PRAGUE 22 - 23 September, 2021
Recording 2020Register 2021
  • About
    • About QuBit Conference Prague
    • About QuBit Conference
    • Contact us
  • Program
    • Agenda 2020
    • Call For Speakers Prague 2021
    • Speaking Bureau
    • CPE & ECE
  • Sponsors
  • Networking
  • Venue
  • Past events
    • QuBit Conference Prague 2020
    • QuBit Conference Prague 2019
    • QuBit Conference Prague 2018
    • QuBit Conference Prague 2017
    • QuBit Conference Prague 2016
    • QuBit Conference Prague 2015
  • About
    • About QuBit Conference Prague
    • About QuBit Conference
    • Contact us
  • Program
    • Agenda 2020
    • Call For Speakers Prague 2021
    • Speaking Bureau
    • CPE & ECE
  • Sponsors
  • Networking
  • Venue
  • Past events
    • QuBit Conference Prague 2020
    • QuBit Conference Prague 2019
    • QuBit Conference Prague 2018
    • QuBit Conference Prague 2017
    • QuBit Conference Prague 2016
    • QuBit Conference Prague 2015
Threat Hunting

Threat Hunting

TRAINER: Lukas Hlavicka

Director of Digital Forensic & Incident Response Department, LIFARS

TARGET AUDIENCE:

  • Incident handlers
  • Forensics analysts
  • Malware analysts
  • Security specialists with technical skills

PREREQUISITES:

The participants should:

  • Be familiar with Windows PowerShell (beginner level)
  • Have a little bit experience with Windows Forensics
  • Bring a Windows laptop with at least 16GB of RAM, 100 GB of free space on HDD/SSD and installed VirtualBox 64-bit edition. VMWare should be also fine; however, it is not fully tested with our environment.

Threat Hunting
Windows hosts

22 September 2020 | BRATISLAVA

Chosen chapters from threat hunting were built to accelerate transition from reactive security operations to proactive security operations. In this course you learn how to proactively detect attackers in Windows environment in a network and find basic sets of evidence of their presence.

Description: 

Incidents happen. The question is not whether, but when. Maybe next month. Maybe next week.  Maybe today. Or… is it already happened? It is better to be prepared for these situations in advance. Use proactive approach and detect security breach early. Then take containment action and remediate the incident.

During this training the participants will see most common techniques used by attackers when they got access to the victim network – we will introduce adversary tactics and techniques based on real-world observations. The participants will see various post-exploitation scenarios, including information gathering and data collection, communication with command and control servers, credential dumping and privilege escalation, internal network reconnaissance and lateral movement, achieving persistency and defense evasion.

Moreover, we will focus to detection of introduced techniques and attacker presence in the network. The participants will have an opportunity to get hands-on experiences with tools and procedures for searching and investigating the network and endpoints to detect and isolate these advanced threats.

Learning objectives: 

  • Identify necessary sources of data needed for threat hunting
  • Learn how to use comprehensive set of tools tactics and procedures for systematical threat hunting

What should you take from this training:

Extension of your professional skills as a security specialist to threat hunting, know the difference between forensics and threat hunting and obtain a mindset of threat hunter as opposite from standard security operations

Course structure

  1. Threat hunting vs. Digital Forensics Analysis
  2. Threat hunting process in Windows host
  3. Attack vectors / TTP of Attacker – case studies
  4. Persistence mechanisms of attackers/ malware and their detection
  5. Security model of Windows systems / Authentication / GPO and common vulnerabilities
  6. Types of lateral movements and detection possibilities
  7. Windows Logging and auditing capabilities, use cases and setup guides
  8. IOC in standard attacks, where to find them and how to interpret them
  9. Automating detection of IOC in multiple hosts with / without domain
  10. Sniper threat hunting forensics in Windows environment

This will be a technical training 

Course level: Intermediate to professional

Duration: 8 hours including lunch break and two 15-minutes coffee breaks

Number of attendees: Up to 20 attendees

Register for training

QUBIT CONFERENCE
PRAGUE | 21

WANT TO STAY INFORMED?

Get conference email updates




SECURE PAYMENT
© 2013-2020 QuBit Conference, The Universe of Cyber Security -  Privacy Policy -  Privacy Policy in Slovak language -  Terms & Conditions