Known Exploited Vulnerabilities and Threat-Informed Remediation
RCCE students will learn how to use real-world exploitation data, active threat intelligence, asset criticality, and business context to drive faster remediation decisions. RCCE students will learn to operationalize known exploited vulnerability feeds, correlate exposure with attacker activity, focus patching on likely abuse paths, and justify urgent remediation to technical and executive stakeholders. The course covers practical scenarios ranging from threat-informed triage to coordinated remediation and measurement. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Known Exploited Vulnerabilities and Threat-Informed Remediation
- Execute hands-on tasks for known exploited vulnerabilities
- Explain Course Overview fundamentals
- Execute hands-on tasks for learning objectives — covering Course Structure.
- Execute hands-on tasks for what are known exploited vulnerabilities — covering CVEs confirmed exploited in the wild, Cuts noise from 200K+ CVEs.
- Execute hands-on tasks for why kev matters — covering CVEs confirmed exploited in the wild.
- Execute hands-on tasks for catalog fields — covering CVE ID and vendor/product, Vulnerability name and description.
- Execute hands-on tasks for cve id and vendor/product — covering Vulnerability name and description.
- Execute hands-on tasks for ingestion methods — covering JSON and CSV downloads, API polling at intervals.
- Execute hands-on tasks for json and csv downloads — covering API polling at intervals.
- Execute hands-on tasks for update cadence — covering New entries added weekly or ad-hoc, Driven by confirmed exploitation.
- Execute hands-on tasks for scope and coverage — covering 1000+ entries and growing, Cross-vendor and cross-platform.
- Execute hands-on tasks for government feeds — covering Commercial Intel.
| Module 01 | Known Exploited Vulnerabilities |
| Module 02 | Course Overview |
| Module 03 | Learning Objectives |
| Module 04 | What Are Known Exploited Vulnerabilities |
| Module 05 | Why KEV Matters |
| Module 06 | Catalog Fields |
| Module 07 | CVE ID and vendor/product |
| Module 08 | Ingestion Methods |
| Module 09 | JSON and CSV downloads |
| Module 10 | Update Cadence |
| Module 11 | Scope and Coverage |
| Module 12 | Government Feeds |
| Module 13 | Sector-specific ISACs |
| Module 14 | Recorded Future, Mandiant |
All hands-on labs run on Rocheston Rose X OS. Students practice known exploited vulnerabilities and threat-informed remediation by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for known exploited vulnerabilities
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for learning objectives
- Lab 4: Execute hands-on tasks for what are known exploited vulnerabilities
- Lab 5: Execute hands-on tasks for why kev matters
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Known Exploited Vulnerabilities and Threat-Informed Remediation, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI