Recon Incident Response
RCCE students will learn reconnaissance methodologies including passive and active reconnaissance, OSINT gathering, network scanning, service enumeration, and target profiling for security assessments. RCCE students will learn to conduct passive reconnaissance using public data sources, DNS records, certificate transparency logs, and social media, perform active reconnaissance including port scanning, service fingerprinting, and web application enumeration, use tools including Nmap, Shodan, Censys, and custom scripts, map organizational attack surfaces, identify potential entry points and high-value targets, maintain operational security during reconnaissance, and document reconnaissance findings for penetration test planning. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. Starting from foundational concepts, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Recon Incident Response
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for advanced cyber defense mastery
- Explain Executive Overview fundamentals
- Execute hands-on tasks for course mission
- Execute hands-on tasks for key outcomes — covering Conduct passive and active reconnaissance.
- Execute hands-on tasks for strategic importance
- Execute hands-on tasks for why recon + ir mastery matters — covering Reconnaissance is the attacker's first move and the defender's first detection opportunity.
- Execute hands-on tasks for core definitions
- Execute hands-on tasks for passive recon
- Execute hands-on tasks for active recon
- Execute hands-on tasks for attack surface
- Execute hands-on tasks for passive reconnaissance techniques
| Module 01 | Recon Incident Response |
| Module 02 | Advanced Cyber Defense Mastery |
| Module 03 | Executive Overview |
| Module 04 | Course Mission |
| Module 05 | Key Outcomes |
| Module 06 | Strategic Importance |
| Module 07 | Why Recon + IR Mastery Matters |
| Module 08 | Core Definitions |
| Module 09 | Passive Recon |
| Module 10 | Active Recon |
| Module 11 | Attack Surface |
| Module 12 | Passive Reconnaissance Techniques |
| Module 13 | Certificate Transparency |
| Module 14 | Search Engine Dorking |
All hands-on labs run on Rocheston Rose X OS. Students practice recon incident response by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Execute hands-on tasks for advanced cyber defense mastery
- Lab 3: Explain Executive Overview fundamentals
- Lab 4: Execute hands-on tasks for course mission
- Lab 5: Execute hands-on tasks for key outcomes
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Recon Incident Response, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI