Threat Hunting (Network + External)

This course combines two critical aspects of hunting into one class, taking generously from our network hunting class and workshops, as well as, our external intelligence and breach hunting courses and workshops, to build an apex presentation centered on finding threats, no matter where they hide.

The first portion of the class will immerse the students into an interactive environment where they will be shown how to base, profile and hunt for threats on their network. In a series of labs, students will being bybuilding baselines of their network and then modeling the activity to gain situational awareness. Students then learn to profile traffic to hunt for threats—anomalies, unusual behavior, protocol changes and otherrisk signals indicative of malicious activity. Students will also be introduced to threat intelligence that can drive hunting and discoveries. Students will learn about clustering techniques, approaches to prevent information overload, and obvious and not-so-obvious ways to sample network traffic. When a student departs this class, they will have practical understanding, confidence and experience to hunt their network.

In the second portion, students look outward instead of inward, and learn to look beyond the perimeter for threats and shown how to profile, model and understand threats before they manifest. In a series of labs,students learn to source, process, and analyze external data to find threats. Not the normal rounds of OSINT, but specific techniques to puzzle out the patterns in external that indicate a threat is growing or active.

The majority of the four days in class will be spent in interactive virtual sessions. Students will be given abound volume that contains the techniques and case studies and then guided through a series of labs contained in virtual machines.