Certified Cyber Threat Hunter
Upskilling Course, 40 Academic Hours
Deep Dive: Threat Hunting Methodologies, Tactics and Techniques
- Level: Advanced
Chances are very high that hidden threats already exist inside your organization’s networks. No matter how thorough and sophisticated your security precautions may be, you cannot assume that such security measures are impenetrable. By themselves, prevention systems are insufficient to counter focused human adversaries who know how to get around today’s advanced security and monitoring tools. It takes highly skilled and focused hunters to defeat these persistent adversaries.
This is a specialist-level course for security professionals involved in network security, security operations, incident response or penetration testing, who want to develop in their role or to enhance their proactive skills in detecting and mitigating threats.
By enrolling in this course, you'll get advanced knowledge on threat hunting methodologies, tactics, and techniques. You'll familiarize yourself with common threat hunting tools and technologies.
Who Is This Course For?
- Incident responder and team leaders
- System administrators
- Cyber security practitioners and security architects
- Experienced cyber and IT professionals
Prerequisites
- Advanced knowledge of Microsoft Operating Systems
- Understanding of networks and protocols
- Basic knowledge of monitoring and security devices
- A good working knowledge of attack techniques, networking, malware investigations, including network and forensics investigations
- Good working knowledge of PowerShell
- Online Skill Set Level Exam: Minimum score of 70
Learning Objectives
- Detect when and how a breach has occurred
- Identify compromised and affected systems
- Perform damage assessments and determine what was stolen or changed
- Hunt down additional breaches using knowledge of the adversary
What You'll Get...
- Course presentation as a PDF file
- Cheat sheets and useful documentation
- “Swiss Army Knife” - 3Gb of incident response tools
- 20 hours of practical learning experience through hands-on activities
- A Wawiwa certificate upon successful completion of the course
In addition, you may choose to augment your team’s course to include preparation for relevant cybersecurity industry certification tests, at an additional cost. The cybersecurity certifications that this course can be used to prepare for include the GIAC Defending Advanced Threats (GDAT) certification.
Relevant Cybersecurity certifications
Note: An industry certification is neither offered nor guaranteed as part of the course.
Professional Supervisor and Instructors
Supervising all Wawiwa Cyber courses is Mr. Nadav Nachmias, Head of Cybersecurity Programs at Wawiwa.
The course instructors are cybersecurity professionals with hands-on experience as well as training skills. The technical level of the course can be adjusted according to the audience.
Nadav Nachmias
Head of Cybersecurity Programs
Nadav is a Cybersecurity Specialist with over 15 years of experience, focusing on Cybersecurity strategies, architecture, and workforce empowerment. His practical experience made it intuitive for him to develop diverse training programs and materials in several Cybersecurity fields (including Cybersecurity Management, Incident Handling and Response, and Cyber Forensics).
What Do Graduates Have to Say?
Course Syllabus
Module 1: Introduction and Reconnaissance (5 Theoretical Hours, 5 Practical Hours)
- Course Outline and Lab Setup
- Course Objectives and Lab Environment
- What’s Happening Out There?
- Exercise: One Click Is All It Takes
- Adversary Emulation and the Purple Team
- Introducing the Extended Kill Chain
- What Is the Purple Team?
- MITRE ATT&CK Framework and “Purple Tools”
- Key Controls for Prevention and Detection
- Building a Detection Stack
- Exercise: Kibana and ATT&CK Navigator
- Reconnaissance
- Reconnaissance – Getting to Know the Target
- Exercise: Automated Reconnaissance Using SpiderFoot
Module 2: Payload Delivery and Execution (3 Theoretical Hours, 1.5 Practical Hours)
- Common Delivery Mechanisms
- Preventing Payload Execution
- Initial Execution – Application Whitelisting
- Exercise: Configuring AppLocker
- Initial Execution – Visual Basic, JS, HTA, and PowerShell
- Initial Execution – How to Detect?
- Exercise: Detection with Script Block Logging, Sysmon, and SIGMA
Module 3: Exploitation, Persistence and Command and Control (5 Theoretical Hours, 4 Practical Hours)
- Protecting Applications from Exploitation
- Software Development Lifecycle (SDL) and Threat Modeling
- Patch Management
- Exploit Mitigation Techniques
- Exercise: Exploit Mitigation Using Compile-Time Controls
- Exploit Mitigation Techniques – ExploitGuard, EMET, and Others
- Exercise: Exploit Mitigation Using ExploitGuard
- Avoiding Installation
- Typical Persistence Strategies
- How Do Adversaries Achieve Persistence?
- Exercise: Catching Persistence Using Autoruns and OSQuery
- Foiling Command and Control
- Detecting Command and Control Channels
- Exercise: Detecting Command and Control Channels Using Suricata, JA3, and RITA
Module 4: Lateral Movement (4 Theoretical Hours, 4.5 Practical Hours)
- Protecting Administrative Access
- Active Directory Security Concepts
- Principle of Least Privilege and UAC
- Exercise: Implementing LAPS
- Privilege Escalation Techniques in Windows
- Exercise: Local Windows Privilege Escalation Techniques
- Key Attack Strategies Against the Active Directory (AD)
- Abusing Local Admin Privileges to Steal More Credentials
- Exercise: Hardening Windows Against Credential Compromise
- Kerberos attacks: Kerberoasting, Silver tickets, Over -PtH
- How Can We Detect Lateral Movement?
- Key Logs to Detect Lateral Movement in AD
- Deception – Tricking the Adversary
- Exercise: Detecting Lateral Movement in AD
Module 5: Action on Objectives, Threat Hunting and Incident Response (3 Theoretical Hours, 5 Practical Hours)
- Domain Dominance
- Dominating the AD – Basic Strategies
- Golden Ticket, Skeleton Key, DCSync, and DCShadow
- Detecting Domain Dominance
- Exercise: Domain Dominance
- Data Exfiltration
- Common Exfiltration Strategies
- Exercise: Detecting Data Exfiltration
- Leveraging Threat Intelligence
- Defining Threat Intelligence
- Exercise: Leveraging Threat Intelligence with MISP and Loki
- Threat Hunting and Incident Response
- Proactive Threat Hunting Strategies
- Exercise: Hunting Your Environment
- Incident Response Process
- Exercise: Finding Malware Using Volatility and YarGen
Give your team the edge they need to succeed with our comprehensive courses, tailored to your specific needs.
Interested in more details?
We’d be happy to answer all your questions!