Regardless of which side you are on, blue or red, good understanding of Threat Hunting and Threat Intelligence is vital if you want to be a complete IT Security professional. You cannot be a professional defender without good knowledge of attacking techniques. The same goes for penetration testers.
The Threat Hunting Professional (THP) course was designed to provide IT security professionals with the skills necessary not only to proactively hunt for threats but also to become a stealthier penetration tester.
As a blue team member, you would use the techniques covered in the Threat Hunting Professional (THP) course to:
Establish a proactive defense mentality and start your own threat hunting program/procedure
Proactively hunt for threats in your organization’s network, endpoints or perimeter and be several steps ahead of forthcoming adversaries
Constantly fine-tune your organization’s defenses based on the latest attacker Techniques, Tactics and Procedures
Use threat intelligence or hypotheses to hunt for known and unknown threats
Inspect network traffic and identify abnormal activity in it
Perform memory forensics using Redline, Volatility and a variety of tools to identify in-memory malware
Use tools such as Sysmon and SilkETW to collect event logs
Detect advanced hacking techniques such as AMSI bypasses, COM Hijacking and sophisticated/evasive malware
Use tools such as PowerShell, ELK and Splunk to analyze Windows events and
detect attacks such as DCSync, Kerberoasting and obfuscated PowerShell commands
As a red team member, you would use the techniques covered in the Threat Hunting Professional (THP) course to:
Get familiar with the detection techniques being used by mature organizations
Identify how an attack looks like in the wire and in memory
Identify the most common events that are analyzed, in order to avoid triggering them
Fine-tune your attack strategy, attack vectors, and infrastructure, so that you remain under the radar
Understand how you could leverage Threat Intelligence to upgrade your arsenal and deliver advanced adversary simulations, and more
Course material
HQ video training material
Interactive slides
Hands-on challenges in our industry-leading virtual labs
PREREQUISITES
This course covers the foundational topics for threat hunting and threat intelligence; however, a good working knowledge coupled with experience in information technology, with a focus on security, prior to the class will be needed to help aid you in your learning. You should have:
A solid understanding of computer networks: switches, routing, security devices, common network protocols, etc. (Recommended)
Intermediate understanding of IT security matters
Intermediate to advanced understanding of penetration testing tools and methods. (Recommendation: IHRP course)
WHO SHOULD TAKE THIS COURSE?
This training course is primarily intended for SOC/IT Security analysts that would like to proactively detect attacks and/or possible malware behavior in their environments.
The target audience of this course are:
Security Operations Center analysts and engineers
Incident response team members
Penetration testers/Red team members
Network security engineers
Information security consultants and IT auditors
Managers who want to understand how to create threat hunting teams and intelligence capabilities
ORGANIZATION OF CONTENTS
The student is provided with a suggested learning path to ensure the maximum success rate and the minimum effort.
SECTION 01: THREAT HUNTING
Module 1: Introduction to Threat Hunting
Module 2: Threat Hunting Terminology
Module 3: Threat Intelligence
Module 4: Threat Hunting Hypothesis
SECTION 02: HUNTING THE NETWORK – NETWORK ANALYSIS
Module 1: Introduction to Network Hunting
Module 2: Suspicious Traffic Hunting
Module 3: Hunting Webshells
SECTION 03: HUNTING THE ENDPOINT – ENDPOINT ANALYSIS
Module 1: Introduction to Endpoint Hunting
Module 2: Malware Overview
Module 3: Hunting Malware
Module 4: Event IDs, Logging, and SIEMs
Module 5: Hunting with PowerShell
LABS
The THP course is a practice-based curriculum containing 27 hands-on labs. Being integrated with Hera Lab, the most sophisticated virtual lab in IT Security, it offers an unmatched practical learning experience. Hera is the only virtual lab that provides fully isolated per-student access to each of the real-world network scenarios available on the platform. Students can access Hera Lab from anywhere through VPN.
Modules will be accompanied by many hands-on labs.
Lab 1: Hunting with IoCs
Lab 2: Hunting Insider Threats Part 1
Lab 3: Hunting Insider Threats Part 2
Lab 4: Network Hunting & Forensics
Lab 5: Hunting Web Shells Part 1
Lab 6: Hunting Web Shells Part 2
Lab 7: Hunting in Memory (2 Labs)
Lab 8: Hunting for Process Injection & Proactive API Monitoring
Lab 9: Advanced Endpoint Hunting (2 Labs)
Lab 10: Hunting Malware Part 1
Lab 11: Hunting Malware Part 2
Lab 12: Hunting Empire
Lab 13: Hunting Responder
Lab 14: Hunting .Net Malware (2 Labs)
Lab 15: Hunting for WMI Abuse, Parent Process Spoofing & Access Token Theft