Threat Hunting and Continuous Response

To stay ahead of sophisticated attackers, organizations must evolve their cyber security strategies beyond prevention-only technologies and reactive processes. Actively hunting for emerging indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) digs deeper and detects stealthy threats that often go unnoticed. Even with advanced tools, organizations struggle with inadequate detection capabilities, gaps in in-house skillsets and other challenges. 

This course will help you to:

  • Learn the phases of Threat Hunting

  • Learn how to leverage TTPs derived from Threat Intelligence reports and the MITRE ATT&CK matrix to develop effective hunts

  • Start hunting on network traffic, SIEM logs and endpoints

  • Learn effective incident triage techniques

  • Hunt and detect advanced Malware artifacts

  • Respond quickly and effectively to incidents 

Who should attend:

  • Threat Hunters who want to understand better advanced threats and how to discover them

  • SOC analysts looking to learn Threat Hunting skills and become more effective at detecting advanced threats

  • Incident Response team members who regularly respond to complex security incidents and intrusions 

  • Information security professionals who directly support and aid in responding to data breach incidents and intrusions.

Prerequisites:

  • General experience as SOC analyst or IR team member is a nice to have for this course

  • High level understanding of how a normal Windows system operates

This course will enable you to:

  • Learn and master the tools, techniques, and procedures necessary to effectively hunt, detect, and contain a variety of adversaries and to respond to complex incidents.

  • Hunt through and perform incident response across hundreds of systems simultaneously using "state of the art" tools

  • Detect and hunt unknown live, dormant, and custom malware across multiple Windows systems in an enterprise environment.

  • Hunt for threat activity on the network using traffic profiling tools

  • Recover suspicious files/processes from infected systems and conduct malware analysis.

  • Discover living of the land techniques, including malicious use of PowerShell and WMI.

  • Connect attack patterns on the network with malicious code activity at the OS level

  • Conduct advanced endpoint triage using live-forensics techniques.

  • Identify lateral movement and pivots within your enterprise across your endpoints, showing how attackers transition from system to system without detection.

What you will receive:

  • Access to printed and digital copies of the training materials

  • 1 month access to the virtual Threat Hunting lab environment used during this training

  • Certificate of completion

Delivery method:

  • Instructor led - 5 days on site (min. 4 students)

Supported languages:

  • English

  • Spanish

For more information get in touch with us using our contact form

  • LinkedIn Social Icon

Prague, Czechia

©2020 Falcon Guard. All rights reserved.