A structured system to ensure you’re never at a loss for places and methods to start hunting for evil. Practical Threat Hunting is a foundational course that will teach you how to approach threat hunting using a proven, structured, repeatable framework. Practical Threat Hunting is the course that will teach you to hunt in a way that will never leave you at a shortage of places to start or techniques to manipulate data to spot anomalies. You’ll build skills through a series of expert-led lectures, scenario-based demonstrations, and hands-on lab exercises. Through a combination of theory and application, you’ll learn the basics of threat hunting and apply them to your network immediately.
Syllabus
- Two hunting frameworks: Attack-Based Hunting (ABH) and Data-Based Hunting (DBH)
- Techniques for leveraging threat intelligence and the MITRE ATT&CK framework for hunting input
- The 9 most common types of anomalies you’ll encounter when reviewing evidence.
- The 4 ways threat hunters most commonly transform data to spot anomalies
- Typical staffing models for hunting capabilities in organizations of all sizes along with pros/cons
- 5 metrics that support and enable threat hunting operations
- My two-step system for effective note taking while hunting (and how to transition those notes to longer-term storage for easy searching)
- An ideal design for a hunter’s wiki/knowledgebase
- A 5-step framework for dissecting and simulating attacks to prepare for hunting expeditions
