introduction
See Beyond What Blinking Boxes Tell You
You bought all the latest detection tools, but somehow still can’t seem to detect mimikatz. IT is screaming about the resource consumption from the multitude of security tools on the endpoints, analysts are barely staying afloat in the oceans of data your toolsets have created, and the latest red team report detailed how response actions were ineffective again. If this sounds familiar for your organization, this is the course for you.
course summary
Detection
Adversary Tactics: Detection will provide you the understanding and ability to build robust detections, starting with the “Why?” and going all the way to the technical implementation of detecting threat actor activity. You will learn how to apply the methodologies and technical approaches practiced, regardless of the security toolsets deployed in your organization. We’ll walk you through starting with a detection engineering strategy first and then focusing on methodologies to build robust alerting, with the result of improving detection and response capabilities throughout security operations.
Day 1
- Threat Hunting Introduction
- MITRE ATT&CK and Adversary TTPs
- Interpreting Threat Intelligence
- Data Source Identification
- Configure Test Environment
- Implement Attacker Technique
Day 2
- Data Modeling
- Data Quality Assessment
- Detection Engineering Methodology
- Threat Hunting Campaign Types
Day 3
- Develop Detections
- Alerting & Detection Strategies
- Hypothesis Generation (based on Threat Intel Report)
Day 4
- Threat Hunting Engagement
- Detection Development
- Detection Presentation & Peer Review
Overview
Adversary Tactics: Detection builds on standard network defense and incident response (which often focuses on alerting for known malware signatures) by focusing on abnormal behaviors and the use of adversary Tactics, Techniques, and Procedures (TTPs). We will teach you how to engineer detections based on attacker TTPs to perform threat hunting operations and detect attacker activity. In addition, you will learn to use free or open-source data collection and analysis tools, such as Sysmon, Windows Event Logs, and ELK, to analyze large amounts of host information and build detections for malicious activity. You will use the techniques and toolsets you learn to create threat hunting hypotheses and build robust detections in a simulated enterprise network undergoing active compromise from various types of threat actors.
Training Participants
Who Should Take This Course
This class is intended for security analysts and blue teamers wanting to learn how to effectively hunt in enterprise networks. This course offers benefits to participants of most levels of security operations experience, from SOC analysts to experienced security defenders. Those with a strong technical background will have opportunity for a deep dive into key concepts and labs. Participants in less technically focused positions will be exposed to a robust threat hunting concepts that provide the building blocks to create highly effective detection strategies.
OUR ECOSYSTEM
See What Else We Have to Offer
Private Trainings
If a public offering of the training classes does not fit your busy schedule, our team of experts are available to provide a private training offering to your organization. This is by far the best way for your team to get one on one access to the instructors and solidify the material. We provide all training material as well as laptops and classroom locations if needed.
Private Trainings