Perched | Security Education, Consulting, and Support
Security Solutions
ThreatHuntingCourse.jpg

Training Courses

[Archived] Threat Hunting with the Elastic Stack, June 17 - 21

[Archived] Threat Hunting with the Elastic Stack, June 17 - 21

2,800.00

You are viewing an archived event. Please continue to our current event: Threat Hunting with the Elastic Stack, July 22 - 26 in Hawaii

This 5-day instructor-led and lab-intensive course is designed for threat hunting Analysts and Operators that currently use, or are interested in using, the Elastic Stack to hunt for adversaries in network and endpoint data.

Seating is limited, registration in advance is required

sold out
Register Now

Description

This instructor-led and lab-intensive course, is designed for threat hunting Analysts and Operators that currently use, or are interested in using, the Elastic Stack to hunt for adversaries in network and endpoint data.

After completing each module, you will apply what you have learned in a series of hands-on labs. The coursework culminates in a full-day capstone event in which the students will perform a series of increasingly difficult hunting operations using endpoint and network data. This capstone leverages a Capture The Flag (CTF) platform that provides real-time scoring and a feedback loop for the students. This capstone is instructor assisted to ensure that no students are left behind.

By the end of the training, you will be able to use the Elastic Stack to analyze endpoint network traffic and catch bad actors.

Training Itinerary

Day 1 – Threat Hunting Foundations

There is a common problem in technology education, in that many skills require so much prior knowledge, that it's difficult to know where to even begin teaching a skill or concept. All of these nested skills quickly pile up and can often make training overwhelming for the student. The Threat Hunting Foundations module solves this problem by teaching in a way that builds incrementally with each day laying the groundwork that will flow into the next higher concept.

Day 2 – Network Threat Hunting Platforms and Operation

Network data analysis will focus on leveraging the Zeek (formerly Bro) protocol analyzer to collect metadata and the Suricata Intrusion Detection System (IDS) to collect flow data. We will use the open source network security monitoring (NSM) solution, RockNSM, to perform the network threat hunting.

Day 3 – Threat Hunting on the Endpoint

Endpoints contain some of the most difficult types of data to analyze and correlate. Endpoint data, including system logs and activity, will be collected using a combination of Elastic Beats and Powershell. We will also be using GRR Rapid Response to collect volatile artifacts and forensic evidence.

Day 4 – Collecting and Visualizing Threat Data with the Elastic Stack

Once the network and endpoint data is collected, we’ll use the Elastic Stack to explore, visualize, and operationalize this data with a threat hunting contextual lens.

Day 5 – Assisted Hunt Scenarios

This course capstone is designed to walk an operator through 5 progressively harder individual and team-based intrusion campaigns designed to expand their understanding of the hunt tools and techniques.

Instructors

Sean Cochran

Sean is the Lead Instructor at Perched.  He has 9 years experience solving all manner of technical problems and has spent the last 5 years as a Cyber Incident Response Analyst. Sean's goal is twofold: protecting our nation by designing the curriculum that makes complex infosec concepts approachable to all experience levels and delivering that content in a practical and time relevant way. When he's not building something he's usually tearing something apart. Sean is the creator of the Foundations course.

Brandon DeVault

Brandon is an Instructor at Perched. He is currently a member of the Air National Guard in Florida assigned to an Air Operations Center Mission Defense Team. Brandon is the creator of the Endpoint module.

Johnathon Hall

Johnathon is a Senior Solutions Engineer at Perched. Prior to that he worked as a Senior Cyber Security Analyst at Strategic Staffing Solutions and spent more than six years serving in the U.S. Navy as a Network Cyber Security Defense Analyst. Johnathon is the creator of the network, visualizations, and hunt CTF courses.


Perched reserves the right to cancel or modify the training, dates, or location as necessary. In the event of any changes, registered attendees will be notified and given the opportunity to receive a refund.

Location

All training will be via virtual classroom

All necessary instructions, software, and labs will be provided to students.

Daily Schedule

Times are in CST.

9:00 AM - 10:30 AM
Course Content & Instruction

10:30 AM - 11:00 AM
Morning Break & Networking

11:00 AM - 12:30 PM
Course Content and Instruction

12:30 PM - 1:30 PM
Lunch

1:30 PM - 2:30 PM
Course Content & Instruction

2:30 PM - 3:00 PM
Afternoon Break & Networking

3:00 PM - 4:30 PM
Course Content & Instruction