Credential protection Monitoring and Detection
RCCE students will learn endpoint hardening, EDR deployment, privilege management, application control, and endpoint visibility strategies. RCCE students will learn to harden endpoints against compromise across Windows, Linux, and macOS platforms, deploy and manage endpoint detection tools, reduce attack surface through privilege management and application control, and maintain comprehensive visibility across diverse device fleets. This monitoring course teaches comprehensive detection and observability strategies for proactive security operations. At an expert level, RCCE students will learn to instrument systems for security telemetry, build detection pipelines, configure alerting, and maintain monitoring coverage as environments evolve. Students gain the visibility and detection capabilities needed to catch threats early.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing Credential protection Monitoring and Detection
- Execute hands-on tasks for credential protection
- Monitor and audit privilege usage; detect escalation attempts
- Execute hands-on tasks for course objectives & learning outcomes
- Execute hands-on tasks for endpoint hardening — covering Harden credential stores across OS platforms, Deploy endpoint detection and response tools.
- Build detections and response workflows for privilege escalation, including Deploy endpoint detection and response tools.
- Execute hands-on tasks for privilege management — covering least privilege across fleets.
- Monitor and audit privilege usage; detect escalation attempts, including Instrument systems for security telemetry.
- Execute hands-on tasks for modern credential threat landscape
- Execute hands-on tasks for evolving attack sophistication
- Execute hands-on tasks for regulatory pressure — covering Credentials are #1 initial access, Adversary-in-the-middle token.
- Execute hands-on tasks for password hashes — covering NTLM hashes in SAM/LSASS.
- Execute hands-on tasks for kerberos tickets — covering TGTs cached in LSASS memory.
| Module 01 | Credential Protection |
| Module 02 | Monitoring and Detection |
| Module 03 | Course Objectives & Learning Outcomes |
| Module 04 | Endpoint Hardening |
| Module 05 | EDR & Detection |
| Module 06 | Privilege Management |
| Module 07 | Monitoring & Visibility |
| Module 08 | Modern Credential Threat Landscape |
| Module 09 | Evolving Attack Sophistication |
| Module 10 | Regulatory Pressure |
| Module 11 | Password Hashes |
| Module 12 | Kerberos Tickets |
| Module 13 | Tokens & Cookies |
| Module 14 | Certificates & Keys |
All hands-on labs run on Rocheston Rose X OS. Students practice credential protection monitoring and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for credential protection
- Lab 2: Monitor and audit privilege usage; detect escalation attempts
- Lab 3: Execute hands-on tasks for course objectives & learning outcomes
- Lab 4: Execute hands-on tasks for endpoint hardening
- Lab 5: Build detections and response workflows for privilege escalation
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Credential protection Monitoring and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI