Course Outline:
System and network architecture concepts
Log ingestion, time sync, and logging levels
OS concepts: Registry, processes, hardening
Infrastructure: serverless, containers, virtualization
Network segmentation, zero trust, SDN
Identity & Access: MFA, SSO, PAM, CASB
Encryption & DLP
Analyze indicators: network, host, application, other
Tools: Wireshark, SIEM, EDR, VirusTotal
Techniques: scripting, pattern recognition
Threat actor types: APTs, insider, nation-state
Collection methods: open and closed sources
Threat hunting concepts and active defense
Vulnerability scanning methods and concepts
Output analysis of scanning tools
Prioritize vulnerabilities using CVSS
Mitigation techniques: scripting flaws, misconfigurations
Response handling: compensating controls, patching
Attack surface management, SDLC, threat modeling
Attack methodologies: MITRE ATT&CK, kill chain
IR activities: detection, containment, recovery
Post-incident: root cause, forensics, lessons learned
Vulnerability and compliance reporting
Action planning and remediation inhibitors
KPIs, risk scores, SLOs
Incident communication and escalation
Stakeholder communication: legal, PR, regulators
Metrics: MTTD, MTTR, alert volume