
Module 2 – Network threat monitoring and discovery
- IP protocols and network architectures
- Common classes of tools
- OS and application fingerprinting
- Network access control analysis
- Cryptography and applications of cryptography
- File system permissions and host analysis techniques
- Understanding common data formats
- Exercises:
- Reviewing HTTP and HTTPS traffic using a network analyser
- Identifying network connections with netstat
- Password cracking using NMAP
- Analysing file permissions in Linux
Module 3 – Background information gathering and open source intelligence
- Registration records and DNS analysis
- Open source investigation and web enumeration
- Extraction of document metadata
- Community knowledge sources
- Exercises:
- Using DNSrecon to enumerate a website
- Performing Google Dorking to gather target information
- Gathering intelligence on domains using OSINT-spy
- Using tools to monitor crypto transactions and abuse
- Investigating IP addresses with OSINT tools
Module 4 – Threat detection and treatment
- Network traffic capture, logs, and configuration security
- Identifying unusual protocol behaviour, beaconing, and encryption misuse
- Command and control channels, data exfiltration, reconnaissance
- Internal spread, privilege escalation, and managing false positives
- Exercises:
- Examining PCAP data
- Analysing torrent traffic
- Reviewing Apache logs using Excel
- Investigating a large firewall dataset
- Performing social engineering attacks
Module 5 – Analysing threat intrusions
- Host-based data acquisition and live analysis setup
- Windows file systems, file structures, and registry essentials
- Identifying suspect files and storage media analysis
- Memory analysis and infection vectors
- Malware behaviours, anti-forensics, and rootkit identification
- Exercises:
- Capturing and examining memory artefacts
- Examining external media, browser, account usage, and emails
- Analysing Windows artefacts in an espionage scenario
- Detecting exploit kits within a network
- Creating malware samples for testing
- Identifying rootkits using chkrootkit
Module 6 – Threat detection engineering and malware discovery
- Anti-reverse engineering techniques
- Functionality identification and Windows architecture
- API development and binary code structures
- Cryptographic techniques and processor architectures
- Windows executable formats, obfuscation, and hiding techniques
- Malware behavioural analysis and reporting
Exams and assessments
This course includes the National Cyber Security Center (NCSC) assured training exam:
- Online proctored exam taken after the course
- Duration: 90 minutes
- Format: 60 multiple-choice questions
- Passing score: 60%
- Successful learners receive a digital badge
Hands-on learning
This course provides extensive practical application, including:
- Scenario-driven exercises across all modules
- Network traffic analysis and log investigation
- Use of OSINT and threat intelligence tools
- Memory forensics and malware analysis techniques
- Realistic intrusion case studies to develop investigative skills