Hacking Tactic, Techniques, and Procedures (TTPs)

Learning about Hackers and Their Tactics to Maximize Security

What you'll learn
- Define key threat and risk-related terms
- Identify and describe the primary categories of hackers (white hat, gray hat, black hat) and explain their ethical boundaries
- Recognize the different characteristics that define adversaries in the cybersecurity landscape, such as motivations, resources, sponsorship, and levels of sophi
- Explain the risks posed by insider threats and shadow IT and how these internal risks differ from external threats
- Explain how cyber attacks are planned and carried out.
- Describe Tactics, Techniques, and Procedures (TTPs) and how they reveal attacker behavior
- Understand the MITRE ATT&CK framework and how it organizes attack tactics and techniques
- List the steps of the Cyber Kill Chain and how it helps defend against attacks
- Describe the Diamond Model of Intrusion Analysis and how it helps analyze attacks
- Define what attack patterns and signatures are and how they are used to identify adversaries
- Explain the purpose of reconnaissance and how attackers gather information
- Describe OSINT techniques, including DNS and website reconnaissance, social media scraping, eavesdropping, and dumpster diving
- Define an attack surface and how it’s analyzed to find an attack vector and vulnerabilities that will be used during an attack
- Explain the concept of weaponization in cyber attacks and the role of brokers in malware distribution
- Identify common types of malware, including viruses, worms, trojans, ransomware, spyware, Command and Control (C2), Remote Access Trojans (RATs), botnets, and f
- Discuss enterprise-level concerns related to malware and strategies for mitigation
- Explain the role of social engineering in cyber attack delivery and how trust is developed with targets
- Identify and describe common social engineering methods and tactics, including impersonation, phishing variants, and physical techniques like tailgating
- Recognize advanced delivery techniques such as typosquatting, domain shadowing, and business email compromise (BEC)
- Understand the impact of emerging tools, including AI, on social engineering attacks
- Identify common vulnerabilities across networks, protocols, hardware, software, virtualization, cloud, cryptography, humans, passwords, processes, and physical
- Explain how different vulnerabilities can be exploited individually or combined through exploit chaining
- Describe techniques for network discovery, reconnaissance, and enumeration, including both wired and wireless methods
- Perform basic network scanning and fingerprinting using tools like Nmap and Wireshark
- Explain wiretapping and sniffing attacks and how they are used to capture network data
- Understand credential harvesting and vulnerability scanning as part of the attack lifecycle
- Explain the concepts of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks and their impact on network availability
- Identify various types of DoS attacks, including jamming, buffer overflow, ping of death, and TCP reset attacks.
- Describe network flooding attacks such as ping flood, TCP SYN flood, UDP flood, DNS flood, amplification, and reflected attacks.
- Demonstrate understanding of Wi-Fi deauthentication, DHCP starvation, and rogue DHCP attacks
- Understand the mechanics behind broadcast storms, directed broadcasts, and smurf attacks
- Explain what Adversary-in-the-Middle (AitM) and replay attacks are, including their impact on communications
- Identify various spoofing attacks, including DHCP spoofing, ARP cache poisoning, DNS cache poisoning, and evil twin attacks
- Understand how these attacks manipulate network traffic and deceive systems or users
- Identify common software vulnerabilities using frameworks like Common Weakness Enumeration (CWE) and OWASP Top 10.
- Explain different types of software attacks, including race conditions, deserialization, buffer overflow, path traversal, injection attacks, and cross-site scri
- Identify common authentication and credential-based attacks such as password attacks, credential replay, and MFA fatigue.
- Explain advanced access attacks including pass-the-hash, session hijacking, privilege escalation, and compromised key attacks
- Describe exploitation techniques like jailbreaking, sideloading, trust exploits, and request forgery attacks (CSRF, SSRF)
- Recognize physical attack vectors related to authentication and access control
- Explain password hashing and the importance of salting to protect stored passwords
- Demonstrate various password cracking methods, including brute-force, dictionary, mask attacks, and password spraying
- Understand advanced cracking tools like hashcat and hydra used for account compromise
- Recognize attacks such as rainbow tables, credential stuffing, and their impact on security
- Explain common stealth techniques used by attackers, including encryption, tunneling, and obfuscation
- Describe traffic manipulation methods such as traffic fragmentation and DNS tunneling
- Identify network evasion tools like proxies, fast-flux, double-flux, and domain-flux
- Understand how Domain Generation Algorithms (DGA) enable persistent and evasive communications
- Identify common indicators of compromise (IoCs), including alerts, logs, and signs of removed evidence or disabled defenses
- Recognize behavioral signs such as resource consumption issues, system crashes, and strange communications
- Detect suspicious activities like data exfiltration, rogue devices, scans, beaconing, and unauthorized changes
- Understand account anomalies including lockouts, new accounts, concurrent sessions, and impossible travel
- Analyze other unusual system behaviors that may indicate a security breach

Requirements
- A good understanding of computers
- A good understanding of networking

Description
This course provides a comprehensive overview of cybersecurity threats, vulnerabilities, and attack methodologies, equipping learners with the knowledge to identify, analyze, and respond to adversarial tactics. We begin by exploring key concepts like threat terminology, attacker motivations, and reconnaissance techniques used to gather critical information. From there, we dive into attack methodologies, including the use of Tactics, Techniques, and Procedures (TTPs), frameworks like MITRE ATT&CK, and models such as the Cyber Kill Chain and Diamond Model of Intrusion Analysis. Through hands-on demos and exercises, learners will understand how adversaries weaponize malware, deliver attacks via social engineering, and exploit system weaknesses to gain access and maintain persistence.

The course further examines advanced attack vectors such as denial of service, spoofing, software vulnerabilities, authentication attacks, and stealth techniques used to evade detection. Learners will develop skills to recognize indicators of compromise (IoCs), analyze unusual system behaviors, and understand attack patterns and signatures. Emphasizing practical tools and demonstrations—including network scanning, password cracking, and intrusion detection—this course prepares participants to anticipate, detect, and defend against evolving cyber threats effectively.

Key components of the course include:

Define key threat and risk-related terms

Identify and describe the primary categories of hackers (white hat, gray hat, black hat) and explain their ethical boundaries

Recognize the different characteristics that define adversaries in the cybersecurity landscape, such as motivations, resources, sponsorship, and levels of sophistications

Explain the risks posed by insider threats and shadow IT and how these internal risks differ from external threats

Explain how cyber attacks are planned and carried out.

Describe Tactics, Techniques, and Procedures (TTPs) and how they reveal attacker behavior

Understand the MITRE ATT&CK framework and how it organizes attack tactics and techniques

List the steps of the Cyber Kill Chain and how it helps defend against attacks

Describe the Diamond Model of Intrusion Analysis and how it helps analyze attacks

Define what attack patterns and signatures are and how they are used to identify adversaries

Explain the purpose of reconnaissance and how attackers gather information

Describe OSINT techniques, including DNS and website reconnaissance, social media scraping, eavesdropping, and dumpster diving

Define an attack surface and how it’s analyzed to find an attack vector and vulnerabilities that will be used during an attack

Explain the concept of weaponization in cyber attacks and the role of brokers in malware distribution

Identify common types of malware, including viruses, worms, trojans, ransomware, spyware, Command and Control (C2), Remote Access Trojans (RATs), botnets, and fileless malware

Discuss enterprise-level concerns related to malware and strategies for mitigation

Explain the role of social engineering in cyber attack delivery and how trust is developed with targets

Identify and describe common social engineering methods and tactics, including impersonation, phishing variants, and physical techniques like tailgating

Recognize advanced delivery techniques such as typosquatting, domain shadowing, and business email compromise (BEC)

Understand the impact of emerging tools, including AI, on social engineering attacks

Identify common vulnerabilities across networks, protocols, hardware, software, virtualization, cloud, cryptography, humans, passwords, processes, and physical security

Explain how different vulnerabilities can be exploited individually or combined through exploit chaining

Describe techniques for network discovery, reconnaissance, and enumeration, including both wired and wireless methods

Perform basic network scanning and fingerprinting using tools like Nmap and Wireshark

Explain wiretapping and sniffing attacks and how they are used to capture network data

Understand credential harvesting and vulnerability scanning as part of the attack lifecycle

Explain the concepts of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks and their impact on network availability

Identify various types of DoS attacks, including jamming, buffer overflow, ping of death, and TCP reset attacks.

Describe network flooding attacks such as ping flood, TCP SYN flood, UDP flood, DNS flood, amplification, and reflected attacks.

Demonstrate understanding of Wi-Fi deauthentication, DHCP starvation, and rogue DHCP attacks

Understand the mechanics behind broadcast storms, directed broadcasts, and smurf attacks

Explain what Adversary-in-the-Middle (AitM) and replay attacks are, including their impact on communications

Identify various spoofing attacks, including DHCP spoofing, ARP cache poisoning, DNS cache poisoning, and evil twin attacks

Understand how these attacks manipulate network traffic and deceive systems or users

Identify common software vulnerabilities using frameworks like Common Weakness Enumeration (CWE) and OWASP Top 10.

Explain different types of software attacks, including race conditions, deserialization, buffer overflow, path traversal, injection attacks, and cross-site scripting (XSS)

Identify common authentication and credential-based attacks such as password attacks, credential replay, and MFA fatigue.

Explain advanced access attacks including pass-the-hash, session hijacking, privilege escalation, and compromised key attacks

Describe exploitation techniques like jailbreaking, sideloading, trust exploits, and request forgery attacks (CSRF, SSRF)

Recognize physical attack vectors related to authentication and access control

Explain password hashing and the importance of salting to protect stored passwords

Demonstrate various password cracking methods, including brute-force, dictionary, mask attacks, and password spraying

Understand advanced cracking tools like hashcat and hydra used for account compromise

Recognize attacks such as rainbow tables, credential stuffing, and their impact on security

Explain common stealth techniques used by attackers, including encryption, tunneling, and obfuscation

Describe traffic manipulation methods such as traffic fragmentation and DNS tunneling

Identify network evasion tools like proxies, fast-flux, double-flux, and domain-flux

Understand how Domain Generation Algorithms (DGA) enable persistent and evasive communications

Identify common indicators of compromise (IoCs), including alerts, logs, and signs of removed evidence or disabled defenses

Recognize behavioral signs such as resource consumption issues, system crashes, and strange communications

Detect suspicious activities like data exfiltration, rogue devices, scans, beaconing, and unauthorized changes

Understand account anomalies including lockouts, new accounts, concurrent sessions, and impossible travel

Analyze other unusual system behaviors that may indicate a security breach

Who Should Take this Course:

Those getting into IT

Those wanting to advance their ethical hacking skills

Those going after a certification in

CompTIA Security+

CompTIA CySA+

CompTIA Pentest+

CompTIA SecurityX

ISC2 CISSP

Cisco CBROPS

Why take the course from me?

Experience: I’ve been in the IT world since 2000, have a masters in computers, and over 20 industry standard certifications

Know how to Teach: I was trained as an instructor by the USAF, have a bachelors in education, teaching since 1997, and well over 6,000 hours of classroom instruction time.

I’ve been a hiring manager since 2010, I know what skill sets employers are looking for.

TechKnowSurge’s Unique Approach

Your instructor has training and years of experience as an educator, as a technician, and as a leader. The course implements the following features:

Microstep lectures and segmented videosthat meters learning into bite size chunks. It also makes it easy to go back and review concepts when needed.

Staged-Based Educational Modelwhere information is covered multiple times in increasing amounts of complexity. The approach helps reinforce learning and creates a knowledge and skill set less likely to fade with time.

Extensive coverage of topicsto make sure topics are explained fully

Well-organized content. A tremendous amount of effort has been placed on what order content should be delivered to maximize learning and minimizing confusion.

A focus onpedagogy. A funny name, but your instructor has a deep understanding of educational theory and what drives learning.

Module overviewsexplaining what to expect for each module and sets a mindset for why the information is important to learn.

Video intros, overviews, and summariesto explain the intention of each video, reinforce learning, and prepare you for success.

High quality and engaging videosthat use graphics, great explanations, and analogies to explain complex topics in an easy to understand way.

Real world application. Step beyond just the theory. Your instructor has real world experience and will share that with you throughout the course.

Employer insight, know what employers are looking for. Your instructor runs IT Departments and hires individuals just like you.

This well organized course will has the following modules:

Welcome and Getting Started:Prepare yourself for efficiently and successfully completing the course. You’ll get an overview of what the course is all about and what you should expect out of it.

Knowing the Adversary:This module introduces key cybersecurity concepts related to threats and adversaries. We explore essential terminology, understand attacker motivations, and examine the characteristics, resources, and objectives of various adversaries. Topics include inside threats and shadow IT, helping learners grasp the landscape of cyber threats and the factors driving attacker behavior.

Attack Methodologies:This module covers how adversaries plan and execute cyber attacks using various tactics, techniques, and procedures (TTPs). Learners explore frameworks such as MITRE ATT&CK and models like the Cyber Kill Chain and Diamond Model of Intrusion Analysis. Through practical exercises, students learn to identify attack patterns and adversary signatures, enhancing their ability to anticipate and respond to threats.

Reconnaissance and Attack Planning:Focusing on the information-gathering phase of attacks, this module covers open-source intelligence (OSINT), DNS and website reconnaissance, social media scraping, and physical tactics such as dumpster diving and eavesdropping. Learners will understand attack surfaces and how vulnerabilities are discovered through various vectors.

Weaponization and Malware:This module examines how attackers create and deploy malware as weapons in cyber attacks. It covers a wide range of malware types, including viruses, worms, trojans, ransomware, spyware, and advanced threats like fileless malware and botnets. The role of brokers in malware distribution and enterprise-level concerns are also explored.

Delivery and Social Engineering:In this module, learners study how attackers deliver malicious payloads using social engineering techniques. Topics include phishing, impersonation, business email compromise, and physical attack vectors such as tailgating and USB drops. The impact of emerging technologies like AI on social engineering tactics is also examined.

Exploitation and Vulnerabilities:This module identifies common vulnerabilities across networks, protocols, hardware, software, virtualization, cloud environments, cryptography, humans, passwords, processes, and physical security. It explains how attackers exploit these vulnerabilities—often chaining exploits to maximize impact—and covers typical attacks used to compromise systems.

Persistence and Discovery:Learners will explore techniques for network discovery, enumeration, and reconnaissance on both wired and wireless networks. This module includes hands-on demonstrations with tools such as Nmap and Wireshark, and covers attacks like wiretapping, sniffing, credential harvesting, and vulnerability scanning.

Denial of Service (DoS) Attacks:This module explains the concepts and impact of DoS and DDoS attacks. Students learn about various attack types, including jamming, buffer overflow, ping of death, and flooding attacks like TCP SYN flood and amplification. Demonstrations highlight attacks such as Wi-Fi deauthentication and DHCP starvation.

AitM and Spoofing Attacks:Focusing on interception and deception techniques, this module covers AitM, replay attacks, and spoofing attacks such as DHCP spoofing, ARP cache poisoning, DNS cache poisoning, and evil twin attacks. Learners gain insight into how these attacks manipulate network traffic to breach security.

Common Application Attacks:This module reviews common software weaknesses using the Common Weakness Enumeration (CWE) and OWASP Top 10 frameworks. Learners explore attacks like race conditions, deserialization, buffer overflows, path traversal, injection attacks, SQL injection, and cross-site scripting (XSS) through demonstrations and practical examples.

Common Access Attacks:Students examine attacks targeting authentication systems, including password and credential attacks, MFA fatigue, pass-the-hash, session hijacking, privilege escalation, jailbreaking, sideloading, and various request forgery attacks. The module also discusses physical attack vectors compromising access controls.

Password Cracking:This module covers how passwords are protected and attacked. Learners will explore password hashing, salting, and cracking methods such as brute-force, dictionary, mask attacks, and password spraying. Tools like hashcat and hydra are demonstrated alongside attacks including rainbow tables and credential stuffing.

