Reconnaissance Incident Handling
RCCE students will learn reconnaissance methodologies including passive and active reconnaissance, OSINT gathering, network scanning, service enumeration, and target profiling for security assessments. RCCE students will learn to conduct passive reconnaissance using public data sources, DNS records, certificate transparency logs, and social media, perform active reconnaissance including port scanning, service fingerprinting, and web application enumeration, use tools including Nmap, Shodan, Censys, and custom scripts, map organizational attack surfaces, identify potential entry points and high-value targets, maintain operational security during reconnaissance, and document reconnaissance findings for penetration test planning. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. At an expert level, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Reconnaissance Incident Handling
- Execute hands-on tasks for incident handling
- Explain Module Overview fundamentals
- Execute hands-on tasks for reconnaissance domain — covering Passive and active reconnaissance methods.
- Execute hands-on tasks for incident handling domain — covering Structured IR workflows.
- Execute hands-on tasks for learning outcomes — covering Conduct full passive and active reconnaissance.
- Execute hands-on tasks for topic map: 18 subtopics
- Execute hands-on tasks for 1. recon fundamentals
- Execute hands-on tasks for 7. service enumeration
- Execute hands-on tasks for 13. threat landscape
- Execute hands-on tasks for 8. web app enumeration
- Execute hands-on tasks for 9. shodan / censys / engines
- Build detections and response workflows for privilege escalation
| Module 01 | Incident Handling |
| Module 02 | Module Overview |
| Module 03 | Reconnaissance Domain |
| Module 04 | Incident Handling Domain |
| Module 05 | Learning Outcomes |
| Module 06 | Topic Map: 18 Subtopics |
| Module 07 | 1. Recon Fundamentals |
| Module 08 | 7. Service Enumeration |
| Module 09 | 13. Threat Landscape |
| Module 10 | 8. Web App Enumeration |
| Module 11 | 9. Shodan / Censys / Engines |
| Module 12 | 15. Defense & Detection |
| Module 13 | Reconnaissance Fundamentals |
| Module 14 | Passive Reconnaissance |
All hands-on labs run on Rocheston Rose X OS. Students practice reconnaissance incident handling by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for incident handling
- Lab 2: Explain Module Overview fundamentals
- Lab 3: Execute hands-on tasks for reconnaissance domain
- Lab 4: Execute hands-on tasks for incident handling domain
- Lab 5: Execute hands-on tasks for learning outcomes
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Reconnaissance Incident Handling, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI