Malicious domains Incident Handling
RCCE students will learn threat intelligence lifecycle, indicator analysis, adversary profiling, intelligence sharing frameworks, and strategic threat reporting. RCCE students will learn to transform raw threat data into actionable intelligence, profile adversary campaigns and infrastructure, prioritize threats based on organizational risk, produce intelligence products for diverse audiences, and accelerate organizational detection and response capabilities. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. At an expert level, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Malicious domains Incident Handling
- Execute hands-on tasks for malicious domains
- Execute hands-on tasks for incident handling
- Execute hands-on tasks for threat intelligence lifecycle
- Execute hands-on tasks for adversary profiling — covering Indicator Analysis.
- Execute hands-on tasks for map to mitre att&ck framework — covering Indicator Analysis.
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for containment procedures — covering DNS sinkholing techniques.
- Execute hands-on tasks for evidence collection — covering DNS log preservation.
- Execute hands-on tasks for eradication & recovery — covering Malicious entry removal.
- Execute hands-on tasks for strategic reporting — covering Intelligence products for leadership.
- Execute hands-on tasks for domain name system fundamentals
- Execute hands-on tasks for dns infrastructure — covering A, AAAA, CNAME, MX, TXT.
| Module 01 | Malicious Domains |
| Module 02 | Incident Handling |
| Module 03 | Threat Intelligence Lifecycle |
| Module 04 | Adversary Profiling |
| Module 05 | Map to MITRE ATT&CK framework |
| Module 06 | Incident Response Objectives |
| Module 07 | Containment Procedures |
| Module 08 | Evidence Collection |
| Module 09 | Eradication & Recovery |
| Module 10 | Strategic Reporting |
| Module 11 | Domain Name System Fundamentals |
| Module 12 | DNS Infrastructure |
| Module 13 | SRV and CAA records |
| Module 14 | Phishing Domains |
All hands-on labs run on Rocheston Rose X OS. Students practice malicious domains incident handling by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for malicious domains
- Lab 2: Execute hands-on tasks for incident handling
- Lab 3: Execute hands-on tasks for threat intelligence lifecycle
- Lab 4: Execute hands-on tasks for adversary profiling
- Lab 5: Execute hands-on tasks for map to mitre att&ck framework
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Malicious domains Incident Handling, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI