BEC Deep Dive
RCCE students will learn Business Email Compromise detection, prevention, and response including CEO fraud, vendor impersonation, account compromise, and wire transfer fraud. RCCE students will learn to identify BEC attack patterns and social engineering tactics, implement technical controls to detect BEC including email authentication, anomalous login detection, and mail flow analysis, configure rules to flag financial request emails, investigate suspected BEC incidents including email account forensics and financial transaction tracing, coordinate with financial institutions for wire transfer recovery, and develop BEC awareness training and reporting procedures for finance and executive teams. This deep-dive course provides comprehensive technical coverage that goes beyond surface-level understanding. Building on core knowledge, RCCE students will learn to master the nuances, edge cases, and advanced configurations that separate competent practitioners from true experts. Students will engage with complex real-world scenarios and gain the depth of knowledge required to troubleshoot difficult situations, mentor junior team members, and make architectural decisions with confidence.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing BEC Deep Dive
- Execute hands-on tasks for bec deep dive
- Build detections and response workflows for privilege escalation
- Build detections and response workflows for privilege escalation, including Prevention & Controls.
- Execute hands-on tasks for execute ir playbooks for bec — covering Prevention & Controls.
- Execute hands-on tasks for what is business email compromise?
- Execute hands-on tasks for key characteristics — covering Targeted social engineering via email, Low volume, high value attacks.
- Execute hands-on tasks for social engineer — covering Build trust,.
- Execute hands-on tasks for lifecycle intelligence — covering Average dwell time: 14-30 days before execution.
- Execute hands-on tasks for attack pattern — covering Spoofed or lookalike executive email.
- Build detections and response workflows for privilege escalation, including Reply-to domain mismatch.
- Execute hands-on tasks for real-world scenario — covering CFO receives email from 'CEO' at 6:47 PM Friday requesting $380K wire.
| Module 01 | BEC Deep Dive |
| Module 02 | Business Email Compromise Detection, Prevention & Response |
| Module 03 | Detection & Analysis |
| Module 04 | Investigation & Response |
| Module 05 | Execute IR playbooks for BEC |
| Module 06 | What Is Business Email Compromise? |
| Module 07 | Key Characteristics |
| Module 08 | Social Engineer |
| Module 09 | Lifecycle Intelligence |
| Module 10 | Attack Pattern |
| Module 11 | Detection Indicators |
| Module 12 | Real-World Scenario |
| Module 13 | Vendor & Supplier Impersonation |
| Module 14 | Attack Mechanics |
All hands-on labs run on Rocheston Rose X OS. Students practice bec deep dive by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for bec deep dive
- Lab 2: Build detections and response workflows for privilege escalation
- Lab 3: Build detections and response workflows for privilege escalation
- Lab 4: Build detections and response workflows for privilege escalation
- Lab 5: Execute hands-on tasks for execute ir playbooks for bec
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for BEC Deep Dive, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI