Audit readiness Tuning and Optimization: Primer
RCCE students will learn Active Directory security including AD architecture, authentication protocols (Kerberos, NTLM), group policy security, trust relationships, privilege escalation paths, and AD attack detection. RCCE students will learn to assess Active Directory environments for security weaknesses, identify misconfigured permissions, detect Kerberoasting, AS-REP roasting, DCSync, Golden Ticket, and Silver Ticket attacks, implement tiered administration models, configure AD security monitoring with Windows event logs, harden group policy configurations, clean up stale accounts and excessive permissions, and respond to AD compromise with containment and recovery procedures. This optimization course focuses on maximizing effectiveness and efficiency in production security operations. Building on core knowledge, RCCE students will learn to reduce noise, improve signal quality, tune configurations for optimal performance, and measure operational improvements. Students gain the operational maturity to transform good security programs into exceptional ones.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Audit readiness Tuning and Optimization: Primer
- Monitor and audit privilege usage; detect escalation attempts
- Explain Course Overview and Objectives fundamentals
- Execute hands-on tasks for module focus — covering AD architecture and authentication protocols.
- Execute hands-on tasks for learning outcomes — covering AD environments for security weaknesses.
- Execute hands-on tasks for operational maturity goal — covering Transform good security programs into exceptional ones.
- Execute hands-on tasks for active directory domain services core
- Execute hands-on tasks for domain controllers — covering Host AD DS database (NTDS.dit).
- Execute hands-on tasks for organizational units — covering Logical containers for objects.
- Execute hands-on tasks for key services — covering Defines object classes and attributes.
- Execute hands-on tasks for global catalog for cross-domain — covering LDAP (port 389/636).
- Execute hands-on tasks for logical components — covering Forests, domains, trees.
- Execute hands-on tasks for group policy objects
| Module 01 | Audit Readiness Tuning |
| Module 02 | Course Overview and Objectives |
| Module 03 | Module Focus |
| Module 04 | Learning Outcomes |
| Module 05 | Operational Maturity Goal |
| Module 06 | Active Directory Domain Services Core |
| Module 07 | Domain Controllers |
| Module 08 | Organizational Units |
| Module 09 | Key Services |
| Module 10 | Global Catalog for cross-domain |
| Module 11 | Logical Components |
| Module 12 | Group Policy Objects |
| Module 13 | Physical Components |
| Module 14 | Intra-Site Replication |
All hands-on labs run on Rocheston Rose X OS. Students practice audit readiness tuning and optimization: primer by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Explain Course Overview and Objectives fundamentals
- Lab 3: Execute hands-on tasks for module focus
- Lab 4: Execute hands-on tasks for learning outcomes
- Lab 5: Execute hands-on tasks for operational maturity goal
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Audit readiness Tuning and Optimization: Primer, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI