Threat Analysis (Coursera)

Threat Analysis (Coursera)

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

By the end of the course, you will be able to:
•Use the classic kill chain model to perform network security incident analysis
• Describe the reconnaissance phase of the classic kill chain model
• Describe the weaponization phase of the classic kill chain model
• Describe the delivery phase of the classic kill chain model
• Describe the exploitation phase of the classic kill chain model
• Describe the installation phase of the classic kill chain mode l
• Describe the command-and-control phase of the classic kill chain model
• Describe the actions on objectives phase of the classic kill chain model
• Describe how the kill chain model can be applied to detect and prevent ransomware
• Describe using the diamond model to perform network security incident analysis
• Describe how to apply the diamond model to perform network security incident analysis using a threat intelligence platform, such as ThreatConnect
• Describe the MITRE ATTACK framework and its use
• Walk-through the classic kill chain model and use various tool capabilities of the Security Onion Linux distribution
• Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors.
To be successful in this course, you should have the following background:

  1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course
  2. Familiarity with Ethernet and TCP/IP networking
  3. Working knowledge of the Windows and Linux operating systems
  4. Familiarity with basics of networking security concepts.

Course 5 of 7 in the Cybersecurity Operations Fundamentals Specialization.

Syllabus

WEEK 1
Understanding Incident Analysis in a Threat-Centric SOC
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC. By the end of the course, you will be able to: • Use the classic kill chain model to perform network security incident analysis • Describe the reconnaissance phase of the classic kill chain model • Describe the weaponization phase of the classic kill chain model • Describe the delivery phase of the classic kill chain model • Describe the exploitation phase of the classic kill chain model • Describe the installation phase of the classic kill chain mode l• Describe the command-and-control phase of the classic kill chain model • Describe the actions on objectives phase of the classic kill chain model • Describe how the kill chain model can be applied to detect and prevent ransomware • Describe using the diamond model to perform network security incident analysis • Describe how to apply the diamond model to perform network security incident analysis using a threat intelligence platform, such as ThreatConnect • Describe the MITRE ATTACK framework and its use • Walk-through the classic kill chain model and use various tool capabilities of the Security Onion Linux distribution • Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

WEEK 2
Identifying Common Attack Vectors
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand common attack vectors. By the end of the course, you will be able to: • Identify the common attack vectors • Explain DNS terminology and operations • Describe the automated discovery and registration process of the client public IP addresses via DDNS • Describe the process of recursive DNS queries • Describe HTTP operations and traffic analysis to identify anomalies in the HTTP traffic • Describe the use of and operation of HTTPS traffic • Describe the use of and operation of HTTP/2 and streams • Describe how SQL is used to query, operate, and administer relational database management systems, and how to recognize SQL based attacks• Describe how the mail delivery process works, and SMTP conversations • Describe how web scripting can be used to deliver malware • Explain the use of obfuscated JavaScript by the threat actors • Explain the use of shellcode and exploits by threat actors • Understand the three basic types of payloads within the Metasploit framework (single, stager, and stage) • Explain the use of directory traversal by the threat actors • Explain the basic concepts of SQL injection attacks • Explain the basic concepts of cross-site scripting attacks • Explain the use of Punycode by threat actors • Explain the use of DNS tunneling by threat actors • Explain the use of pivoting by threat actors • Describe website redirection with HTTP 302 cushioning • Describe how attackers can gain access via web-based attacks • Understand how threat actors use exploit kits • Describe the Emotet APT • Play the role of both attacker to simulate attacks, and the role of analyst to analyze the attacks. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

WEEK 3
Identifying Malicious Activity
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you Identify Malicious Activity. By the end of the course, you will be able to: • Explain why security analysts need to understand the network design that they are protecting • Understand the role of the design of the network that you are protecting • Define the different threat actor types • Provide an example of log data search using ELSA • Explore logging functionality in context to Linux systems • Describe how the Windows Event Viewer is used to browse and manage event logs • Describe the context of a security incident in firewall syslog messages • Describe the need for network DNS activity log analysis • Describe web proxy log analysis for investigating web-based attacks • Describe email proxy log analysis for investigating email-based attacks • Describe AAA server log analysis • Describe NGFW log analysis for incident investigation • Describe application log analysis for detecting application misuse • Describe the use of NetFlow for collecting and monitoring of network traffic flow data • Explain the use of NetFlow as a security tool • Describe network behavior anomaly monitoring for detecting deviations from the normal patterns • Describe using NetFlow for data loss detection• Explain how DNS can be used by the threat actors to perform attacks • Describe intrusion prevention system evasion techniques • Explain the Onion Router network and how to detect Tor network traffic • Describe gaining access and control in context to endpoint attacks• Describe peer-to-peer file sharing and risks • Describe encapsulation techniques including DNS tunneling • Explain how to prevent attackers from modifying a device's software image • Explore how attackers leverage DNS in their attacks • Analyze data for investigation of a security event. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

WEEK 4
Identifying Patterns of Suspicious Behavior
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you identify patterns of suspicious behavior. By the end of the course, you will be able to: • Explain the purpose of baselining the network activities • Explain how to use the established baseline to identify anomalies and suspicious behaviors • Explain the basic concepts of performing PCAP analysis • Explain the use of a sandbox to perform file analysis • Investigate suspicious activity using the tools within Security Onion. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

Go to Class
MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

Blockchain Security (Coursera) Coursera
Infosec

Blockchain Security (Coursera)

This course introduces blockchain security, including a description of how the blockchain works at each level of the blockchain ecosystem. The instructor begins with the building blocks that create the structure of blockchain, the cryptography that it uses for security, and the role of hash functions in the blockchain and how they can be attacked. In the next module, the instructor describes what blockchain consensus is, why it’s needed, its underlying theory (Byzantine Fault Tolerance and Security via Scarcity), some of the common consensus algorithms, and the security issues inherent to each variant.

Aug 3rd 2026
5-12 Weeks
Gobierno Digital (Coursera) Coursera
Inter-American Development Bank - IDB

Gobierno Digital (Coursera)

La revolución digital ya está presente en muchos aspectos de nuestra vida, ¿y en nuestros gobiernos? Para seguir el ritmo de ciudadanos hiperconectados y del comercio que ahora es cada vez más digital, los gobiernos no se pueden quedar atrás. Muchos países tienen un alto nivel de interés: el 75% de gobiernos ya cuentan con una estrategia de gobierno digital. Sin embargo, estos esfuerzos no se han traducido a la práctica ya que, en 2017, solo el 7% ciudadanos latinoamericanos hizo un trámite en línea.

Aug 10th 2026
4 Weeks
Learn Firebase (Coursera) Coursera
Scrimba

Learn Firebase (Coursera)

In this comprehensive course, aspiring front-end developers will discover the transformative capabilities of Firebase. By leveraging Firebase's cloud architecture, you can seamlessly incorporate a wide array of features into your applications using HTML, CSS, and JavaScript. This newfound flexibility is underpinned by Firebase's cloud functions, which empower you with dynamic functionalities.

Aug 10th 2026
3 Weeks
Cybercrime (Coursera) Coursera
Royal Holloway, University of London

Cybercrime (Coursera)

This course introduces fundamental notions of cybercrime. Namely, what cybercrime is, the main questions surrounding cybercrime, how cybercrime can be defined, and how it can be studied. You will learn about the difficulties in measuring the occurrence, the frequency and the impact of cybercrime, and build a scepticism on the reliability and the interpretation of cybercrime reports. You will be introduced to discussion about human aspects of cybercrime, in particular, the actors related to cybercrime, that is, the criminals, the victims, and law enforcement.

Aug 3rd 2026
4 Weeks
Foundation to Multi-Cloud (Coursera) Coursera
EDUCBA

Foundation to Multi-Cloud (Coursera)

The "Foundation to Multi-Cloud" course is designed to provide a comprehensive understanding of multi-cloud computing principles, benefits, and challenges. It equips you with the knowledge and skills required to effectively manage and utilize multiple cloud platforms simultaneously. This course introduces the concept of multi-cloud, elucidates its advantages and complexities, and delves into various strategies and technologies for implementing and managing multi-cloud environments.

Aug 10th 2026
3 Weeks
Security & Safety Challenges in a Globalized World (Coursera) Coursera
Leiden University

Security & Safety Challenges in a Globalized World (Coursera)

Security and safety challenges rank among the most pressing issues of modern times. Challenges such as, cyber-crime, terrorism, and environmental disasters impact the lives of millions across the globe. These issues also rank high on the agenda of politicians, international organizations and businesses. They also feature prominently in the public conscience and in governmental policies.

Aug 10th 2026
5-12 Weeks
Security and Privacy for Big Data - Part 1 (Coursera) Coursera
EIT Digital

Security and Privacy for Big Data - Part 1 (Coursera)

This course sensitizes regarding security in Big Data environments. You will discover cryptographic principles, mechanisms to manage access controls in your Big Data system. By the end of the course, you will be ready to plan your next Big Data project successfully, ensuring that all security related issues are under control. You will look at decent-sized big data projects with security-skilled eyes, being able to recognize dangers. This will allow you to improve your systems to a grown and sustainable level.

Aug 10th 2026
1 Week
Cybersecurity Awareness and Innovation (Coursera) Coursera
EIT Digital

Cybersecurity Awareness and Innovation (Coursera)

It’s not you, it’s me! What’s going on? This course empowers students, professionals and wider community to deal with cybersecurity attacks and risks focused on identity management and it is an introduction to the upcoming full course focused on cybersecurity awareness. It is provided a practical overview of challenging issues like identity credentials management and security, e-mail threats and web impersonation, or web hacking.

Aug 3rd 2026
5-12 Weeks
Becoming a Cybersecurity Consultant (Coursera) Coursera
EIT Digital

Becoming a Cybersecurity Consultant (Coursera)

The course targets individuals planning to develop a career in cybersecurity, middle managers and executives. The course covers the following main learning objectives: Threats - Technology - Economics and it is structured in 2 parts: an online part and a face-to-face/live webinar part. The present online course is designed to cover theoretical concepts a Cybersecurity Consultant (medium level) should know.

Aug 10th 2026
3 Weeks
Introduction to Network Security (Coursera) Coursera
University of London,Royal Holloway, University of London

Introduction to Network Security (Coursera)

The security of computer networks is a key element in cyber security. Computer networking provides the foundational connectivity services that are used for the world wide web, distributed computer applications and services, operations and manufacturing, and national infrastructure. This course provides understanding of key technologies used in computer networks and infrastructure. This includes protocols, computer networks, data centres, operational technologies that form key infrastructure critical to the success of organisations and services from a local to an international scale.

Aug 10th 2026
5-12 Weeks
Cybersecurity and Its Ten Domains (Coursera) Coursera
University System of Georgia

Cybersecurity and Its Ten Domains (Coursera)

This course is designed to introduce students, working professionals and the community to the exciting field of cybersecurity. Throughout the MOOC, participants will engage in community discourse and online interaction. Participants will gain knowledge and understanding of cybersecurity and its domains. They will engage with expertly produced videos, gain insight from industry experts, participate in knowledge assessments, practice assessing their environmental awareness, and gain access to materials that address governance and risk management, compliance, business continuity and disaster recovery, cryptography, software development security, access control, network security, security architecture, security operations, and physical and environmental security.

Aug 3rd 2026
5-12 Weeks
Capstone: Autonomous Runway Detection for IoT (Coursera) Coursera
EIT Digital

Capstone: Autonomous Runway Detection for IoT (Coursera)

The students will develop a larger system using the learning outcomes from these courses, and the students will evaluate the developed system in a real-world programming environment. This course is a true engineering task in which the student must, not only implement the algorithm code, but also handle the interfaces between many different actors and hardware platforms.

Aug 10th 2026
3 Weeks