Stealth Techniques:Students will learn about stealth techniques attackers use to avoid detection, including encryption, tunneling, obfuscation, traffic fragmentation, and DNS tunneling. The module also covers evasion tools like proxies, fast-flux, double-flux, domain-flux, and domain generation algorithms (DGA) for persistent communications.

Indicators of Compromise (IoC):This module teaches how to recognize indicators of compromise (IoCs), such as alerts, logs, removed evidence, and disabled defenses. It also covers behavioral signs like resource consumption, system crashes, strange communications, rogue devices, unauthorized account activity, and other suspicious behaviors indicating a breach.

Wrap Up:Time to wrap up the course and provide any final thoughts.

Instructor Bio

TechKnowSurge (Andrew Grimes) has been in the tech industry since 2000 and even longer as an Instructor. He started out as a Survival Instructor for the United States Air Force (USAF) in 1997. When he got out of the military, he started teaching computer classes. Wanting to advance his technical skills, he became a contractor working on a wide range of technologies while teaching technology college courses in the evening. Overtime, he became a hiring manager, director, and leader

His background includes:

Building a security program within 2 years to include becoming SOC 2 Type 2 compliant

Leading and maximizing efficiency of IT, Security, and DevOps teams

Managing SaaS company infrastructure with millions of active users

Managing small, medium, and large IT Infrastructures

Migrating technologies to the cloud

Managing multi-million dollar budgets and reducing overall budget spend year over year

Utilizing various project management techniques such as waterfall, scrum and Kanban to maximize efficiency and success

Bachelors in Workforce Education

Masters in Computer Resource and Information Management

Over 6,000 hours of teaching experience

Over 20 industry standard certifications.

Past student reviews:

“Andrew is absolutely the best instructor I've had throughout the course of my education. He is extremely knowledgeable when it comes to all things network and IT-related. Because of the education he provided, I am now working in the network engineering field, and I could not have done it without his expert guidance.” ~Michael B.

“Andrew was hands down my favorite instructor since enrolling” “He has great skills as an instructor, and I've learned a lot from his classes.” ~Jeff S.

“As an instructor, he is thorough, articulate, patient and positive. He genuinely cares that his students fully comprehend the curriculum. I have a great deal of respect for Andrew. I can't recommend him highly enough.” ~Dan H.

“I found Andrew to be one of the best Instructors” “He presents the information with real world applications, which helped to reinforce the concepts presented in the Cisco Certification track.” “I am truely thankful to have had him as my teacher.” ~Dan M.

“Andrew is very knowledgeable and brings his practical business experience with him. He expresses himself very well and treats everyone with respect. He explains very complicated concepts in a manner that is easy to understand.” “It is without reservation that I would recommend Andrew as a business professional and/or teacher.” ~Adam C.

“Andrew is an excellent instructor and more.” “Andrew is the kind of teacher that you never forget.” ~ William C.

“Andrew Grimes is a first rate instructor who genuinely cares about the success of his students. I was fortunate to have Andrew as my instructor.” “I highly recommend Andrew as an instructor and IT professional.” ~Paul C.

“Andrew is a great instructor who really cares whether his students grasp the concepts he teaches. He has a passion for teaching that many couldn't muster.” ~Patrick R.

“He was a great teacher and I would gladly take a class under him again.” ~Joshua R.

“…his style of teaching is accommodating for any level, that a student is starting off at, either beginning or advance in IT world.” ~Paul W.

“He fosters a multidimensional environment of learning in which students of diverse abilities excel.” ~Mark B

“Andrew Grimes was a great Data Networks and Telecommunications Instructor.” “I would highly recommend him to any who desires to further their education.” ~ Tommy S.

Who this course is for:
- Those getting into IT
- Those wanting to advance their ethical hacking skills
- Those going after a certification in CompTIA Security+
- Those going after a certification in CompTIA CySA+
- Those going after a certification in CompTIA Pentest+
- Those going after a certification in CompTIA SecurityX
- Those going after a certification in ISC2 CISSP
- Those going after a certification in Cisco CBROPS
More Info