This instructor-led course is designed for Operators and Analysts that serve or are interested in serving as part of a Hunt team. This course focuses primarily on the best of breed open source security tools, but the knowledge gained aims to be tool agnostic.
The student will start with a discussion of operations process models, to provide a big picture roadmap of “putting it all together”. The remainder of the course will multiple threat scenarios.
This is a lab-intensive course. After a discussion of each topic, you will apply the new knowledge to a provided data sample, followed by a class discussion of what worked and what didn’t.
Cybersecurity Operators and Analysts who need to work as part of a Hunt team. .
2 Days | 8 hours per day
While there are no prerequisites for this course, completion of the Perched Foundations and Operators courses are highly recommended.
Mac, Linux, or Windows
A modern web browser
An OpenSSH-compatible secure-shell client
Virtualization platform (VMWare, VirtualBox, etc.) [optional]
Selecting the Right Tool
When to Dig Deeper
Incident Response operations
Challenge: Find the Beacons (beginner)
Challenge: Find the Beacons (advanced)
Challenge: Enemy Objectives
Challenge: Applying the Kill Chain
Challenge: Full-Spectrum Adversary Detection