Certified CyberDefender (CCD) Syllabus

Module Topics Lessons

Module 1: Security Security Operations ● Security Operation Centers (SOC) -

Fundamentals and CIA Overview
Operations Triad
(SecOps) ● Protecting Business with Efficient SOC

Fundamentals ● SOC Deployment Models: Dedicated

vs. Virtual

● Deploying a SOC: When to Consider?

SOC components - tools ● Network Firewall - Protecting

and technologies Communication and Data

● Network-Based Intrusion and

Prevention Systems (NIDS/NIPS)

● Host-Based Intrusion and Prevention

Systems (HIDS/HIPS)

● Web Application Firewalls (WAFs):

Protecting Web Apps

● Endpoint Detection and Response

(EDR/XDR)

● Web Proxy Servers: An Overview

● Understanding Vulnerability
Management Process

● Security Information and Event

Management (SIEM): Core Component
of SOC

● Automating Security Incident Response

with SOAR (Security Orchestration,
Automation, and Response)

Defend Smarter, Not Harder

 ● Malware Analysis: Static vs. Dynamic
Approaches and Sandboxing

● Using Honeypots and Decoys for

Defense

● Understanding Cloud Computing and

CASB

● Threat Intelligence: Mitigating and

Defending

● Using Machine and Deep Learning for

Security

● Ticketing Systems for Incident

Response

● The Importance of Asset Inventory in

Security

SOC components - ● Organizational Chart and SOC Roles

people
● Creating Effective Cybersecurity
Training Plans

● Challenges and Solutions for SOC Jobs

● Avoiding Burnout: Tips for SOC

Analysts

SOC components - ● Effective Policies: Business Protection

processes Through Documentation

● Efficient SOC Procedures: The How-To

● Security Standards: Compliance is

Mandatory

● Security Guidelines and Benchmarks:

Best Practices

● Perform Windows Security

Assessments with CIS-CAT Lite

Defend Smarter, Not Harder

Module 2: Incident Incident Response (IR) - ● Understanding Key Concepts for
Overview Incident Response
Response
● Continuous Incident Response: Before,
During, After

● Remote Incident Response: Challenges

and Benefits

● Structured Approach to Incident

Response Phases

Preperation ● Effective Incident Prevention Strategies

and Controls

● Effective Incident Communication

Planning in IR

● IR Architecture: Defense and Zero Trust

● IR Policy, Plan, and Procedure

● Efficient Incident Resolution with

Management Platforms

Detection & Analysis ● Detection Engineering: Building

Effective Detectors

● Network Perimeter-level Detection

● Endpoint Perimeter Detection: Catching

Threats In and Out

● Achieving System-Level Detection with

EDR

● Application-Level Detection: Prioritize,

Monitor, Parse

Containment, ● Effective Incident Containment

Eradication, and Strategies in IR
Recovery

Defend Smarter, Not Harder

 Attack Remediation: Eliminating Vulnerabilities and Artifacts

System Recovery: Restore, Validate, Monitor

Post-Incident Activity ● Post-Incident Review: Lessons Learned

Meeting

● IR Report: Guidelines for Effective

Writing

Module 3: Email Spoofing ● Email Attack Prevention: Spoofing &

DMARC
Perimeter Defense -
Email Security ● Understanding SPF: Email
Authentication Protocol

