Threat Hunting (Network + External)

CyberDefenses Academy



Available on Request


Available on Request

Delivery Method



Certification of Completion

Audience / Level



Intro to Network Protocols, Critical Thinking and Analysis, Intro to Profiling and Investigation


Laptop required

Course Details

Program Introduction

This course combines two critical aspects of hunting into one class, taking generously from our network hunting class and workshops, as well as, our external intelligence and breach hunting courses and workshops, to build an apex presentation centered on finding threats, no matter where they hide.

The first portion of the class will immerse the students into an interactive environment where they will be shown how to base, profile and hunt for threats on their network. In a series of labs, students will being bybuilding baselines of their network and then modeling the activity to gain situational awareness. Students then learn to profile traffic to hunt for threats—anomalies, unusual behavior, protocol changes and otherrisk signals indicative of malicious activity. Students will also be introduced to threat intelligence that can drive hunting and discoveries. Students will learn about clustering techniques, approaches to prevent information overload, and obvious and not-so-obvious ways to sample network traffic. When a student departs this class, they will have practical understanding, confidence and experience to hunt their network.

In the second portion, students look outward instead of inward, and learn to look beyond the perimeter for threats and shown how to profile, model and understand threats before they manifest. In a series of labs,students learn to source, process, and analyze external data to find threats. Not the normal rounds of OSINT, but specific techniques to puzzle out the patterns in external that indicate a threat is growing or active.

The majority of the four days in class will be spent in interactive virtual sessions. Students will be given abound volume that contains the techniques and case studies and then guided through a series of labs contained in virtual machines.

Course Objectives

  • It’s designed for those with an interest in Threat Hunting.
  • It conveys the necessary concepts, principles and terms to lay down a solid foundation.

Target Student

Coming Soon


Monty St John
Monty St John is a computer science and information security expert, U.S. Navy and U.S. Air Force veteran, certified instructor, and author of dozens of classes for CyberDefenses. He has assisted numerous companies build and accredit laboratories, threat teams, and security operations centers. He’s also a prolific writer with two upcoming technical volumes set for 2018; Game Designer and Speaker. Learn more about Monty St John
Chris Rogers
Chris Rogers is a 20+ year industry security specialist who works with Cyberdefenses inc as the virtual security operations center team lead. Learn more about Chris Rogers

Additional Information

  • Laptop required
  • Requires basic knowledge of computers, technology and command line interface (CLI)
    • Open and operate browsers
    • Find and use command line
    • Execute scripts
  • Requires knowledge of Linux
  • Understanding of virtual machines (VM) and how to use one.
    • Understand how to import and power on a VM

Course Outline

  • Introduction
  • Hunting methodology review
  • Intelligence-driven inquiry review
  • Cast Study: Baselining
  • Case Study: Profiling
  • Case Study: User Behavior
  • Case Study: Threat & Anomaly Discovery
  • Transition to Part 2
(Labs 1-12 in this segment) PART 2
  • Introduction
  • Intelligence Assessment review
  • Intelligence-driven inquiry review
  • Case Study: Threats to Intrusions
  • Case Study: User Behavior
  • Markets & Money Review
  • Case Study: Underground Marketplaces
  • Breaches & Credentials review
  • Case Study: Breaches & Their data
  • Wrap-up & Close
(Labs 13-21 in this segment)