Threat Analysis (Coursera)

Threat Analysis (Coursera)

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

By the end of the course, you will be able to:
•Use the classic kill chain model to perform network security incident analysis
• Describe the reconnaissance phase of the classic kill chain model
• Describe the weaponization phase of the classic kill chain model
• Describe the delivery phase of the classic kill chain model
• Describe the exploitation phase of the classic kill chain model
• Describe the installation phase of the classic kill chain mode l
• Describe the command-and-control phase of the classic kill chain model
• Describe the actions on objectives phase of the classic kill chain model
• Describe how the kill chain model can be applied to detect and prevent ransomware
• Describe using the diamond model to perform network security incident analysis
• Describe how to apply the diamond model to perform network security incident analysis using a threat intelligence platform, such as ThreatConnect
• Describe the MITRE ATTACK framework and its use
• Walk-through the classic kill chain model and use various tool capabilities of the Security Onion Linux distribution
• Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors.
To be successful in this course, you should have the following background:

  1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course
  2. Familiarity with Ethernet and TCP/IP networking
  3. Working knowledge of the Windows and Linux operating systems
  4. Familiarity with basics of networking security concepts.

Course 5 of 7 in the Cybersecurity Operations Fundamentals Specialization.

Syllabus

WEEK 1
Understanding Incident Analysis in a Threat-Centric SOC
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC. By the end of the course, you will be able to: • Use the classic kill chain model to perform network security incident analysis • Describe the reconnaissance phase of the classic kill chain model • Describe the weaponization phase of the classic kill chain model • Describe the delivery phase of the classic kill chain model • Describe the exploitation phase of the classic kill chain model • Describe the installation phase of the classic kill chain mode l• Describe the command-and-control phase of the classic kill chain model • Describe the actions on objectives phase of the classic kill chain model • Describe how the kill chain model can be applied to detect and prevent ransomware • Describe using the diamond model to perform network security incident analysis • Describe how to apply the diamond model to perform network security incident analysis using a threat intelligence platform, such as ThreatConnect • Describe the MITRE ATTACK framework and its use • Walk-through the classic kill chain model and use various tool capabilities of the Security Onion Linux distribution • Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

WEEK 2
Identifying Common Attack Vectors
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand common attack vectors. By the end of the course, you will be able to: • Identify the common attack vectors • Explain DNS terminology and operations • Describe the automated discovery and registration process of the client public IP addresses via DDNS • Describe the process of recursive DNS queries • Describe HTTP operations and traffic analysis to identify anomalies in the HTTP traffic • Describe the use of and operation of HTTPS traffic • Describe the use of and operation of HTTP/2 and streams • Describe how SQL is used to query, operate, and administer relational database management systems, and how to recognize SQL based attacks• Describe how the mail delivery process works, and SMTP conversations • Describe how web scripting can be used to deliver malware • Explain the use of obfuscated JavaScript by the threat actors • Explain the use of shellcode and exploits by threat actors • Understand the three basic types of payloads within the Metasploit framework (single, stager, and stage) • Explain the use of directory traversal by the threat actors • Explain the basic concepts of SQL injection attacks • Explain the basic concepts of cross-site scripting attacks • Explain the use of Punycode by threat actors • Explain the use of DNS tunneling by threat actors • Explain the use of pivoting by threat actors • Describe website redirection with HTTP 302 cushioning • Describe how attackers can gain access via web-based attacks • Understand how threat actors use exploit kits • Describe the Emotet APT • Play the role of both attacker to simulate attacks, and the role of analyst to analyze the attacks. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

WEEK 3
Identifying Malicious Activity
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you Identify Malicious Activity. By the end of the course, you will be able to: • Explain why security analysts need to understand the network design that they are protecting • Understand the role of the design of the network that you are protecting • Define the different threat actor types • Provide an example of log data search using ELSA • Explore logging functionality in context to Linux systems • Describe how the Windows Event Viewer is used to browse and manage event logs • Describe the context of a security incident in firewall syslog messages • Describe the need for network DNS activity log analysis • Describe web proxy log analysis for investigating web-based attacks • Describe email proxy log analysis for investigating email-based attacks • Describe AAA server log analysis • Describe NGFW log analysis for incident investigation • Describe application log analysis for detecting application misuse • Describe the use of NetFlow for collecting and monitoring of network traffic flow data • Explain the use of NetFlow as a security tool • Describe network behavior anomaly monitoring for detecting deviations from the normal patterns • Describe using NetFlow for data loss detection• Explain how DNS can be used by the threat actors to perform attacks • Describe intrusion prevention system evasion techniques • Explain the Onion Router network and how to detect Tor network traffic • Describe gaining access and control in context to endpoint attacks• Describe peer-to-peer file sharing and risks • Describe encapsulation techniques including DNS tunneling • Explain how to prevent attackers from modifying a device's software image • Explore how attackers leverage DNS in their attacks • Analyze data for investigation of a security event. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

WEEK 4
Identifying Patterns of Suspicious Behavior
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you identify patterns of suspicious behavior. By the end of the course, you will be able to: • Explain the purpose of baselining the network activities • Explain how to use the established baseline to identify anomalies and suspicious behaviors • Explain the basic concepts of performing PCAP analysis • Explain the use of a sandbox to perform file analysis • Investigate suspicious activity using the tools within Security Onion. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

Go to Class
MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

The Cybersecurity Culture Blueprint: A Proactive Approach (Coursera) Coursera
LearnQuest

The Cybersecurity Culture Blueprint: A Proactive Approach (Coursera)

In today's rapidly evolving digital landscape, the importance of cybersecurity cannot be overstated. Threats to organizations, both large and small, are on the rise, and the consequences of security breaches can be devastating. It's no longer enough to rely solely on technical solutions; a resilient cybersecurity culture is essential.

Aug 3rd 2026
4 Weeks
Cybersecurity Awareness and Innovation (Coursera) Coursera
EIT Digital

Cybersecurity Awareness and Innovation (Coursera)

It’s not you, it’s me! What’s going on? This course empowers students, professionals and wider community to deal with cybersecurity attacks and risks focused on identity management and it is an introduction to the upcoming full course focused on cybersecurity awareness. It is provided a practical overview of challenging issues like identity credentials management and security, e-mail threats and web impersonation, or web hacking.

Aug 3rd 2026
5-12 Weeks
Cybersecurity and Its Ten Domains (Coursera) Coursera
University System of Georgia

Cybersecurity and Its Ten Domains (Coursera)

This course is designed to introduce students, working professionals and the community to the exciting field of cybersecurity. Throughout the MOOC, participants will engage in community discourse and online interaction. Participants will gain knowledge and understanding of cybersecurity and its domains. They will engage with expertly produced videos, gain insight from industry experts, participate in knowledge assessments, practice assessing their environmental awareness, and gain access to materials that address governance and risk management, compliance, business continuity and disaster recovery, cryptography, software development security, access control, network security, security architecture, security operations, and physical and environmental security.

Aug 3rd 2026
5-12 Weeks
Security and Privacy in TOR Network (Coursera) Coursera
University of Colorado System

Security and Privacy in TOR Network (Coursera)

In this MOOC, we will learn about TOR basic concept and see how they protect the security and privacy of users and resist censorship. We will examine how TOR realize the anonymity and utilize its service by downloading and using Tor browser software. A recent attack on TOR’s application flow control called sniper attacks is analyzed.

Aug 3rd 2026
4 Weeks
Competencias digitales. Conceptos y herramientas básicas (Coursera) Coursera
Universitat Autònoma de Barcelona

Competencias digitales. Conceptos y herramientas básicas (Coursera)

Los continuos cambios tecnológicos, sobre todo en aquellos aspectos vinculados a las tecnologías de la información y la comunicación (TIC) hacen que las personas tengan la necesidad de actualizarse de forma continua para que sus conocimientos no queden obsoletos. En este contexto, para las empresas se convierte en algo imprescindible disponer de profesionales que tengan las competencias necesarias para ejercer con éxito las actividades que requieren en su lugar de trabajo.

Aug 3rd 2026
4 Weeks
Introduction to Cybersecurity Fundamentals (Coursera) Coursera
Coursera Instructor Network

Introduction to Cybersecurity Fundamentals (Coursera)

"Introduction to Cybersecurity Fundamentals" is a concise yet comprehensive course designed to provide participants with a solid understanding of the essential principles and practices in the field of cybersecurity. In just 90 minutes, learners will embark on a journey into the world of cybersecurity, learning to think like a hacker and developing strategies to protect data and networks. Through engaging lessons and demonstrations, this course will empower participants with the knowledge needed to defend against common cyber threats and install best practices for safeguarding data and privacy.

Aug 3rd 2026
1 Week
In the Trenches: Security Operations Center (Coursera) Coursera
EC-Council

In the Trenches: Security Operations Center (Coursera)

Cyber-attacks, breaches, and incidents continue to grow. The sophistication and complexity of these attacks continue to evolve. More than ever organizations need to plan, prepare, and defend against a potential cyber incident. Security Operation Centers (SOCs) act as an organization's front-line defense against cyber incidents. SOC analyst accomplishes this by monitoring and responding to network and host anomalies, performing an in-depth analysis of suspicious events, and when necessary, aiding in forensic investigations.

Aug 3rd 2026
4 Weeks
Gobierno Digital (Coursera) Coursera
Inter-American Development Bank - IDB

Gobierno Digital (Coursera)

La revolución digital ya está presente en muchos aspectos de nuestra vida, ¿y en nuestros gobiernos? Para seguir el ritmo de ciudadanos hiperconectados y del comercio que ahora es cada vez más digital, los gobiernos no se pueden quedar atrás. Muchos países tienen un alto nivel de interés: el 75% de gobiernos ya cuentan con una estrategia de gobierno digital. Sin embargo, estos esfuerzos no se han traducido a la práctica ya que, en 2017, solo el 7% ciudadanos latinoamericanos hizo un trámite en línea.

Aug 10th 2026
4 Weeks
Malware Analysis and Introduction to Assembly Language (Coursera) Coursera
IBM

Malware Analysis and Introduction to Assembly Language (Coursera)

Malicious software, or malware, is typically delivered over a network and is designed to cause disruption to a computer, client, server, or network. Disruptions can include leaked private information, unauthorized access to information or systems, blocked user access, interference with security and privacy, or numerous other variations of attacking systems.

Aug 10th 2026
5-12 Weeks
Risk in Modern Society (Coursera) Coursera
Leiden University,LDE Centre for Safety and Security

Risk in Modern Society (Coursera)

Risk has become one of the defining features of modern society. Almost daily, we are preoccupied with assessing, discussing, or preventing a wide variety of risks. It is a cornerstone notion for businesses and organizations, but also for nation states and their many levels of government. And even for individuals, risk and the avoidance or embracing thereof, is a key theme. The course Risk in Modern Society sheds light on the broad concept of risk.

Aug 3rd 2026
5-12 Weeks