Malware triage Threats and Detection
RCCE students will learn malware analysis triage methodologies including static analysis basics, dynamic analysis in sandboxed environments, behavioral analysis, indicator extraction, and malware classification. RCCE students will learn to perform initial malware triage to determine threat severity, extract file hashes, strings, imports, and other static indicators, execute malware in controlled sandbox environments to observe behavior, identify command and control communications, persistence mechanisms, and payload delivery techniques, classify malware by family and variant, and produce malware analysis reports that inform incident response and detection engineering efforts. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Malware triage Threats and Detection
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for advanced cyber defense mastery
- Execute hands-on tasks for level: intermediate
- Explain Module: DFIR Foundations fundamentals
- Explain Executive Overview fundamentals
- Execute hands-on tasks for why malware triage matters
- Execute hands-on tasks for enterprise malware incidents — covering Rapid triage determines incident severity in.
- Execute hands-on tasks for core definitions
- Execute hands-on tasks for malware triage
- Execute hands-on tasks for static analysis
- Execute hands-on tasks for dynamic analysis
- Design a scalable privilege management architecture with policy and enforcement
| Module 01 | Malware Triage: Threats and Detection |
| Module 02 | Advanced Cyber Defense Mastery |
| Module 03 | Level: Intermediate |
| Module 04 | Module: DFIR Foundations |
| Module 05 | Executive Overview |
| Module 06 | Why Malware Triage Matters |
| Module 07 | Enterprise Malware Incidents |
| Module 08 | Core Definitions |
| Module 09 | Malware Triage |
| Module 10 | Static Analysis |
| Module 11 | Dynamic Analysis |
| Module 12 | Malware Triage Workflow Architecture |
| Module 13 | Static Analysis Fundamentals |
| Module 14 | File Hashing |
All hands-on labs run on Rocheston Rose X OS. Students practice malware triage threats and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Execute hands-on tasks for advanced cyber defense mastery
- Lab 3: Execute hands-on tasks for level: intermediate
- Lab 4: Explain Module: DFIR Foundations fundamentals
- Lab 5: Explain Executive Overview fundamentals
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Malware triage Threats and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI