Threat Analysis

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC. By the end of the course, you will be able to: •Use the classic kill chain model to perform network security incident analysis • Describe the reconnaissance phase of the classic kill chain model • Describe the weaponization phase of the classic kill chain model • Describe the delivery phase of the classic kill chain model • Describe the exploitation phase of the classic kill chain model •Describe the installation phase of the classic kill chain mode l• Describe the command-and-control phase of the classic kill chain model • Describe the actions on objectives phase of the classic kill chain model • Describe how the kill chain model can be applied to detect and prevent ransomware • Describe using the diamond model to perform network security incident analysis • Describe how to apply the diamond model to perform network security incident analysis using a threat intelligence platform, such as ThreatConnect • Describe the MITRE ATTACK framework and its use • Walk-through the classic kill chain model and use various tool capabilities of the Security Onion Linux distribution •Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts

• Use classic kill chain model for network incident analysis
• Describe reconnaissance, weaponization, and delivery phases
• Explain exploitation, installation, and command-and-control phases
• Describe actions on objectives phase
• Apply kill chain model to detect and prevent ransomware attacks

• Basic computer and internet skills
• Ability to read course instructions in English and complete short practice activities