For direct assistance contact us! +91-9999508202 [email protected]

AdvanceD Threat Hunting Professional

Advanced Threat Hunting professional training will prepare your mindset for overall threat identification and hunting capabilities . No matter which side you are either blue, red, or purple, a decent understanding of Threat investigation and Threat Intelligence is vital if you want to be a complete IT Security Expert. You cannot be a professional defender without enough knowledge of attacking techniques. The same goes for penetration testers too. The Advanced Threat Hunting  professional course is designed to upgrade IT security specialists with the abilities necessary to hunt for threats proactively and become an advance threat hunter.  

In This training we will solve an APT real world attack case and its complete detection with multiple phases of threat hunting . 

Advanced Threat Hunting Professional Training  is for you if

  • You’ve ever sat at a screen feeling paralyzed by not knowing what to look for next.
  • You’ve always wanted to find evil on your network without alerts, but don’t know how to approach it.
  • You struggle to dissect attacks and derive hunting strategies from them.
  • You have a mountain of data at your disposal but don’t know which techniques are best suited for gaining the necessary perspective over it to spot anomalies.
  • You want to add threat hunting capabilities to your security team but don’t know how to get buy-in from management or prove just how valuable it can be.
  • How to approach the threats as per APT timeline 


Advanced Threat hunting professional









Advanced Threat Hunting Professional- THE2121 1
  • The process of Investigation
  • Where threat hunting Fits in, and Defined
  • Incident Response & Threat Hunting relationship
  • Threat Hunting Teams
  • Corproate APT case – An enterprise attack based scenario for training

Note –  this  course will be based on the enterprise APT attack case

Advanced Threat Hunting Professional- THE2121 2
  • Tactics, Techniques, and Procedures
  • Cyber Kill Chain Model
  • Diamond Model
  • Understanding TTP with MITRE ATT&CK 
Advanced Threat Hunting Professional- THE2121 2
module 3 : THREAT HUNTING - Identification and attack maps
  • Advanced Persistent Threats
  • how to identify Compromised machines
  • Finding  persistent Malware beacons
  • Sophisticated malwares analogy – LOLBAS
  • Understanding system attacks –
    • AutoStart Locations, RunKeys
    • Service Creation/Replacement
    • Service Failure Recovery
    • Scheduled Tasks
    • DLL Hijacking Attacks
    • Powershell events
    • PowerShell Remoting basics
    • Kansa for powershell
  • Understanding attacks –
    • Pass the Hash 
    • Credential Attacks with Mimikatz
    • Token Stealing 
    • Cached Credentials 
    • LSA Secrets 
    • Kerberos Attacks 
    • Golden Tickets 
    • Kerberoasting 
    • DCSync 
    • NTDS.DIT theft
    • Bloodhound analysis
    • Common dumping tools
  • Common Hiding and Persistence Mechanisms
Advanced Threat Hunting Professional- THE2121 4
module 4 : Threat hunting with Log and memory Analysis
  • Compromising Credentials Techniques
  • Remote Desktop Services Misuse
  • Windows Admin Share Abuse
  • PsExec and Cobalt Strike Beacon PsExec Activity
  • Windows Remote Management Tool Techniques
  • PowerShell Remoting/WMIC Hacking
  • Cobalt Strike Lateral Movement and Credential Use
  • Software Vulnerability Exploitation detections
  • Command-Line Analysis and WMI Activity Logging
  • PowerShell Transcript and ScriptBlock Logging
  • Discovering Cobalt Strike beacon PowerShell Import Activity
  • Detecting PowerShell Injection from Cobalt Strike, Metasploit, and Empire
  • PowerShell Script Obfuscation

Log Analysis for Incident Responders and Hunters

  • Profiling Account Usage and Logons
  • Tracking and Hunting Lateral Movement
  • Identifying Suspicious Services
  • Detecting Rogue Application Installation
  • Finding Malware Execution and Process Tracking
  • Capturing Command Lines and Scripts
  • Anti-Forensics and Event Log Clearing

Memory Forensics Analysis Process for threat Hunting

  • Understanding Common Windows Services and Processes
  • Identify Rogue Processes
  • Analyze Process DLLs and Handles
  • Review Network Artifacts
  • Look for Evidence of Code Injection
  • Check for Signs of a Rootkit
  • Acquire Suspicious Processes and Drivers

Memory Forensics for threat hunting

  • Live Memory Forensics
  • Advanced Memory Analysis with Volatility
  • Webshell Detection Via Process Tree Analysis
  • Code Injection, Malware, and Rootkit Hunting in Memory
  • WMI and PowerShe Process intrusions
  • Extract Memory-Resident Adversary Command Lines
  • Investigate Windows Services
  • Hunting Malware Using Comparison Baseline Systems
  • Find and Dump Cached Files from RAM 



Advanced Threat Hunting Professional- THE2121 5
module 5 : Advanced THREAT Hunting - Live examinations
  • Infected Environment isolation
  • Malware Persistence Detection and Analysis
  • Scaling Data Collection and Analysis Across the Enterprises
  • Finding and Analyzing Malicious WMI attacks
  • Live memoery aquasition
  • Acuquasition from multiple sites
  • Shimcache and amcache anatomy for threat hunters
  • Shellbags for Threat hunters
  • Ntuser.dat and Usrclass.dat for threat hunting
  • MFT and MRU for threat hunters
  • APT hunting in memory in depth
  • APT case mind map with live exmination
Advanced Threat Hunting Professional- THE2121 6
  • ARP traffic Investigation
  • ICMP traffic hunting
  • TCP and UDP analysis
  • DHCP and DNS examine
  • HTTP and HTTPS traffic suspects
  • Hunting Internal Corporate Threats
  • Network Hunting & Forensics
  • RSA Net Witness Investigator
  • Security onion for Threat hunters
  • Osquery for Threat hunters
certified network security professional
module 7 : Anti forensics , MFT and APT detections with SIEM
  • SPLUNK 101 for threat hunters
  • ELK 101 for threat hunters
  • Volume shadow snapshot analysis
  • Timelines incorporating volume shadow snapshot data
  • Anti-Forensics analysis using NTFS filesystem components
  • Timestomp identification and suspicious file detections
  • Advanced data recovery with records carving and deleted volume shadow copy recovery
who should attend this training?
  • Security Operations Center analysts and engineers
  • Incident response team members
  • Penetration testers/Red team members
  • Network security engineers
  • Information security consultants and IT auditors
why should i take this training?

The Advance Threat Hunting Training course is designed to provide IT security
professionals with the skills necessary not only to proactively hunt for threats, but
also to become a stealthier penetration tester

prerequisite of the training ?
  • A solid understanding of computer networks: switches, routing, security
    devices, common network protocols, etc. (Recommended)
  •  Intermediate understanding of IT security matters
What is the duration of the training ?

Its an Instructor-led online training and the total duration of the training is 45 hours.

Advanced Threat 

Hunting professional 


9 + 11 =

Our clients


Today I’ve completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.
Satyam Singh

BCA, Delhi University

Positive: Professionalism, Quality, Responsiveness, Value

5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .


Cyber Security Consultant , Red Hawk

Advanced Threat hunting Professional Training enquiRy

11 + 2 =