In this lecture, you’ll learn what defines a cyber incident, explore real-world attacker tactics using the Cyber Kill Chain model, and understand how threat actors operate. You’ll also get introduced to the MITRE ATT&CK framework for classifying incidents.

After this lecture, you’ll be able to:

• Identify what constitutes a cyber incident

• Recognise common attacker methods and motivations

• Understand the stages of a cyberattack

• Use the MITRE ATT&CK framework to categorise incidents

Understanding the Cyber Kill Chain and MITRE ATT&CK Framework

In this lecture, you'll learn how cyberattacks unfold step-by-step using the Cyber Kill Chain model and how to analyse attacker behaviour using the MITRE ATT&CK framework. By the end, you'll be able to identify tactics and techniques used by threat actors and apply this knowledge to improve threat detection and incident response.

Colonial Pipeline Ransomware Attack – Case Study

In May 2021, Colonial Pipeline, the largest fuel pipeline in the U.S., was hit by a ransomware attack from the DarkSide group. The company shut down operations, causing major fuel shortages along the East Coast. This case highlights the critical impact of cyberattacks on national infrastructure and the importance of strong cybersecurity practices.

Understand what a cybersecurity incident is, how to respond using the NIST framework, and the roles of SOC teams and responders during each phase. Learn key IR phases, tools, and communication best practices — fast.

• Identify real incidents

• Understand NIST IR phases

• Know SOC levels & team roles

• Improve response & reporting

Perfect for beginners in cybersecurity or IT.

Learn how to spot threats early, confirm what’s real, and assess the impact fast. This lesson covers passive alerts, active threat hunting, handling false positives, and building an Initial Impact Assessment using real-world tools and templates.

• Detect incidents with SIEM or threat hunts

• Filter out false positives

• Assess service & data impact

• Write a clear impact report

Ideal for SOC analysts, cybersecurity students, and IT pros building IR skills.

Learn how to isolate cyber threats fast, limit damage, and remove malware safely — without breaking business operations. We’ll cover real-world containment strategies (manual, automated, tiered) and proven eradication methods (cleaning, reimaging, backup recovery).

• Use isolation to stop lateral movement

• Apply smart containment based on system criticality

• Eradicate threats fully using hybrid tools

• Recover quickly while preserving evidence

Essential for anyone working in SOC, IT, or incident response.

Learn how to safely restore systems, protect business continuity, and validate clean recovery after a cyberattack. We cover RTO/RPO basics, restoring databases and file servers, cleaning compromised accounts, and verifying systems are truly secure.

• Understand RTO vs RPO (time & data loss)

• Restore systems using backups, snapshots & replication

• Validate recovery with scans, IOCs & automation

• Apply patches, fix configs, and clean user access

Critical for cybersecurity, IT, and business continuity teams.

Learn how to collect, preserve, and analyze digital evidence during cyber incidents. You’ll explore key forensics tools, evidence handling procedures, memory/disk imaging, chain of custody, and legal frameworks (like RFC 3227 and ISO 27037).

• Identify & preserve digital evidence correctly

• Use tools like FTK Imager, dd, and Volatility

• Understand write blockers, hashing & secure storage

• Follow legal & procedural forensics standards

Perfect for beginners in cybersecurity, IR, or SOC teams.

Master the art of communicating during a cyber crisis. This lesson teaches how to prepare clear messaging, manage stakeholders, and protect your brand when an incident hits — using real-world tools, templates, and post-incident review strategies.

• Build & test IR communication plans

• Communicate clearly during and after incidents

• Tailor messages for execs, staff, customers & regulators

• Handle media, social channels & reputation recovery

Ideal for cybersecurity, PR, compliance, and IT leaders.

Learn how to turn incidents into improvement. This lesson walks through how to document cybersecurity incidents, analyze root causes, assess impact, and run lessons-learned meetings — all without blame. Includes report templates, metrics, and real-world case studies.

• Build a complete post-incident report

• Analyze root causes (not just symptoms)

• Measure impact, timelines & trends

• Drive accountability and long-term improvement

Great for SOC analysts, IR teams, and IT leaders.