Section outline

• Select section Day 1 – Cyber Threat Hunting Foundations

  Day 1 – Cyber Threat Hunting Foundations

  Collapse all Expand all

  • The Process of Investigation
  • Understanding Threat Hunting & Incident Response Relationship
  • Cyber Threat Models: Cyber Kill Chain, Diamond Model, MITRE ATT&CK
  • Developing a Threat Hunting Lab for live analysis

   
• Select section Day 2 – Live Machine & Memory Threat Hunting / Windows Exploitation

  Day 2 – Live Machine & Memory Threat Hunting / Windows Exploitation

  • Live Memory Acquisition & Malware Detection
  • Advanced Memory Analysis using Volatility
  • Threat Hunting Techniques:
    • Shimcache, Amcache, Shellbags, Ntuser.dat, MFT, MRU
    • Identifying Rogue Processes, Code Injection, and Network Artifacts
  • Windows Exploitation & Post-Exploitation:
    • Finding Persistent Malware Beacons & LOLBAS Attacks
    • PowerShell Event Analysis & Remote Execution Techniques
• Select section Day 3 – Active Directory Attack Investigations & Endpoint Threat Hunting

  Day 3 – Active Directory Attack Investigations & Endpoint Threat Hunting

  • Investigating Active Directory Attacks:
    • Pass the Hash, Mimikatz Credential Dumping, Kerberos Attacks
    • Golden Tickets, NTDS.DIT Theft, BloodHound Analysis
  • Endpoint Threat Hunting Techniques:
    • Event ID Analysis & Threat Indicators
    • Sysmon for Threat Hunting & Windows Process Analysis
    • Hunting Macros, Mimikatz, and Remote Threads
• Select section Day 4 – Threat Hunting with SOC Tools & Case Study

  Day 4 – Threat Hunting with SOC Tools & Case Study

  • Threat Hunting Using Security Tools:
    • Cuckoo Sandbox for Malware Analysis
    • Splunk & ELK for Threat Intelligence & Log Analysis
    • Security Onion for Intrusion Detection
    • Mandiant Redline for Forensics & Threat Intelligence
  • Case Study & Practical Lab:
    • Real-world Threat Hunting Scenarios
    • Automation & Continuous Threat Intelligence Improvement