Course Description

CYBER 5W CERTIFIED THREAT ANALYST (CCTA) - Virtual Live Training

The CYBER 5W Certified Threat Analyst (CCTA) course is an intensive, live training program designed to provide a comprehensive understanding of threat analysis in cybersecurity.

This live, instructor-led course equips learners with the knowledge and practical skills required to identify, assess, and prioritize cyber threats effectively. Participants will engage in real-time discussions and interactive exercises, diving into key concepts such as attack methodologies, triaging processes, and security operations workflows.
Throughout the course, you’ll work through real-world case studies and hands-on scenarios that will help you enhance your critical thinking and decision-making skills in high-pressure environments. You will have the opportunity to learn directly from experienced instructors and collaborate with peers.

Upon successful completion of the course, learners will earn a Certificate of Completion. If you choose to take and pass the exam, you will be certified as a C5W Certified Threat Analyst (CCTA) , demonstrating your ability to excel in Security Operations Center (SOC) roles or other cybersecurity-focused positions. This live course is ideal for cybersecurity professionals, SOC analysts, and IT experts who want to deepen their expertise and advance their careers in today’s fast-evolving cybersecurity landscape.

Enroll Now

Training Delivery Details

Instructor Led Training

Live Training: 30 hours (3 hours / Day) | Includes 24 hours of virtual lab access |Certification of Attendance

Sessions starts (June 2nd - June 13th) from 9 AM to 12 PM (Eastern Time) or scheduled upon a mutual agreement

Training fees: $2250

Enroll Now

Syllabus

After completing this course, students will be able to demonstrate how to analyze malware, extract IOCs, and write a report about their analysis.

    Security Operation Center

  • Introduction
  • Log Sources
  • What is:
    • Threat Intelligence
    • Case Management
    • Mitre Attack
  • Building Your Own SOC
    • Elastic Search
    • Kibana
    • Collection Agents
    • EDR
  • ELK-Stack Navigation
  • Extending Logging Functionality
  • Threat Landscape and Attack Types
    • Overview of Cyber Attack Categories
    • Introduction to the MITRE ATT&CK Framework
    • Real-World Attack Campaigns Overview
  • Log Analysis and Event Correlation in SOC
    • Importance of Log Sources (Firewalls, Endpoint Devices, Network Logs)
    • Introduction to Event Correlation in SIEM
    • Understanding Key Log Fields for Different Attack Types
  • Phishing and Social Engineering Attacks
    • Analyzing Email Logs and Headers for Phishing Indicators
  • Brute Force Attacks
    • Analysis of Authentication Logs (Windows, Linux, Application)
    • Correlating Failed Login Attempts Across Different Log Sources
  • Web-Based Attacks
    • Detecting SQL Injection, Cross-Site Scripting (XSS), and Command Injection
    • Analyzing Web Server Logs for Suspicious Activity
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
    • Detecting DoS and DDoS Attack Patterns in Network Logs
    • Recognizing High Traffic Spikes and Anomalous Behavior
    • Coordinating with Network Teams for DDoS Mitigation
  • Ransomware Detection and Initial Response
  • Privilege Escalation Attempts
    • Detecting Signs of Privilege Escalation in Logs
    • Responding to Suspected Privilege Escalation Attempts
  • Insider Threat Detection
  • Lateral Movement Detection
    • Identifying Lateral Movement Techniques
    • Network and Host Logs Correlation for Lateral Movement Detection
  • Command-and-Control (C2) Traffic Detection
  • Credential Theft and Replay Attacks
  • Responding to False Positives and Noise Management
  • Real-World Attack Case Studies

Instructor

Cyber 5W Team

Course Material

  • Slide Notes & Lab Documents

    Training material including the course slides, lab documents, and references for further reading.

  • Course Samples

    A copy of all the samples used during the training. Many of the samples have been custom built for the training.

  • Certificate of Attendance

    At the end of the course, you will receive a Certificate of Attendance that proves you have attended the course.

Learning Objectives

After completing this course, the student will be able to perform the following:

  • Investigate Real-World Attacks

  • Correlate Log Sources for Event Analysis

  • Detect and Mitigate Advanced Threats

  • Utilize Event Correlation in SIEM

  • Manage Insider Threats and Data Exfiltration

  • Establish Targeted Detection Rules

  • Optimize Alerting and Noise Management

  • Coordinate Comprehensive Incident Response

Prerequisites

  • Basic network understanding.
  • Ability to navigate computers freely.

    • The Value of the Training

    After completing this course, students will be able to demonstrate how to analyze malware, extract IOCs, and write a report about their analysis.

    Who is this Training For?

  • SOC analysts.

  • System admins who want to enhance their understanding of environment monitoring.

  • Detection engineers looking to understand more about the attacks they are defending against.

    • System Requirements:

    what you need to for the course

    1. Computer with 12+ RAM.

    2. Virtualization enabled on the machine.

    3. Internet access.

    Refund Policy:

    Refund requests for In-person and Online Virtual Training are accepted before the refund deadline and as long as the online course has not been accessed. To initiate a refund, please submit your request to [email protected]. The registration fee will be refunded, minus a $50 refund processing fee, to the original payment method. Please be advised that CYBER 5W OnDemand Courses are non-refundable and non-transferable once payment has been completed and course material has been accessed.