Threat Hunting

Class Title:  Beyond IOCs: How to Effectively Threat Hunt using TTPs and Behaviors

When:  Monday, October 23, 2023
Time:  8:30 am – 5:00 pm
Instructor:  Lee Archinal, Sr. Threat Hunter and Content Developer,  Cyborg Security
Class Registration:  REGISTRATION

This course is designed to provide the students with hands-on experience in behavioral threat hunting. This includes covering common models and how they relate to threat hunting, how to operationalize an intel report focusing on tactics, techniques, and procedures (TTPs), how to leverage intelligence to initiate and conduct a hunt, data pivoting from initial query to results, proper documentation techniques to compile and organize findings in a repeatable manner. The culmination of this process will be a series of simulated attack chains using real world adversary TTPs, that we like to call the crawl phase. The crawl phase will provide students with the opportunity to go hands-on with the data in a step-by-step hunting tutorial. This practical session will allow students to experience threat hunting in a structured and controlled manner, and allow them to practice the topics that were covered.

Students will be required to bring a laptop that meets these requirements: OS: Windows/OSX/Linux Memory: 8 GB RAM CPU: 4 cores Free Space: 50 GB Recommended Browser(s): Google Chrome / Microsoft Edge Virtual Box already installed on their machine. Other recommended applications: A way to view a pdf. A way to view and edit an Excel type document. As an optional requirement, if the student would want to leverage the Hunter platform before, during, or after the training, they would have to register for a community account well before the training.