Advanced threat hunting professional

Advanced Threat Hunting professional training will prepare your mindset for overall threat identification and hunting capabilities . No matter which side you are either blue, red, or purple, a decent understanding of Threat investigation and Threat Intelligence is vital if you want to be a complete IT Security Expert. You cannot be a professional defender without enough knowledge of attacking techniques. The same goes for penetration testers too. The Advanced Threat Hunting professional course is designed to upgrade IT security specialists with the abilities necessary to hunt for threats proactively and become an advance threat hunter.

In This training we will solve an APT real world attack case and its complete detection with multiple phases of threat hunting .

Advanced Threat Hunting Professional Training is for you if

You’ve ever sat at a screen feeling paralyzed by not knowing what to look for next.
You’ve always wanted to find evil on your network without alerts, but don’t know how to approach it.
You struggle to dissect attacks and derive hunting strategies from them.
You have a mountain of data at your disposal but don’t know which techniques are best suited for gaining the necessary perspective over it to spot anomalies.
You want to add threat hunting capabilities to your security team but don’t know how to get buy-in from management or prove just how valuable it can be.
How to approach the threats as per APT timeline

detailed syllabus

Threat hunting essentials

The process of Investigation
Where threat hunting Fits in and Defined
Incident Response & Threat Hunting relationship
Threat Hunting Teams
Tactics, Techniques, and Procedures
Cyber Kill Chain Model
Diamond Model
Understanding TTP with MITRE ATT&CK
Align MITRE ATT&CK tactics to collect threat intel about the adversaries .
Training APT case – An enterprise adversary attack-based scenario and details will be used in this training.

Mapping Windows INSECURITIES

Advanced Persistent Threats
how to identify compromised machines
Finding persistent Malware beacons
Sophisticated malwares analogy – LOLBAS
Identifying the system attacks
- AutoStart Locations, RunKeys
- Service Creation/Replacement
- Service Failure Recovery
- Scheduled Tasks
- DLL Hijacking Attacks
- PowerShell events
- PowerShell Remoting basics
- Kansa for PowerShell investigations

PRACTICAL WINDOWS ENUMERATION

Identifying and Understanding the Active directory attacks –

Pass the Hash
Credential Attacks with Mimikatz
Token Stealing
Cached Credentials and LSA Secrets
Kerberos Attacks
Golden Tickets and DCSync
NTDS.DIT theft
Bloodhound analysis
Common dumping tools
Common Hiding and Persistence Mechanisms

Lateral movement attacks detection

Compromising Credentials Techniques
Remote Desktop Services Misuse
Windows Admin Share Abuse
PsExec and Cobalt Strike Beacon PsExec Activity
RMI Tool and Techniques
PowerShell Remoting/WMIC Hacking
Cobalt Strike Lateral Movements
Software Exploitation detections
Command-Line Analysis and WMI Activity Logging
PowerShell Script Block Logging
Discovering Cobalt Strike beacon PowerShell Import Activity
Detecting PowerShell Injection from Cobalt Strike, Metasploit, and Empire
PowerShell Script Obfuscation

Live examination of compromised machines

Infected Environment isolation
Malware Persistence Detection and Analysis
Scaling Data Collection and Analysis Across the Enterprises
Finding and Analyzing Malicious WMI attacks
Live memory acquisition
Acquisition from multiple sites
Shimcache and Amcache anatomy for threat hunters
Shellbags for Threat hunters
Ntuser.dat and Usrclass.dat for threat hunting
MFT and MRU for threat hunters
APT hunting in memory in depth
APT case mind map with live exmination

Memory investigations

Identify Rogue Processes and services
Analyze Process DLLs and Handles
Review Network Artifacts
Look for Evidence of Code Injection
Acquire Suspicious Processes and Drivers
Advanced Memory Analysis with Volatility
Webshell Detection Via Process Tree Analysis
Code Injection, Malware, and Rootkit Hunting in Memory
Windows Management instrumetation and PowerShell Process intrusions
Extract Memory-Resident Adversary Command Lines
Hunting Malware Using Comparison Baseline Systems
Find and Dump Cached Files from RAM for hunting the APT

Log analysis primer

Profiling Account Usage and Logons
Tracking and Hunting Lateral Movement
Identifying Suspicious Services
Identifying new accounts creation and activities
Detecting Rogue Application Installation
Finding Malware Execution and Process Tracking
Capturing Command Lines and Scripts in logs
Anti-Forensics and Event Log Clearing detections

Network threat hunting

ARP traffic Investigation
ICMP traffic hunting
TCP and UDP wide analysis
DHCP and DNS examine
HTTP and HTTPS traffic suspects
Hunting Internal Corporate Threats
Investigating Network attacks & correlating Forensics evidences
RSA Net Witness for threat hunters
Investigating traffic with Security Onion and ELK.
Investigating network traffic with OSQuery

SIEM for threat hunters

SPLUNK 101 for threat hunters
ELK 101 for threat hunters
Volume shadow snapshot analysis
Timelines incorporating volume shadow snapshot data
Anti-Forensics analysis using NTFS filesystem components
Timestomping identification and suspicious file detections
Advanced data recovery with records carving and deleted volume shadow copy recovery

who should attend this training?

Security Operations Center analysts and engineers
Incident response team members
Penetration testers/Red team members
Network security engineers
Information security consultants and IT auditors

why should i take this training?

The Advance Threat Hunting Training course is designed to provide IT security
professionals with the skills necessary not only to proactively hunt for threats, but
also to become a stealthier penetration tester

prerequisite of the training ?

A solid understanding of computer networks: switches, routing, security
devices, common network protocols, etc. (Recommended)
Intermediate understanding of IT security matters

What is the duration of the training ?

Its an Instructor-led online training and the total duration of the training is 45 hours.

Whats Next ?



elastic certified engineer

TESTIMONIALS

What People Are Saying

Today I've completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.

Satyam Singh

BCA, Delhi University

Positive: Professionalism, Quality, Responsiveness, Value

5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .

Ravi S

Cyber Security Consultant , Red Hawk

We're Here To Help!



head Office

3500 , 1st Floor , Raja Park , New Delhi -110034 , India



WORKING Hours - isT

M-S : 10 AM - 7 PM



email US

[email protected]

Placement

Booking

Messenger

Reviews

Contact Hub

Sites

App Integration

Dashboard

Timeline

Workload

Forms

Board

Automation

Mobile Apps

Portfolio

Most Popular Games

CandyCrush

PUBG

MineCraft

APEX Legend

Fortnite

Counter strike

Ratchet & Clank

Dark Souls lll

Gear of War 4

Security Assessment Services

Advisory and Compliance Services

ISMS Compliance Audit

SOC 2 Compliance Audit

IT Risk Assessment

PCI DSS Compliance Audit

GDPR Compliance Audit

Specialised Security Operations

Red Team Assessment

Managed Security Services

SME CyberSecurity Services

SpearPhishing Simulations

Digital Forensics Investigations

Managed IT Solutions

Secure Network Implemenation

Secure Web Development

End Point Security

Celebrity Cyber Security

Business Strategy and Marketing