Malicious domains Monitoring and Detection
RCCE students will learn threat intelligence lifecycle, indicator analysis, adversary profiling, intelligence sharing frameworks, and strategic threat reporting. RCCE students will learn to transform raw threat data into actionable intelligence, profile adversary campaigns and infrastructure, prioritize threats based on organizational risk, produce intelligence products for diverse audiences, and accelerate organizational detection and response capabilities. This monitoring course teaches comprehensive detection and observability strategies for proactive security operations. At an expert level, RCCE students will learn to instrument systems for security telemetry, build detection pipelines, configure alerting, and maintain monitoring coverage as environments evolve. Students gain the visibility and detection capabilities needed to catch threats early.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Malicious domains Monitoring and Detection
- Execute hands-on tasks for malicious domains
- Monitor and audit privilege usage; detect escalation attempts
- Explain Course Overview fundamentals — covering Transform raw threat data into actionable.
- Execute hands-on tasks for module structure — covering Transform raw threat data into actionable.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for recursive resolver
- Execute hands-on tasks for authoritative server
- Execute hands-on tasks for client query
- Monitor and audit privilege usage; detect escalation attempts, including Query logs at recursive resolver.
- Execute hands-on tasks for security-relevant fields — covering Source IP, query name, record type.
- Execute hands-on tasks for malicious domain taxonomy
- Execute hands-on tasks for parked/expired — covering Data in DNS queries.
| Module 01 | Malicious Domains |
| Module 02 | Monitoring and Detection |
| Module 03 | Course Overview |
| Module 04 | MODULE STRUCTURE |
| Module 05 | DNS Architecture for Security Analysts |
| Module 06 | Recursive Resolver |
| Module 07 | Authoritative Server |
| Module 08 | Client Query |
| Module 09 | Key Telemetry Points |
| Module 10 | Security-Relevant Fields |
| Module 11 | Malicious Domain Taxonomy |
| Module 12 | Parked/Expired |
| Module 13 | Domain Generation Algorithms — Deep Dive |
| Module 14 | How DGAs Work |
All hands-on labs run on Rocheston Rose X OS. Students practice malicious domains monitoring and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for malicious domains
- Lab 2: Monitor and audit privilege usage; detect escalation attempts
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Execute hands-on tasks for module structure
- Lab 5: Design a scalable privilege management architecture with policy and enforcement
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Malicious domains Monitoring and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI