ECDA

The Endolum Certified Cyber Defense Analyst (ECDA) certification demonstrates a candidate's ability to conduct incident response analysis using SIEM tools. Candidates must understand how SIEMs work, analyze logs from Windows and Linux systems, and trace the entire attack chain of a threat actor, including initial access, persistence mechanisms, privilege escalation, and data exfiltration.

Price Field Prerequisites
289 CHF Cyber Defense 3 Modules

Target Audience

  • Red Teamers
  • Pen Testers
  • Security Analysts
  • Threat Hunters
  • Detection Engineers

The Exam

The candidate will work within an on-demand SIEM instance to perform an incident response. They must analyze security-relevant Windows and Linux logs to uncover how a threat actor gained initial access, what actions they performed, how they escalated privileges, persistence mechanisms used, and what data was exfiltrated. Understanding the full attack chain is essential. No VPN or remote Desktop Software is required, the vulnerable website are directly accessible by a modern browser.

Exam Format

The exam is conducted in an on-demand instance where candidates will have access to compromised systems and forensic images. They are required to analyze the provided data, uncover evidence of malicious activities, trace the threat actor's actions, and report on data exfiltration incidents. A stable internet connection is required. No VPN or remote Desktop Software is required, the vulnerable website are directly accessible by a modern browser.

Topics Covered

  • Recognize common TTPs
  • Log analysis and correlation
  • SIEM query languages
  • Log sources
  • And many more....

Learning Outcomes

  • Conduct comprehensive incident response in a SIEM environment.
  • Analyze and interpret Windows and Linux logs to identify security incidents.
  • Trace the attack chain of threat actors, including techniques and tactics used.
  • Identify persistence mechanisms and privilege escalation methods.

Prerequisites

* Theses requirements are optional. It is not required to buy these courses but it improves the chances of passing the certification exam when the courses have been completed.