Entirely Practical Exam
We offer a unique and comprehensive practical exam unlike any other. Our exam includes practical application, multiple detections from various log sources, and thoroughly reviewed by the course author - not automated.
This course emerged from the frustration with bloated Detection Engineering education, brimming with superfluous history and irrelevant content. Our mission is clear: to equip you with the knowledge required for instant contribution to a Detection Engineering team. No need for five courses, twenty books, or a multitude of blogs - we’ve got you covered.
The early access price will be $225 for a limited time with 48 lab hours, and two DE1 Exam attempts included. The course will go up to $399 upon full release toward end of Q2. The first several modules are available now as of April 5th, with subsequent modules released every month until full release.
Acquire the essential skills to become a valuable asset in a detection engineering program. Our aim is not to teach you the basics of Cybersecurity, but rather to delve deeper into those concepts. From mastering regular expressions and analyzing log files to creating powerful detections, we will guide you every step of the way.
Building upon the foundations laid in the first half, you will become an indispensable member of a detection engineering program. Malware Analysis? We've got you covered. Attack Emulation? We've got that too.
Discover why these skills are crucial for a seasoned detection engineer and learn how to seamlessly integrate them into a Detection-as-Code pipeline.
Be able to create advanced detection logic utilizing the full detection life cycle, regular expressions, correlations, and several rule formats capable of being placed in production environments.
Increased capability and confidence in malware analysis and adversary emulation skills to be used in creation of detection logic.
Level Effect’s Cybersecurity Fundamentals courses starting with IT
1+ years of professional experience in technology, preferably Cybersecurity
Hobbyists with a solid understanding of Cybersecurity - preferably skills and familiarity with completing extracurricular activities on platforms such as Blue Team Labs and HackTheBox
Modules
Units
Quizzes
Labs
Name: Tallis Jordan of Team Ghost (LinkedIn)
Positions Held: Lead Incident Response, Threat Detection Engineer, Purple Team Engineer, and Senior Threat Hunter
Diverse Experience: SOC Prime (Detection Specialty), Nuspire (MSSP), Army (Federal), 2K (Internal Security)
Volunteer Work: Director of Operations @ VetSec
Certifications: GREM, GCFA, GCFE, GCIA, GPYC, GPEN, GCIH, GSEC, OSCP, OSWP, PNPT, PJMR, eCTHP, CDCP Gold, BTL1
Get to know more about Tallis Jordan, the course author and his journey into Detection Engineering, and why he decided a course like this needs to exist in the training landscape.
Check out the recording from our live event we hosted where our community had a chance to ask anything and everything about Detection Engineering with the author and our team!
We offer a unique and comprehensive practical exam unlike any other. Our exam includes practical application, multiple detections from various log sources, and thoroughly reviewed by the course author - not automated.
We utilize real malware that utilizes techniques you will see in the wild to teach our concepts and not just CTF or canned scenarios. You'll also find custom malware on the exam made by the course authors that you won't find online - this ensures exam integrity.
Dive into a vast array of powerful tools in this comprehensive course, with over 17+ tools at your disposal. From FLOSS and HxD to Hidra, Wireshark, tshark, pySigma, Zeek, PEStudio, INetSim, RegShot, x64dbg, Caldera, and C2 Frameworks, and more
Our authors boast a combined experience of over 4.5 years in distinguished roles within the realm of senior detection engineering, and certifications on top. This isn't a theory course to memorize and then forget - it has been exclusively crafted by and for professionals in the field of detection engineering.
Experience the power of a fully equipped cyber range, right at your fingertips. Accessible through any browser, our private cyber range offers a curated selection of cutting-edge machines, including REMnux, FLARE, Kali, an Analyst Workstation, ELK, and even a small enterprise network.
Gain exclusive access to a private Discord community as well as repository packed with cutting-edge detection logic crafted by both students and instructors. Join forces with a talented and vibrant community to collaborate and enhance your skills long after the course concludes.
Develop the skills for cybersecurity threat detection and analysis over 10 modules, learning how to create sophisticated detection strategies for a wide range of cyber threats, both in network traffic and endpoint security.
Learn how to use Regular Expressions to identify threats or suspicious activity
Access large datasets utilizing complex matching requirements.
9 units, 9 quizzes, 3 labs
“Yara is to files what Snort is to network traffic.”
Learn Yara and Snort to create detection logic for both endpoint and network traffic - basic to advanced.
You’ll discover tools such as: Strings, FLOSS, HxD, Ghidra, Wireshark, tshark, and more.
13 units, 7 quizzes, 7 labs
Gain knowledge of the creation and implementation of “universal” Sigma detection rules.
Learn how to convert rules and write your own conversion backend for customized datasets.
You’ll discover tools such as: Visual Studio Code, pySigma, and Sigma CLI.
4 units, 3 quizzes, 3 labs
Utilize Elastic to become familiar with analyzing ingested logs with query languages.
You’ll discover log sources such as: Windows Event Logs, Sysmon, Syslog, and Zeek.
6 units, 6 quizzes, 6 labs
Touch on the four phases of malware analysis to bolster your capabilities with detection logic: Basic Static, Basic Dynamic, Advanced Static, and Advanced Dynamic analysis.
You’ll discover tools such as: PEStudio, INetSim, Sysinternals Suite, RegShot, x64dbg, and more.
5+ units, 5+ quizzes, 5+ labs
Learn how to take threat actor behaviors and emulate them in a lab environment for analysis.
You’ll discover tools such as: Atomic Red Team, Caldera, C2 Frameworks, Kali Linux, and more.
5+ sections, 5+ quizzes, 5+ labs
Familiarize yourself with industry frameworks and learn the difference between detection logic utilizing indicators of compromise or behaviors.
Begin creating detections based on a sound methodology and guidelines - starting simple and moving to advanced.
Learn how to document the “metadata” for your logic, including investigation and incident response steps.
You’ll discover frameworks such as: Pyramid of Pain, Cyber Kill Chain, and MITRE ATT&CK.
12 sections, 5 quizzes, 3 labs
Discover “Detection-as-Code” and why it is the gold standard for detection engineering programs; documented, agile, code, version control, CI/CD pipelines, and testing.
Explore some real world malware, threat actor techniques, and the detections behind them.
3 sections, 3 labs
Cover the bases on logging and potential security implications within the major cloud providers; AWS, Azure, and GCP.
This section is going to continue to receive a drip of additional content post-release
Prerequisites: completion of Detection Engineering 100 and associated labs OR 1+ year(s) of experience in a threat role (Threat Hunter, Threat Detection Engineer).
You will receive custom pieces of malware, as well as a specified technique to emulate, at the beginning of this exam and work to move through the detection life cycle in the range; from identification, emulation, testing, utilizing a CI/CD pipeline, and submitting documentation for your work. You will be responsible for creating detection logic for all malware samples, attack emulations, and the report in the range. However, this must be a full repertoire of detection logic covering all possible log sources and compatible platforms (i.e. Yara, Sigma, Windows Event Logs, Sysmon, etc).
The CI/CD pipeline will be Github. This will encompass a private repository of detection logic made by the students, accessible to ALUMNI ONLY.
Your detection logic must be submitted in the correct file formats in a working capacity for review by the course author.
His technical expertise in Cybersecurity and professionalism has provided me with a role model. His mentorship has helped me achieve my goals of making it into the industry - saving me enormous amounts of time with his guidance.
Tallis embodies the pinnacle of mentorship and leadership. He has guided me and pushed me to new heights; his confidence in me ignited a flame of pursuit towards achievement I never knew I possessed.
He has exposed me to an arsenal of skills and tools, guiding me through learning exploit development and reverse engineering. He doesn't hesitate to jump in and help when you get stuck either, no matter what it is.
He readily shares his expertise, benefiting not only me, but everyone around him. I'm grateful for the opportunity to learn from him and value his organic guidance in order to advance my career.
The course will have multiple purchasing tiers upon release. These tiers will meet the different needs of each student (i.e. course purchase with exam attempt, etc) and will soon be listed on the course page.
We are also working on getting regional pricing so that it is affordable to the rate of your residence/citizenship. More details on this coming later!
Yes. You will have unlimited access to the course material and may purchase your lab time in three different packages.
Once you purchase your lab time, you will consume hours while the range is running. At the completion of your lab time, if you do not purchase an extension, your range will be destroyed.
Very. You can usually contact the instructor via Discord, or via email alternatively. Those contact methods will be available within the course.
No, the lab work contained within this course is hosted on a virtual range through Level Effect. All you need is a computer that can run a browser, Zoom, and Discord with a stable internet connection.
No, but please be aware the course and exam will be entirely in English.