Courses

Welcome to our course catalog! Every course is taught online and on demand. Courses with an on-site option are denoted as such. Click the Learn More button under each course to view a more detailed syllabus and pricing, or to enroll.

Learn the process of conducting security investigations regardless of the toolset.

  • A simple investigation framework to ensure you’ll never get stuck or overwhelmed by data when pursuing leads.
  • The characteristics of evidence and which sources will provide the most value.
  • A formula for building investigation playbooks that will help you get to the right conclusion faster and consistently.
  • Useful techniques for building timelines, making threat hunting observations, and optimizing your workflow through the principle of mise en place.

 


Get hands-on experience capturing, dissecting, and making sense of packets.

  • 5 techniques for capturing packets in any scenario and how to know which one is appropriate
  • A tutorial on using packet maps to navigate protocols along with color-coded printable maps for all the most common protocols you’ll encounter.
  • Learn all of Wireshark’s analysis features including how to create graphs, traverse protocol hierarchy charts, and generate stats that are simple AND useful.
  • My tips for customizing your analysis environment by using features like Wireshark profiles, custom columns, and individual packet color coding.
  • Techniques for extracting complete files from network communication via multiple protocols — even custom malware command and control.
  • How to use tshark and tcpdump to perform packet analysis on the command line.
  • How to approach and dissect these protocols: IPv4, IPv6, TCP, UDP, DHCP, DNS, HTTP, SMTP, and ICMP.
  • Learn what normal looks like so you can spot abnormal when you encounter it.
 


Level up your host-based investigation skills with one of the best tools for the job.

  • How to craft SQL queries to interrogate Windows, Linux, and MacOS hosts
  • Common queries for performing software inventory and asset control
  • Strategies for interrogating processes to determine if they are malicious
  • Techniques for uncovering persistence and lateral movement
  • Triaging suspicious systems using high-value data tables
  • Hunting leveraging MITRE ATT&CK techniques
  • Complete deployment of distributed Osquery across your network using Kolide Fleet and ElasticStack

 


Unlock the power of signature-based detection to find threats on your network.

  • Learn the basics of the Suricata rule language and how to develop custom detection signatures
  • Dissect real-world packet captures to turn attack examples into actionable detection
  • Deploy, automatically update, and customize public rulesets like the popular Emerging Threats ruleset
  • Use EveBox and JQ to manipulate Suricata output and launch investigations from the alerts it generates
  • Gain practical deployment advice for deploying Suricata in your enterprise
  • Learn techniques for configuring Suricata in test, development, and production environments.
  • Utilize Suricata’s output modes for flexible alert output and protocol logging

 


Unlock the power of Bro / Zeek to build detection and logging scripts.

  • Learn the fundamentals of Bro scripting with hands-on, real-world scripts being developed along the way.
  • Create sample scripts to detect large HTTP flows, extract files based on their MIME type, determine the ratios of HTTP request methods, filter protocols, and more.
  • Practice techniques for debugging and analyzing new and existing scripts.
  • Gain insight into best practices for building your own custom Bro events.
  • Leverage Bro’s frameworks: intel, file analysis, input, summary statistics, notice, and more.

 


Master your data by learning how to centralize, parse, and analyze it using the popular open source ELK toolkit.

  • Store, index, and search data in a centralized location with Elasticsearch.
  • Explore the most useful Logstash plugins to effectively collect and manipulate structured and unstructured data.
  • Learn techniques for searching data and building useful visualizations and dashboards with Kibana.
  • Watch step-by-step guides for building data pipelines for common data sources: HTTP proxy logs, Bro/Zeek logs, file-based logs, Windows events and Sysmon data, netflow, and IDS alerts.


Learn my system for writing that communicates a clear message, keeps your reading engaged, and creates meaningful change.

  • My repeatable system for faster, more effective security writing through storytelling and empathy development.
  • Techniques to bridge the gap between technical and non-technical audiences.
  • The critical components of a penetration testing report and how to write one so that network owners will finally take your findings and recommendations to heart.
  • How to write compromise reports that aren’t boring, and help stakeholders understand the scope of an attack that has occurred.
  • How to write more effective short-form communication, including e-mails, case notes, and chat messages.


Learn to wield the full power of regex for searching in your SIEM, building detection rules, and more.

  • Learn the most common uses of regular expressions and how to apply them in places you weren’t even aware of
  • Stop merely powering through regex and set yourself apart by making it a useful tool in your arsenal
  • Iteratively build and test regular expressions for things you want to match
  • Overcome common gotchas like dealing with whitespace
  • Evaluate the efficiency of expressions by the number of steps it takes to match
  • Get the definitive guide to escaping characters so you’ll know when and how to do it
  • Use quantifiers to match specific numbers of data occurrences
  • Use capture groups to reference specific matched content and perform additional operations on it


A hands-on “choose your own adventure” walkthrough for building an IT security lab for penetration testing, network security monitoring, and more.

  • Enhance your IT or security skills by building a lab that will help you get hands-on practice attacking and defending systems
  • Watch as we walk you through every step you’ll take to build your lab.
  • Evaluate virtualization platforms and become better equipped to choose the hardware you need for your lab
  • Configure virtual networking so that systems can talk to each other securely
  • Learn what types of systems should be contained in a virtual lab
  • Install a network firewall, SIEM, IPS, and network attack platform.
  • Gain familiarity with popular tools like PfSense, Snort, Suricata, Splunk, Kali Linux, and Metasploit.


A free introduction to information security course based on the true story of Cliff Stoll and his bestseller “The Cuckoo’s Egg”.

  • Explore the field of information security with this dive into various specialties of the field
  • See how much (and how little) has changed in the field over the thirty years since the book was released
  • Watch course instructor Chris Sanders complete demonstrations of modern attack and defense concepts
  • Track a persistent intrusion campaign across the globe from the perspective of a network defender
  • Complete individual exercises and lab work to take the course further and gain exposure to new tools and skills