● DKIM: Email authentication with digital

signatures

● Protecting Against Email Spoofing with

DMARC

Malicious Attachments ● Malicious Attachments: Risks and

Responses

● Secure Email Attachments: Best

Practices

● Activity - Cuckoo Sandbox Deployment

Malicious URLs ● Malicious URLs: A Growing Threat

● Protecting Users from Malicious URLs

● Activity – Detect Lookalike Domains

Extra Mile Controls ● User Education: Key to Email Security

● Measuring User Awareness with

Phishing Simulators

● Activity - GoPhish Deployment

● Early Phishing Detection Using

Honeypots Tokens

Defend Smarter, Not Harder

 ● Activity - Canary Token Deployment

● Secure Accounts with Multi-Factor

Authentication

● Conditional Access: Location-Based

Access Control

● Email reconnaissance: How attackers

gather intel

● Mail Server Hardening: DISA & CIS

● Activity - Evaluate your organization's

exposed internal mail headers

Responding to Email ● Email defenses: Validate, Mitigate and

Attacks Remediate

Module 4: Memory Acquisition: Live & Dead Systems

Forensics Evidence Disk Acquisition: Encryption & Write-Blocking
Collection
Triage Image: Efficient Evidence Collection

Acquiring Disk Images: Windows and Linux Systems

Mounting Forensic Images: Analysis Tools & Techniques

Module 5: Disk Windows Event Logs: structure & Analysis

Forensics Windows Registry: Structure and Analysis

Profiling Windows Systems

Collecting Network connections, and devices

Tracking User Activity

Tracking File Activities: NTFS Forensics

Linking User Actions to Files/Folders

Detecting USB Device Intrusions

Defend Smarter, Not Harder

 Analyzing Installed Applications

Analyzing Execution Activities

Module 6: Memory Collecting OS Info

Forensics Processes Analysis

Network Artifact Analysis

Detecting Persistence Techniques

Collecting NTFS Artifacts

Module 7: Network Traffic Statistics

Forensics Conversations & Streams

Files' Extraction

Module 8: Threat Comprehensive Threat ● Proactive Human-driven Threat Hunting

Hunting Techniques
Hunting and ● The Importance of Proactive Threat
Emulation Hunting

● Essential Requirements for Effective

Threat Hunting

● Stages of Threat Hunting in Detail

Elastic SIEM, Kibana, ● Elastic SIEM: Modern, Scalable Threat

and Advanced Threat Detection
Detection
● Elastic SIEM: Components and
Architecture

● Starting and Accessing Elastic Stack

and Kibana

● Elastic Agent and Fleet Management

Overview

● Enroll Elastic Agent via Fleet in Kibana

Defend Smarter, Not Harder

 ● Exploring Kibana Concepts and
Filtering Data

● Dashboards and Data Visualization in

Kibana

● Creating a Custom Detection Rule with

MITRE ATT&CK Framework

Threat Hunting with ● Splunk Components and Architecture

Splunk
● Navigating Splunk Web UI

● Data Ingestion and Indexing in Splunk

● Searching and Filtering Data in Splunk

● Dashboards and Data Visualization in

Splunk

Proactive Endpoint ● Endpoint Threat Hunting: Proactive

Threat Hunting and Security Measures
Analysis
● Endpoint Hunting for Persistence

● Endpoint Hunting for Lateral Movement

● Endpoint Hunting for Credential

Dumping

Network Threat Hunting ● Proactively Detecting Threats: Network

and Intrusion Detection Hunting Fundamentals

● Network Hunting for Lateral Movement

● Network Hunting for Data Exfiltration

Module 9: Malware Static Analysis ● Fingerprinting Malware with Hashes

Analysis ● Antivirus Scanning to Confirm
Maliciousness

● Analyzing Packed Malware

Defend Smarter, Not Harder

 ● Analyzing Obfuscated Strings

● Automating Malware Analysis

Dynamic Analysis ● Malware Execution Techniques

● Monitoring Malware's Process Activity

● Monitoring Malware's File Activity

● Monitoring Malware's Registry Activity

● Monitoring Malware's Network Activity

● Sandboxes

Microsoft Office files ● VBA Macros Analysis

analysis
● XLM Macros Analysis

● RTF Macros Analysis

● Automating the whole process

PDF files analysis ● Extract Malicious Code from PDFs

● JS - Static Analysis

● JS - Dynamic Analysis

Fileless Malwares ● PowerShell Analysis

● Debug PowerShell Code: using

PowerShell ISE

Defend Smarter, Not Harder