Campaign tracking Threats and Detection: Fast Track
RCCE students will learn threat actor campaign tracking including activity clustering, attribution analysis, infrastructure tracking, and campaign timeline reconstruction. RCCE students will learn to identify and track related threat activity across incidents, cluster threat actor campaigns using technical indicators, behavioral patterns, and targeting profiles, maintain campaign timelines and infrastructure databases, perform attribution analysis using diamond model and other analytic frameworks, produce campaign intelligence reports that inform defensive priorities, share campaign intelligence with trusted partners and ISACs, and update detections based on evolving campaign TTPs. This threat-focused course teaches students to think like adversaries while building robust defenses. At an expert level, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Campaign tracking Threats and Detection: Fast Track
- Execute hands-on tasks for campaign tracking threats
- Build detections and response workflows for privilege escalation
- Explain Course Overview fundamentals
- Execute hands-on tasks for key skills developed — covering Track threat actor campaigns end-to-end, Infrastructure tracking and pivoting.
- Execute hands-on tasks for target outcome — covering Think like adversaries to build proactive defenses.
- Execute hands-on tasks for what is campaign tracking?
- Execute hands-on tasks for activity clustering
- Execute hands-on tasks for attribution analysis
- Execute hands-on tasks for defensive output — covering Group related intrusions.
- Execute hands-on tasks for common ttps — covering Diamond Model mapping.
- Execute hands-on tasks for campaign tracking lifecycle
- Execute hands-on tasks for threat activity clustering fundamentals
| Module 01 | Campaign Tracking Threats |
| Module 02 | and Detection: Fast Track |
| Module 03 | Course Overview |
| Module 04 | Key Skills Developed |
| Module 05 | Target Outcome |
| Module 06 | What Is Campaign Tracking? |
| Module 07 | Activity Clustering |
| Module 08 | Attribution Analysis |
| Module 09 | Defensive Output |
| Module 10 | Common TTPs |
| Module 11 | Campaign Tracking Lifecycle |
| Module 12 | Threat Activity Clustering Fundamentals |
| Module 13 | What Is Clustering? |
| Module 14 | Why Cluster First? |
All hands-on labs run on Rocheston Rose X OS. Students practice campaign tracking threats and detection: fast track by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for campaign tracking threats
- Lab 2: Build detections and response workflows for privilege escalation
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Execute hands-on tasks for key skills developed
- Lab 5: Execute hands-on tasks for target outcome
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Campaign tracking Threats and Detection: Fast Track, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI