Course Description

CYBER 5W CERTIFIED THREAT ANALYST (CCTA) - On-Demand Course

The CYBER 5W Certified Threat Analyst (CCTA) course is a specialized program designed to provide a comprehensive understanding of threat analysis in cybersecurity.

This on-demand course equips learners with the knowledge and practical skills required to identify, assess, and prioritize cyber threats effectively. Through a structured curriculum, participants will delve into key concepts, including attack methodologies, triaging processes, and security operations workflows.
The course incorporates real-world case studies and hands-on exercises to enhance critical thinking and decision-making skills in fast-paced environments.

Upon completion, learners will gain a strong foundation in threat analysis and earn the prestigious CCTA certification, showcasing their ability to excel in SOC roles or other cybersecurity-focused positions. Ideal for cybersecurity enthusiasts, SOC analysts, and IT professionals, this course offers the flexibility to fit your schedule and advance your career in today’s ever-changing cybersecurity landscape.

Training Delivery Details

On Demand: Material | Certification of Completion | Exam Certification

The course material includes over 15+ Hands-on Labs

Syllabus

After completing this course, students will be able to demonstrate how to analyze malware, extract IOCs, and write a report about their analysis.

    Security Operation Center

  • Introduction
  • Log Sources
  • What is:
    • Threat Intelligence
    • Case Management
    • Mitre Attack
  • Building Your Own SOC
    • Elastic Search
    • Kibana
    • Collection Agents
    • EDR
  • ELK-Stack Navigation
  • Extending Logging Functionality
  • Threat Landscape and Attack Types
    • Overview of Cyber Attack Categories
    • Introduction to the MITRE ATT&CK Framework
    • Real-World Attack Campaigns Overview
  • Log Analysis and Event Correlation in SOC
    • Importance of Log Sources (Firewalls, Endpoint Devices, Network Logs)
    • Introduction to Event Correlation in SIEM
    • Understanding Key Log Fields for Different Attack Types
  • Phishing and Social Engineering Attacks
    • Analyzing Email Logs and Headers for Phishing Indicators
  • Brute Force Attacks
    • Analysis of Authentication Logs (Windows, Linux, Application)
    • Correlating Failed Login Attempts Across Different Log Sources
  • Web-Based Attacks
    • Detecting SQL Injection, Cross-Site Scripting (XSS), and Command Injection
    • Analyzing Web Server Logs for Suspicious Activity
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
    • Detecting DoS and DDoS Attack Patterns in Network Logs
    • Recognizing High Traffic Spikes and Anomalous Behavior
    • Coordinating with Network Teams for DDoS Mitigation
  • Ransomware Detection and Initial Response
  • Privilege Escalation Attempts
    • Detecting Signs of Privilege Escalation in Logs
    • Responding to Suspected Privilege Escalation Attempts
  • Insider Threat Detection
  • Lateral Movement Detection
    • Identifying Lateral Movement Techniques
    • Network and Host Logs Correlation for Lateral Movement Detection
  • Command-and-Control (C2) Traffic Detection
  • Credential Theft and Replay Attacks
  • Responding to False Positives and Noise Management
  • Real-World Attack Case Studies

Course Material

  • Slide Notes & Lab Documents

    Training material including the course slides, lab documents, and references for further reading.

  • Course Samples

    A copy of all the samples used during the training. Many of the samples have been custom built for the training.

  • Certificate of Attendance

    At the end of the course, you will receive a Certificate of Attendance that proves you have attended the course.

Learning Objectives

After completing this course, the student will be able to perform the following:

  • Investigate Real-World Attacks

  • Correlate Log Sources for Event Analysis

  • Detect and Mitigate Advanced Threats

  • Utilize Event Correlation in SIEM

  • Manage Insider Threats and Data Exfiltration

  • Establish Targeted Detection Rules

  • Optimize Alerting and Noise Management

  • Coordinate Comprehensive Incident Response

Prerequisites

  • Basic network understanding.
  • Ability to navigate computers freely.

    • Who is this CourFor?

  • SOC analysts.

  • System admins who want to enhance their understanding of environment monitoring.

  • Detection engineers looking to understand more about the attacks they are defending against.

    • System Requirements:

    what you need to for the course

    1. Computer with 12+ RAM.

    2. Virtualization enabled on the machine.

    3. Internet access.

    Refund Policy:

    Refund requests for In-person and Online Virtual Training are accepted before the refund deadline and as long as the online course has not been accessed. To initiate a refund, please submit your request to [email protected]. The registration fee will be refunded, minus a $50 refund processing fee, to the original payment method. Please be advised that CYBER 5W OnDemand Courses are non-refundable and non-transferable once payment has been completed and course material has been accessed.

    What is next at Cyber 5W?

    Add your email to receive updates on new courses.

    Thank You