Threat hunting Hardening Workshop
RCCE students will learn proactive threat hunting methodologies including hypothesis-driven hunting, data-driven hunting, intelligence-driven hunting, and hunt team operations. RCCE students will learn to develop threat hunting hypotheses based on MITRE ATT&CK techniques, design hunting queries across SIEM, EDR, and network data, identify indicators of compromise and attacker behavioral patterns, distinguish normal from anomalous activity in complex environments, document and share hunting findings, convert successful hunts into automated detections, and build threat hunting programs that continuously improve organizational detection capabilities. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. At an expert level, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Threat hunting Hardening Workshop
- Execute hands-on tasks for threat hunting &
- Execute hands-on tasks for hardening workshop
- Execute hands-on tasks for module objectives
- Execute hands-on tasks for threat hunting — covering Hypothesis-driven hunting, MITRE ATT&CK-based hunt design.
- Execute hands-on tasks for hardening operations — covering Apply hardening baselines at.
- Build detections and response workflows for privilege escalation, including Convert hunts to automated rules, and Build continuous improvement.
- Explain Threat Hunting Foundations fundamentals
- Execute hands-on tasks for what is threat hunting?
- Execute hands-on tasks for why hunt? — covering Proactive search for hidden threats, Avg dwell time: 10+ days for breaches.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for hypothesis-driven hunting
- Execute hands-on tasks for data collection
| Module 01 | Threat Hunting & |
| Module 02 | Hardening Workshop |
| Module 03 | Module Objectives |
| Module 04 | Threat Hunting |
| Module 05 | Hardening Operations |
| Module 06 | Detection Engineering |
| Module 07 | Threat Hunting Foundations |
| Module 08 | What Is Threat Hunting? |
| Module 09 | Why Hunt? |
| Module 10 | Threat Hunting Maturity Model |
| Module 11 | Hypothesis-Driven Hunting |
| Module 12 | Data Collection |
| Module 13 | Forming Hypotheses |
| Module 14 | Start with ATT&CK technique |
All hands-on labs run on Rocheston Rose X OS. Students practice threat hunting hardening workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for threat hunting &
- Lab 2: Execute hands-on tasks for hardening workshop
- Lab 3: Execute hands-on tasks for module objectives
- Lab 4: Execute hands-on tasks for threat hunting
- Lab 5: Execute hands-on tasks for hardening operations
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Threat hunting Hardening Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI