Table of Contents
In today’s cybersecurity landscape, it isn’t possible to prevent every attack. Threat hunting is the proactive technique that focuses on pursuing attacks and the evidence that attackers leave behind when they patrol an attack using malware or expose sensitive data.
The process is important and is based on thinking that the attacker has already managed to infiltrate and test everything possible to detect intrusion earlier to stop them before intruders can carry out their attacks and exploit them illegally.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories,
- Self-work at home between lessons,
- Repetition of materials, self-learning, performing tasks, etc …
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium system
This course targets people with networking knowledge who want to acquire the threat hunting capabilities to protect their organization better. Primarily:
- Security Testers
- Cybersecurity consultants
- Red Team specialists
- White hat hackers (Ethical Hackers)
- Identify and create intelligence requirements through practices
Generate threat intelligence to detect and respond
Learn the different sources to collect adversary data
Create Indicators of Compromise (IOCs)
In this module, students will learn about techniques and procedures necessary to effectively hunt, detect, and contain various adversaries and minimize incidents.
- Intrusion Analysis
Phases of Threat Intelligence
Phases of the Intrusion Kill Chain
Understanding MITRE ATT&CK
Identifying Intrusions in Logs
Creating Automation for Notification of Malicious Activity
Analyzing Network-Based Tools Logs
Analyzing Host-Based Tools Logs
- Memory Forensics
Malicious Document Analysis
Students will use practical tools to collect data throughout this module. Students will deepen their understanding of various information sources.
Parsing Relevant Data Techniques
Tracking Network Traffic
Malware Analysis Data Bases
Intrusion Key Indicators
Domain Data Collection
Open-Source Intelligence Tools
During this module, students will be creating tool automation to take threat intelligence to a higher level. Students will understand how to use their knowledge and maximize the use of different filtering and customization options for searching.
Working with YARA
Automating Malware Analysis
Extracting and Analysing Honeypots Logs
- Domain Automation
Checking Key Indicators Inside Domains
Creating Your Indicators
Tactical Intelligence Tools
Operational Intelligence Tools
- Lab 1 Security Procedures
- Lab 2 Setting your Domain
- Lab 3 Identifying Attacks
- Lab 4 Analyzing C&C Communications
- Lab 5 Reversing Malware Network Behavior
- Lab 6 Analyzing Network Attacks
- Lab 7 Working with CVE
- Lab 8 Working with Firewalls
- Lab 9 IPv6 Security
- Lab 10 IDS Configurations
- Lab 11 Honeypots
- Lab 12 Securing Linux
- Lab 13 Securing Windows
Real Cases Studies
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberarena
- In situe classroom with proctored labs and scenarios executed in our Cyberarena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.
This course prepares the participant to the following certification:
- GCED (SANS)
- CySA+ (CompTIA)
- Security+ (CompTIA)
- GISP (SANS), GISF (SANS)
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic