Welcome to our course catalog! Every course is taught online and on demand. Courses with an on-site option are denoted as such. Click the Learn More button under each course to view a more detailed syllabus and pricing, or to enroll.
Learn the process of conducting security investigations regardless of the toolset.
A simple investigation framework to ensure you’ll never get stuck or overwhelmed by data when pursuing leads.
The characteristics of evidence and which sources will provide the most value.
A formula for building investigation playbooks that will help you get to the right conclusion faster and consistently.
Useful techniques for building timelines, making threat hunting observations, and optimizing your workflow through the principle of mise en place.
A structured system to ensure you’re never at a loss for what to hunt for, where to find it, and how to see it amongst the noise.
Two ways to get started: attack-based hunting (ABH) and data-based hunting (DBH)
Techniques for leveraging threat intelligence and the MITRE ATT&CK framework for hunting input
The 9 most common types of anomalies you’ll encounter when reviewing evidence
A 5-step framework for dissecting and simulating attacks to prepare for hunting expeditions
The 4 ways threat hunters most commonly transform data to spot anomalies
My two-step system for effective note taking while hunting
Get hands-on experience capturing, dissecting, and making sense of packets.
5 techniques for capturing packets in any scenario and how to know which one is appropriate
A tutorial on using packet maps to navigate protocols along with color-coded printable maps for all the most common protocols you’ll encounter.
Learn all of Wireshark’s analysis features including how to create graphs, traverse protocol hierarchy charts, and generate stats that are simple AND useful.
My tips for customizing your analysis environment by using features like Wireshark profiles, custom columns, and individual packet color coding.
Techniques for extracting complete files from network communication via multiple protocols — even custom malware command and control.
How to use tshark and tcpdump to perform packet analysis on the command line.
How to approach and dissect these protocols: IPv4, IPv6, TCP, UDP, DHCP, DNS, HTTP, SMTP, and ICMP.
Learn what normal looks like so you can spot abnormal when you encounter it.
Level up your host-based investigation skills with one of the best tools for the job.
How to craft SQL queries to interrogate Windows, Linux, and MacOS hosts
Common queries for performing software inventory and asset control
Strategies for interrogating processes to determine if they are malicious
Techniques for uncovering persistence and lateral movement
Triaging suspicious systems using high-value data tables
Hunting leveraging MITRE ATT&CK techniques
Complete deployment of distributed Osquery across your network using Kolide Fleet and ElasticStack
Unlock the power of signature-based detection to find threats on your network.
Learn the basics of the Suricata rule language and how to develop custom detection signatures
Dissect real-world packet captures to turn attack examples into actionable detection
Deploy, automatically update, and customize public rulesets like the popular Emerging Threats ruleset
Use EveBox and JQ to manipulate Suricata output and launch investigations from the alerts it generates
Gain practical deployment advice for deploying Suricata in your enterprise
Learn techniques for configuring Suricata in test, development, and production environments.
Utilize Suricata’s output modes for flexible alert output and protocol logging
Unlock the power of Bro / Zeek to build detection and logging scripts.
Learn the fundamentals of Bro scripting with hands-on, real-world scripts being developed along the way.
Create sample scripts to detect large HTTP flows, extract files based on their MIME type, determine the ratios of HTTP request methods, filter protocols, and more.
Practice techniques for debugging and analyzing new and existing scripts.
Gain insight into best practices for building your own custom Bro events.
Leverage Bro’s frameworks: intel, file analysis, input, summary statistics, notice, and more.
Master your data by learning how to centralize, parse, and analyze it using the popular open source ELK toolkit.
Store, index, and search data in a centralized location with Elasticsearch.
Explore the most useful Logstash plugins to effectively collect and manipulate structured and unstructured data.
Learn techniques for searching data and building useful visualizations and dashboards with Kibana.
Watch step-by-step guides for building data pipelines for common data sources: HTTP proxy logs, Bro/Zeek logs, file-based logs, Windows events and Sysmon data, netflow, and IDS alerts.
Learn my system for writing that communicates a clear message, keeps your reader engaged, and creates meaningful change.
My repeatable system for faster, more effective security writing through storytelling and empathy development.
Techniques to bridge the gap between technical and non-technical audiences.
The critical components of a penetration testing report and how to write one so that network owners will finally take your findings and recommendations to heart.
How to write compromise reports that aren’t boring, and help stakeholders understand the scope of an attack that has occurred.
How to write more effective short-form communication, including e-mails, case notes, and chat messages.
Learn to wield the full power of regex for searching in your SIEM, building detection rules, and more.
Learn the most common uses of regular expressions and how to apply them in places you weren’t even aware of
Stop merely powering through regex and set yourself apart by making it a useful tool in your arsenal
Iteratively build and test regular expressions for things you want to match
Overcome common gotchas like dealing with whitespace
Evaluate the efficiency of expressions by the number of steps it takes to match
Get the definitive guide to escaping characters so you’ll know when and how to do it
Use quantifiers to match specific numbers of data occurrences
Use capture groups to reference specific matched content and perform additional operations on it
A hands-on “choose your own adventure” walkthrough for building an IT security lab for penetration testing, network security monitoring, and more.
Enhance your IT or security skills by building a lab that will help you get hands-on practice attacking and defending systems
Watch as we walk you through every step you’ll take to build your lab.
Evaluate virtualization platforms and become better equipped to choose the hardware you need for your lab
Configure virtual networking so that systems can talk to each other securely
Learn what types of systems should be contained in a virtual lab
Install a network firewall, SIEM, IPS, and network attack platform.
Gain familiarity with popular tools like PfSense, Snort, Suricata, Splunk, Kali Linux, and Metasploit.
A free introduction to information security course based on the true story of Cliff Stoll and his bestseller “The Cuckoo’s Egg”.
Explore the field of information security with this dive into various specialties of the field
See how much (and how little) has changed in the field over the thirty years since the book was released
Watch course instructor Chris Sanders complete demonstrations of modern attack and defense concepts
Track a persistent intrusion campaign across the globe from the perspective of a network defender
Complete individual exercises and lab work to take the course further and gain exposure to new tools and skills