90% off

Weekly

$12.99/wk

Monthly

$19.99/mo

Save 80%

Yearly

$199.99/yr

Lifetime

$199.99

This course only · lifetime access

Buy lifetime access → Add to cart

Earn a Certificate of CompletionShareable on LinkedIn & resumes.

30-day money-back guarantee

For organizations

Upskill your entire team.

Get AI-certified with Mammoth Club. Volume pricing, SSO, and admin tools included.

For teams of 5 or more users
Access to all 3,000+ Mammoth Club courses
Learning engagement tools
Team progress tracking & analytics
SSO and LMS integration

Get started with Teams →

Talk to us about volume pricing

Catalog / All levels / OffSec Defense Analyst (OSDA) Certification with 10 Practice Exams

Mammoth Club All levels 26 sections 58 lectures

OffSec Defense Analyst (OSDA) Certification with 10 Practice Exams

An attacker's campaign is a series of seemingly unrelated events: a log entry here, a network connection there. The OffSec Defense Analyst is the one who connects the dots. This program teaches you to see the full picture by analyzing the evidence an attacker leaves behind.

Created by Team Mammoth

Skill level

All levels

Sections

Lectures

Instructor

Team Mammoth

What's inside

This course includes.

✓

Sections

✓

Lectures

✓

Quizzes

✓

Certificate of completion

Included

✓

Mobile and desktop access

Included

✓

AI learning assistance

Included

Unlock all courses with our Subscription Bundle! Get unlimited access to entire course library, books and assets. Learn more and subscribe today!

Course content

Curriculum & lectures.

16 sections · 48 lectures

+ Section 1: Attack Methodology (Domain 1) 4 lectures

Lecture 1.00: Introduction Locked

Lecture 1.01: Enterprise Network Architecture and DMZ Locked

Lecture 1.02: Cyber Kill Chain and Attack Phases Locked

Lecture 1.03: MITRE ATT&CK Framework for TTP Mapping Locked

+ Section 2: Windows Endpoint Introduction (Domain 2) 3 lectures

Lecture 2.01: Windows Processes and Sysmon Locked

Lecture 2.02: Windows Registry and System Artifacts Locked

Lecture 2.03: Windows Scripting and PowerShell Logging Locked

+ Section 3: Windows Server-Side Attacks (Domain 3) 4 lectures

Lecture 3.01: SMB and Windows Admin Share Exploitation Locked

Lecture 3.02: RDP and Remote Authentication Attacks Locked

Lecture 3.03: IIS Web Server and Web Application Attacks Locked

Lecture 3.04: Windows Binary Exploitation and Exploit Guard Locked

+ Section 4: Windows Client-Side Attacks (Domain 4) 3 lectures

Lecture 4.01: Browser-Based Attacks Locked

Lecture 4.02: Office File and Macro Attacks Locked

Lecture 4.03: PowerShell Abuse and Logging (Client Side) Locked

+ Section 5: Windows Privilege Escalation (Domain 5) 2 lectures

Lecture 5.01: User Rights and UAC Bypass Locked

Lecture 5.02: Service Abuse and Unquoted Path Escalation Locked

+ Section 6: Windows Persistence (Domain 6) 3 lectures

Lecture 6.01: Disk-Based Persistence – Services and Tasks Locked

Lecture 6.02: DLL Sideloading and Hijacking Locked

Lecture 6.03: Registry-Based Persistence Locked

+ Section 7: Linux Endpoint Introduction (Domain 7) 2 lectures

Lecture 7.01: Linux Logging and Daemon Processes Locked

Lecture 7.02: Automating Log Analysis with Python and DevOps Tools Locked

+ Section 8: Linux Server-Side Attacks (Domain 8) 3 lectures

Lecture 8.01: Linux Credential Abuse and SSH Attacks Locked

Lecture 8.02: Linux Web Application Server Attacks (LFI, SQLi) Locked

Lecture 8.03: Linux Privilege Escalation Detection Locked

+ Section 9: Network Detections (Domain 9) 4 lectures

Lecture 9.01: Intrusion Detection Systems (Signature vs Anomaly) Locked

Lecture 9.02: Detecting Known Vulnerability Exploits Locked

Lecture 9.03: Detecting Unknown Threats (Heuristic/Anomaly) Locked

Lecture 9.04: Command-and-Control and Lateral Network Communications Locked

+ Section 10: Antivirus Alerts and Evasion (Domain 10) 2 lectures

Lecture 10.01: Signature, Heuristic, and Behavioral Detection Locked

Lecture 10.02: Windows AMSI and Malware Evasion Locked

+ Section 11: Network Evasion and Tunneling (Domain 11) 3 lectures

Lecture 11.01: Network Segmentation and Zero Trust Locked

Lecture 11.02: Egress Filtering and Busting Locked

Lecture 11.03: Port Forwarding and Tunneling Detection Locked

+ Section 12: Active Directory Enumeration (Domain 12) 2 lectures

Lecture 12.01: LDAP and PowerView-Based Enumeration Locked

Lecture 12.02: Detecting AD Reconnaissance Locked

+ Section 13: Windows Lateral Movement (Domain 13) 2 lectures

Lecture 13.01: NTLM Abuse – Pass-the-Hash and Brute Force Locked

Lecture 13.02: Kerberos Attacks – Pass-the-Ticket and Kerberoasting Locked

+ Section 14: Active Directory Persistence (Domain 14) 2 lectures

Lecture 14.01: Golden Tickets and Kerberos Backdoors Locked

Lecture 14.02: SID History and Account Persistence Locked

+ Section 15: SIEM Part One – Building an ELK SIEM (Domain 15) 4 lectures

Lecture 15.01: SIEM Architecture and Data Collection Locked

Lecture 15.02: Setting Up Log Ingestion (Elastic Beats and Logstash) Locked

Lecture 15.03: Indexing and Normalizing Security Data Locked

Lecture 15.04: Building Alerts, Dashboards, and Cases Locked

+ Section 16: SIEM Part Two – Operationalizing Your SIEM (Domain 16) 5 lectures

Lecture 16.01: Phase One – Web Server Initial Compromise Locked

Lecture 16.02: Phase Two – Lateral Movement to Application Server Locked

Lecture 16.03: Phase Three – Persistence and Privilege Escalation on Application Server Locked

Lecture 16.04: Phase Four – Domain Controller Actions and Cleanup Locked

Lecture 16.05: Conclusion Locked

Description

About this course.

Learn to deconstruct cyber-attacks by performing deep analysis of network traffic, endpoint logs, and malware artifacts to identify attacker Tactics, Techniques, and Procedures (TTPs).

✅ Master the art of log analysis, correlating events from various sources like firewalls, web servers, and operating systems to build an attack timeline.

✅ Learn to dissect packet captures (PCAP) to identify malicious communications, command-and-control (C2) channels, and data exfiltration.

✅ Analyze filesystem and memory artifacts from compromised Windows and Linux endpoints to uncover persistence mechanisms and user activity.

✅ Perform basic static and dynamic analysis of malware samples to understand their capabilities and extract critical indicators of compromise (IOCs).

This program is for blue team members, including SOC analysts and junior incident responders, who want to move beyond triaging alerts and develop deep analytical skills.

🎁 Includes 10 Practice Exam. Analyze the evidence. Reconstruct the attack. Uncover the truth.

In cybersecurity, knowledge is power. If you're ready to become the analyst who provides that knowledge and turns data into defense, this is your analyst's handbook.