Introducing our Advanced Cyber Defense Analyst Course

Improve muscle memory and gain deep subject matter expertise in incident response by taking our advanced cyber defense analyst course. Just as a pilot must train in a flight simulator, the most important aspect of cyber security preparedness is a team's (or an analyst's) ability to train in a simulated, environment with real-life attack scenarios. This environment enables our students to practice defending against some of the world's most threatening attack vectors, including those listed here.

advanced cyber defense analyst

Students will gain firsthand experience using a wide variety of popular vendor products used in enterprise environments.

paloalto logrhythm paloalto paloalto paloalto paloalto

Who can attend?


Cyber Security Professionals


SOC Analysts


Cyber Enthusiasts


Alumni of Cyber Defense Analyst Course

Incident Response Simulation

scenario icon SQL Injection

In this scenario, a series of security flaws pertaining to a public web server under your control enables the attacker to exploit the system using SQL injection exploitation techniques. The successfulnefarious activities of the attacker pivot to internal systems, extract privileged information and interfere with business processes. Participants will learn to identify the attack through SQL, Firewall and SIEM log analytics and implement controls to block additional data exfiltration, lateral movement and protect the organization from future malicious activity.


An unsuspecting employee receives a spear phishing email containing an infected office document. Once the employee opens the document, a hidden macro executes and downloads an image file from attacker controlled infrastructure. The macro proceeds to decode a payload hidden inside of the image file and executes it. Upon execution, the malware begins to move laterally and search for specific file extensions residing on any file shares accessible from the victim’s computer. Once files are discovered, the malware proceeds to exfiltrate the contents to a second attacker owned IP address.

scenario icon DDOS SYN FLOOD

In this scenario, internet bots are leveraged to generate a large amount of traffic targeting one of the organization’s websites. The traffic floods and eventually overloads the bandwidth and resources of the target, crippling the server and causing a denial-of-service (DoS). Participants will identify and mitigate the attack using various tools to successfully defend the attack, implement rules to prevent subsequent attacks and restore services and operational functionality.

scenario icon WEB DEFACEMENT

In this scenario, an attack using bruteforce techniques is launched against the SSH daemon on an Apache web server. The attacker, upon successful breach of credentials, defaces the website with their own “hacked “version prior to detection. Participants must first identify and subsequently stop the attacker from taking further actions and correct the defacement in order to maintain the company’s image.

scenario icon RANSOMWARE

In this scenario, an unsuspecting employee opens a legitimate looking email from a trusted source with an attached document, and the omious message demands for the transfer of bitcoin to unlock their system. Within minutes of opening the attachment, the user’s system has been compromised. Participants must contain the incident and learn proper handling and response techniques in order to solve the case and save the organization from complete lockdown.

scenario icon WPAD MAN IN THE MIDDLE

In this scenario, a Man-in-the-Middle (MiTM) attack is executed on the network where the attacker impersonates a legitimate proxy in the segment in order to deceive victim hosts. In this complex scenario, participants will use advanced detection and prevention techniques to mitigate the scenario before significant data is exfiltrated from the environment, leaving the organization in a more vulnerable position.


This scenario demonstrates how a sophisticated attacker, using multiple methods of pivoting within the system, circumvents numerous security mechanisms allowing access to segments of the network that are otherwise unavailable. Participants will use advanced detection and prevention techniques to mitigate the scenario before significant data is exfiltrated from the environment.


An attacker leverages a SQL Injection vulnerability against a target website in order to gain access and proceed with moving laterally throughout the network. The attacker pillages sensitive data and exfiltrates the contents to an attacker controlled command and control (C2) server.

The training platform delivers individual instructor-led training exercises or a series of exercises to ensure that our students or teams of security professionals are prepared for a multitude of potential cyber-attacks. Up to 20 people can log into a live private session with a session lasting anywhere from 2 to 4 hours. Custom scenarios can also be designed to last longer.

Price: $650

Other Courses

Cyber Defense Analyst

Self-paced practitioner-focused, work role-based course that prepares students for entry level roles in cyber security


Cyber Security Program Auditor

Self-paced course that provides IT audit and assurance professionals with the skills, knowledge, and abilities needed to excel in cyber security audits



Join us and do big things


Subscribe for updates

Stay on top of the latest blog posts, news and announcements