Threat hunting Threats, Tactics, and Defenses: Operator Edition
RCCE students will learn proactive threat hunting methodologies including hypothesis-driven hunting, data-driven hunting, intelligence-driven hunting, and hunt team operations. RCCE students will learn to develop threat hunting hypotheses based on MITRE ATT&CK techniques, design hunting queries across SIEM, EDR, and network data, identify indicators of compromise and attacker behavioral patterns, distinguish normal from anomalous activity in complex environments, document and share hunting findings, convert successful hunts into automated detections, and build threat hunting programs that continuously improve organizational detection capabilities. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Threat hunting Threats, Tactics, and Defenses: Operator Edition
- Execute hands-on tasks for threat landscape:
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for threat landscape mastery — covering current APT, cybercrime, hacktivist threats.
- Execute hands-on tasks for adversary mindset — covering Analyze attacker techniques and TTPs.
- Execute hands-on tasks for risk-driven defense — covering Prioritize security investments by risk.
- Execute hands-on tasks for continuous adaptation — covering Update strategies as landscape evolves.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for mitre att&ck, threat intel sources — covering 5 attack patterns with mapped.
- Execute hands-on tasks for the modern threat landscape
- Execute hands-on tasks for state-sponsored actors — covering Nation-state espionage operations.
- Execute hands-on tasks for cybercriminal syndicates — covering Ransomware-as-a-Service (RaaS).
- Execute hands-on tasks for hacktivists & insiders — covering Ideological DDoS and defacements.
| Module 01 | Threat Landscape: |
| Module 02 | Learning Objectives |
| Module 03 | Threat Landscape Mastery |
| Module 04 | Adversary Mindset |
| Module 05 | Risk-Driven Defense |
| Module 06 | Continuous Adaptation |
| Module 07 | Course Architecture |
| Module 08 | MITRE ATT&CK, threat intel sources |
| Module 09 | The Modern Threat Landscape |
| Module 10 | State-Sponsored Actors |
| Module 11 | Cybercriminal Syndicates |
| Module 12 | Hacktivists & Insiders |
| Module 13 | Emerging Vectors |
| Module 14 | Threat Landscape Evolution |
All hands-on labs run on Rocheston Rose X OS. Students practice threat hunting threats, tactics, and defenses: operator edition by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for threat landscape:
- Lab 2: Execute hands-on tasks for learning objectives
- Lab 3: Execute hands-on tasks for threat landscape mastery
- Lab 4: Execute hands-on tasks for adversary mindset
- Lab 5: Execute hands-on tasks for risk-driven defense
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Threat hunting Threats, Tactics, and Defenses: Operator Edition, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI