Perched | Security Education, Consulting, and Support
Security Solutions

Perched Hunt

Perched Hunt


This instructor-led course is designed for Operators and Analysts that serve or are interested in serving as part of a Hunt team. This course focuses primarily on the best of breed open source security tools, but the knowledge gained aims to be tool agnostic.

The student will start with a discussion of operations process models, to provide a big picture roadmap of “putting it all together”. The remainder of the course will multiple threat scenarios.

This is a lab-intensive course. After a discussion of each topic, you will apply the new knowledge to a provided data sample, followed by a class discussion of what worked and what didn’t.


Cybersecurity Operators and Analysts who need to work as part of a Hunt team. .


2 Days | 8 hours per day


While there are no prerequisites for this course, completion of the Perched Foundations and Operators courses are highly recommended.


  • Mac, Linux, or Windows

  • A modern web browser

  • An OpenSSH-compatible secure-shell client

  • Virtualization platform (VMWare, VirtualBox, etc.) [optional]


Day 1

Hunt Preparation

  • Selecting the Right Tool

  • When to Dig Deeper

  • Incident Response operations

Individual Hunt

  • Challenge: Find the Beacons (beginner)

  • Challenge: Find the Beacons (advanced)

  • Group Review


Day 2

Team Hunt

  • Challenge: Enemy Objectives

  • Challenge: Applying the Kill Chain

  • Challenge: Full-Spectrum Adversary Detection

  • Group Review