Virtual training
Targeted Threat Hunting
Incidents happen. The question is when. And maybe even better question is not when it will happen, but what if it has already happened. The attack could be stealthy and undetected yet. However, we can assume that the attack is still ongoing. Now, with this mindset, lets focus on our possibilities. How we can detect the attack and verify our hypothesis? The answer is Threat Hunting.
Probably there are some reasons why we could be targeted by the specific threat actors. We can analyse the threat landscape and learn about our enemies, because our enemies are aware of us – they already started with their reconnaissance. So, we can leverage the Threat Intelligence to speedup our Threat Hunting. We can target the specific threats relevant in our context to be more specific and bring even more precision to our hunting.
This instructor-led training we will cover the necessary theory, but we will mostly focus on practise and hands-on exercises. We will take steps to prepare for the Threat Hunting such as sharpen our detection techniques based on host and network artifacts. Then, we should be able to detect the attacker’s footprint in the (lab) environment, putting the traces together and investigate the (simulated) cyber attack.
KEY TAKEAWAYS
During the training, we will:
- discuss various Threat Hunting approaches and strategies
- introduce Threat Intelligence basics
- collect and prepare Indicators of Compromise and detection signatures
- detect host-based and network-based intrusions
- perform targeted Threat Hunting based on relevant Threat Intelligence data
More info about training
DATE
14 June 2022 (Virtual, Webex/MS Teams)
9:00 – 14:00 (5 hours including small breaks)
TARGET AUDIENCE:
- Security Specialists
- Incident Responders
- Blue Teamers
- SOC Analysts
- Forensic
- Investigators
- Malware Analysts
PRE-REQUISITES:
The participants should:
- be familiar with Windows OS
- be familiar with Linux OS (basic Linux knowledge is sufficient)
- have a computer with at least 16 GB of RAM, 40 GB of free space on HDD/SSD and installed VirtualBox (64-bit edition)
- have an active unfiltered network connection
- lab virtual machines and training data will be provided in advance
- during training we will use several online resources and cloud services