WEEK 3

Host-Based Analysis

Endpoint Security, Digital Forensics & Malware Analysis

Topics

0 / 7

Labs

0 / 6

Complete

0%

Endpoint Security

3.1

Endpoint Attacks & Detection

Malware types, Windows Event IDs, EDR alerts, and IOC detection at the endpoint.

TOPIC 3.2

Windows 10 Security Components

Defender, SmartScreen, WDAC, Credential Guard, and built-in security features.

LINK → Forge 3.3

Ubuntu Security Components

AppArmor, UFW, auditd, and Linux-native security mechanisms.

LINK → Script

Threat Investigation

3.4

Attribution & Investigation

Pyramid of Pain, MITRE ATT&CK, threat actor TTPs, and attribution challenges.

TOPIC 3.5

Evidence Types & Volatility

Order of volatility (RFC 3227), evidence collection, chain of custody.

TOPIC

Digital Forensics

3.6

Disk Image Comparison

Forensic imaging, raw vs E01, hashing, mounting, and file comparison techniques.

CREATE 3.7

Malware Analysis Output

VirusTotal reports, sandbox analysis, strings output, IOC extraction.

TOPIC

Hands-On Labs

Tracing a Route

Use traceroute/tracert to map network paths and identify latency issues.

30-45 min Local

Introduction to Wireshark

Packet capture basics, interface navigation, and filter syntax.

45 min Eye House

Verify IPv4 and IPv6

Configure and verify IP addressing on network devices.

30 min Web House

Wireshark: Ethernet Frames

Examine Ethernet frame structure, MAC addresses, and EtherTypes.

30 min Eye House

Wireshark: TCP 3-Way Handshake

Analyze TCP connection establishment with SYN, SYN-ACK, ACK.

30 min Shield House

Exploring Nmap

Network reconnaissance, port scanning, and version detection.

45-60 min Local

Week 3 Evaluation

Complete all topics and labs, then take the Week 3 assessment to test your knowledge.

Begin Evaluation
Week 2 | CyberOps Home | Week 4