+91-9999508202 training@codefensive.com

Cyber Threat Hunting Training

Beginner • Advanced

cyber threat hunting training

Overview

The Cyber Threat Hunting training program is designed to equip IT security specialists with the necessary mindset and skills to identify and hunt down cyber threats proactively. Whether you’re on the blue, red, or purple team, having a comprehensive understanding of threat investigation and intelligence is crucial to becoming a complete IT security expert.

In this training program, participants will gain valuable knowledge and hands-on experience in threat hunting by solving a real-world APT attack case. The program is designed to help IT security professionals become advanced threat hunters who can effectively detect and respond to threats.

If you’ve ever felt paralyzed by not knowing what to look for next, struggled to dissect attacks and derive hunting strategies from them, or have a mountain of data but don’t know which techniques to use to spot anomalies, then the Cyber Threat Hunting Training program is for you. The program is also beneficial for those who want to add threat hunting capabilities to their security team but don’t know how to get buy-in from management or prove its value.

In this training program, participants will learn how to approach threats as per APT timeline and gain a deeper understanding of various threat hunting techniques. By the end of the program, participants will be equipped with the necessary skills to become advanced threat hunters and take their IT security expertise to the next level.

What You’ll Learn

  • Threat Hunting Frameworks and Models
  • Windows Exploitation and privilege Escalation Hunting
  • Active Directory Attacks Investigations
  • Live Evidence Based Threat Hunting
  • Memory Investigations for Threat Hunters
  • Network Threat Hunting
  • Finding evil in the Logs
  • SIEM For Threat Hunters 

Training Modules

Cyber threat hunting foundations
  • The process of Investigation
  • Where threat hunting Fits in and Defined
  • Incident Response & Threat Hunting relationship
  • Threat Hunting Teams
  • Tactics, Techniques, and Procedures
  • Cyber Kill Chain Model
  • Diamond Model
  • Understanding TTP with MITRE ATT&CK 
  • Align MITRE ATT&CK tactics to collect threat intel about the adversaries .
  • Developing Threat hunting In-house live lab 
  • Training APT case – An enterprise adversary attack-based scenario and details will be used in this training.
Live Machine and Memory Threat Hunting
  • Infected Environment isolation
  • Malware Persistence Detection and Analysis
  • Scaling Data Collection and Analysis Across the Enterprises
  • Finding and Analyzing Malicious WMI attacks
  • Live memory acquisition
  • Acquisition from multiple sites
  • Shimcache and Amcache anatomy for threat hunters
  • Shellbags for Threat hunters
  • Ntuser.dat and Usrclass.dat for threat hunting
  • MFT and MRU for threat hunters
  • APT hunting in memory in depth
  • APT case mind map with live examination
  • Identify Rogue Processes and services
  • Analyze Process DLLs and Handles
  • Review Network Artifacts
  • Look for Evidence of Code Injection
  • Acquire Suspicious Processes and Drivers
  • Advanced Memory Analysis with Volatility
  • Webshell Detection Via Process Tree Analysis
  • Code Injection, Malware, and Rootkit Hunting in Memory
  • Windows Management instrumetation  and PowerShell Process intrusions
  • Extract Memory-Resident Adversary Command Lines
  • Hunting Malware Using Comparison Baseline Systems
  • Find and Dump Cached Files from RAM for hunting the APT
Hunting Windows Exploitation and Post-Exploitation techniques
  • Mind mapping how to identify compromised machines
  • Finding  persistent Malware beacons
  • Sophisticated malwares analogy – LOLBAS
  • Identifying  the system attacks
    • AutoStart Locations, RunKeys
    • Service Creation/Replacement
    • Service Failure Recovery
    • Scheduled Tasks
    • DLL Hijacking Attacks
    • PowerShell events
    • PowerShell Remoting basics
    • Kansa for PowerShell investigations
Active Directory Attacks Investigations
  • Identifying and Understanding the Active directory attacks –
    • Pass the Hash 
    • Credential Attacks with Mimikatz
    • Token Stealing 
    • Cached Credentials and LSA Secrets 
    • Kerberos Attacks 
    • Golden Tickets and DCSync 
    • NTDS.DIT theft
    • Bloodhound analysis
    • Common dumping tools
    • Common Hiding and Persistence Mechanisms
  • Compromising Credentials Techniques
  • Remote Desktop Services Misuse
  • Windows Admin Share Abuse
  • PsExec and Cobalt Strike Beacon PsExec Activity
  • RMI Tool and Techniques
  • PowerShell Remoting/WMIC Hacking
  • Cobalt Strike Lateral Movements
  • Software Exploitation detections
  • Command-Line Analysis and WMI Activity Logging
  • PowerShell Script Block Logging
  • Discovering Cobalt Strike beacon PowerShell Import Activity
  • Detecting PowerShell Injection from Cobalt Strike, Metasploit, and Empire
  • PowerShell Script Obfuscation
Log Analysis and Rouge Detections
  • Profiling Account Usage and Logons
  • Tracking and Hunting Lateral Movement
  • Identifying Suspicious Services 
  • Identifying new accounts creation and activities
  • Detecting Rogue Application Installation
  • Finding Malware Execution and Process Tracking
  • Capturing Command Lines and Scripts in logs
  • Anti-Forensics and Event Log Clearing detections
Network Threat Hunting Primer
  • ARP traffic Investigation
  • ICMP traffic hunting
  • TCP and UDP wide analysis
  • DHCP and DNS examine
  • HTTP and HTTPS traffic suspects
  • Hunting Internal Corporate Threats
  • Investigating Network attacks & correlating Forensics evidences
  • RSA Net Witness for threat hunters
  • Investigating traffic with Security Onion and ELK.
  • Investigating network traffic with OSQuery
SOC Tools for Threat Hunting
  • Role of Sysmon / Deepblue-cli in threat hunting
  • YARA and SIGMA for threat hunting 
  • Cuckoo Sandbox for threat hunters
  • SPLUNK Enterprise for threat hunter
  • WAZUH SIEM for threat hunters
  • Security Onion-101 for threat hunters
  • MISP / OpenCTI -101 for threat hunters
  • Greylog and Greynoise -101 For threat hunters
  • Conitinuous Improvement with automation
Who Can Apply For The Cyber Threat Hunting Training ?
  • Individuals possessing a bachelor’s degree and a keen interest in cultivating advanced proficiencies in Threat Hunting.
  • Professionals aspiring for career progression within the realm of Threat Hunting Domain.
  • Individuals with a bachelor’s degree in an IT-related discipline who seek to shift their focus towards the Security Operations Center (SOC) team.
  • IT Managers aiming to enhance their expertise in SOC technical tactics through upskilling.
  • Members of the Blue team dedicated to refining and augmenting their existing skill set.
Training Delivery Details

On-Demand Live Training

Join virtual Codefensive training experience, right from the comfort of your own home! Our industry-leading instructors will deliver interactive courses via live stream, giving you the ultimate in cybersecurity education. Following each class, you’ll have the opportunity to enjoy a keynote from top industry professionals. Choose the ultimate in cybersecurity education and join us today!

Self-Paced Training

Self-paced, the ultimate in flexible cybersecurity learning! With unlimited access to your training, you can learn at your own pace, wherever and whenever it’s convenient for you. Our program includes all labs, exercises, and live support from Codefensive subject matter experts to ensure your success. Join us now to take control of your cybersecurity education!

Prerequisites
Basics of Computer Networks
Basics of Cyber Security
Basics of SOC operations

Ready to Get Started?

Book an free consultation and Join the right training for you .