Malware triage Incident Handling: Bootcamp Unit
RCCE students will learn malware analysis triage methodologies including static analysis basics, dynamic analysis in sandboxed environments, behavioral analysis, indicator extraction, and malware classification. RCCE students will learn to perform initial malware triage to determine threat severity, extract file hashes, strings, imports, and other static indicators, execute malware in controlled sandbox environments to observe behavior, identify command and control communications, persistence mechanisms, and payload delivery techniques, classify malware by family and variant, and produce malware analysis reports that inform incident response and detection engineering efforts. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. At an expert level, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Malware triage Incident Handling: Bootcamp Unit
- Execute hands-on tasks for malware triage
- Execute hands-on tasks for incident handling
- Execute hands-on tasks for malware triage mastery — covering Perform initial triage for severity.
- Build detections and response workflows for privilege escalation, including Structured containment workflows.
- Execute hands-on tasks for sandbox analysis — covering Execute in controlled environments.
- Build detections and response workflows for privilege escalation, including Extract IOCs for SIEM rules.
- Explain Malware Triage Workflow Overview fundamentals
- Execute hands-on tasks for decision framework — covering Determine threat severity quickly.
- Execute hands-on tasks for extract iocs within 30 minutes — covering Is it known malware? Check hash DBs.
- Execute hands-on tasks for output artifacts — covering IOC extraction report.
- Integrate privilege controls with identity providers and SIEM telemetry, including Feed IOCs to SIEM/SOAR.
- Execute hands-on tasks for source validation
| Module 01 | Malware Triage |
| Module 02 | Incident Handling |
| Module 03 | Malware Triage Mastery |
| Module 04 | Incident Response Skills |
| Module 05 | Sandbox Analysis |
| Module 06 | Detection Engineering |
| Module 07 | Malware Triage Workflow Overview |
| Module 08 | Decision Framework |
| Module 09 | Extract IOCs within 30 minutes |
| Module 10 | Output Artifacts |
| Module 11 | Integration Points |
| Module 12 | Source Validation |
| Module 13 | Hash Computation |
| Module 14 | File Type Identification |
All hands-on labs run on Rocheston Rose X OS. Students practice malware triage incident handling: bootcamp unit by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for malware triage
- Lab 2: Execute hands-on tasks for incident handling
- Lab 3: Execute hands-on tasks for malware triage mastery
- Lab 4: Build detections and response workflows for privilege escalation
- Lab 5: Execute hands-on tasks for sandbox analysis
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Malware triage Incident Handling: Bootcamp Unit, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI