Certified Cyber Threat Hunter

Upskilling Course, 40 Academic Hours

Deep Dive: Threat Hunting Methodologies, Tactics and Techniques

Chances are very high that hidden threats already exist inside your organization’s networks. No matter how thorough and sophisticated your security precautions may be, you cannot assume that such security measures are impenetrable. By themselves, prevention systems are insufficient to counter focused human adversaries who know how to get around today’s advanced security and monitoring tools. It takes highly skilled and focused hunters to defeat these persistent adversaries.

This is a specialist-level course for security professionals involved in network security, security operations, incident response or penetration testing, who want to develop in their role or to enhance their proactive skills in detecting and mitigating threats.

By enrolling in this course, you'll get advanced knowledge on threat hunting methodologies, tactics, and techniques. You'll familiarize yourself with common threat hunting tools and technologies.

Who Is This Course For?

Incident responder and team leaders
System administrators
Cyber security practitioners and security architects
Experienced cyber and IT professionals

Prerequisites

Advanced knowledge of Microsoft Operating Systems
Understanding of networks and protocols
Basic knowledge of monitoring and security devices
A good working knowledge of attack techniques, networking, malware investigations, including network and forensics investigations
Good working knowledge of PowerShell
Online Skill Set Level Exam: Minimum score of 70

Learning Objectives

Detect when and how a breach has occurred
Identify compromised and affected systems
Perform damage assessments and determine what was stolen or changed
Hunt down additional breaches using knowledge of the adversary

What You'll Get...

Course presentation as a PDF file
Cheat sheets and useful documentation
“Swiss Army Knife” - 3Gb of incident response tools
20 hours of practical learning experience through hands-on activities
A Wawiwa certificate upon successful completion of the course

In addition, you may choose to augment your team’s course to include preparation for relevant cybersecurity industry certification tests, at an additional cost. The cybersecurity certifications that this course can be used to prepare for include the GIAC Defending Advanced Threats (GDAT) certification.

Relevant Cybersecurity certifications

Note: An industry certification is neither offered nor guaranteed as part of the course.

Professional Supervisor and Instructors

Supervising all Wawiwa Cyber courses is Mr. Nadav Nachmias, Head of Cybersecurity Programs at Wawiwa.

The course instructors are cybersecurity professionals with hands-on experience as well as training skills. The technical level of the course can be adjusted according to the audience.

Nadav Nachmias

Head of Cybersecurity Programs

Nadav is a Cybersecurity Specialist with over 15 years of experience, focusing on Cybersecurity strategies, architecture, and workforce empowerment. His practical experience made it intuitive for him to develop diverse training programs and materials in several Cybersecurity fields (including Cybersecurity Management, Incident Handling and Response, and Cyber Forensics).

What Do Graduates Have to Say?

"I always found interest in cybersecurity. I had a passion for this huge field that keeps evolving. I looked for courses online, and found that most of them are very hands off, a video running on a website. Then I found Wawiwa’s Cybersecurity program. I registered and throughout the program, actually found myself looking forward to class. It’s a live session, with a lot of practical work, working on real-life cyber tools and experiencing what they can do. The instructors have real-life stories and examples from the field to get points across. It makes the program really exciting!”

Course Syllabus

Module 1: Introduction and Reconnaissance (5 Theoretical Hours, 5 Practical Hours)

Course Outline and Lab Setup
- Course Objectives and Lab Environment
- What’s Happening Out There?
- Exercise: One Click Is All It Takes
Adversary Emulation and the Purple Team
- Introducing the Extended Kill Chain
- What Is the Purple Team?
- MITRE ATT&CK Framework and “Purple Tools”
- Key Controls for Prevention and Detection
- Building a Detection Stack
- Exercise: Kibana and ATT&CK Navigator
Reconnaissance
- Reconnaissance – Getting to Know the Target
- Exercise: Automated Reconnaissance Using SpiderFoot

Module 2: Payload Delivery and Execution (3 Theoretical Hours, 1.5 Practical Hours)

Common Delivery Mechanisms
Preventing Payload Execution
Initial Execution – Application Whitelisting
Exercise: Configuring AppLocker
Initial Execution – Visual Basic, JS, HTA, and PowerShell
Initial Execution – How to Detect?
Exercise: Detection with Script Block Logging, Sysmon, and SIGMA

Module 3: Exploitation, Persistence and Command and Control (5 Theoretical Hours, 4 Practical Hours)

Protecting Applications from Exploitation
- Software Development Lifecycle (SDL) and Threat Modeling
- Patch Management
- Exploit Mitigation Techniques
- Exercise: Exploit Mitigation Using Compile-Time Controls
- Exploit Mitigation Techniques – ExploitGuard, EMET, and Others
- Exercise: Exploit Mitigation Using ExploitGuard
Avoiding Installation
- Typical Persistence Strategies
- How Do Adversaries Achieve Persistence?
- Exercise: Catching Persistence Using Autoruns and OSQuery
Foiling Command and Control
- Detecting Command and Control Channels
- Exercise: Detecting Command and Control Channels Using Suricata, JA3, and RITA

Module 4: Lateral Movement (4 Theoretical Hours, 4.5 Practical Hours)

Protecting Administrative Access
- Active Directory Security Concepts
- Principle of Least Privilege and UAC
- Exercise: Implementing LAPS
- Privilege Escalation Techniques in Windows
- Exercise: Local Windows Privilege Escalation Techniques
Key Attack Strategies Against the Active Directory (AD)
- Abusing Local Admin Privileges to Steal More Credentials
- Exercise: Hardening Windows Against Credential Compromise
Kerberos attacks: Kerberoasting, Silver tickets, Over -PtH
How Can We Detect Lateral Movement?
- Key Logs to Detect Lateral Movement in AD
- Deception – Tricking the Adversary
- Exercise: Detecting Lateral Movement in AD

Module 5: Action on Objectives, Threat Hunting and Incident Response (3 Theoretical Hours, 5 Practical Hours)

Domain Dominance
- Dominating the AD – Basic Strategies
- Golden Ticket, Skeleton Key, DCSync, and DCShadow
- Detecting Domain Dominance
- Exercise: Domain Dominance
Data Exfiltration
- Common Exfiltration Strategies
- Exercise: Detecting Data Exfiltration
Leveraging Threat Intelligence
- Defining Threat Intelligence
- Exercise: Leveraging Threat Intelligence with MISP and Loki
Threat Hunting and Incident Response
- Proactive Threat Hunting Strategies
- Exercise: Hunting Your Environment
- Incident Response Process
- Exercise: Finding Malware Using Volatility and YarGen

Give your team the edge they need to succeed with our comprehensive courses, tailored to your specific needs.

Interested in more details?

We’d be happy to answer all your questions!

Partner with Wawiwa to offer tech training programs in less than 6 months!

Wawiwa bridges the tech skills gap by reskilling people for tech professions in high demand. There are millions of tech vacancies and not enough tech professionals with the relevant knowledge and skills to fill them. What the industry needs of employees is not taught in long academic degrees. Wawiwa helps partners around the world to reskill, and upskill people for tech jobs through local tech training centers or programs. The company utilizes a proven training methodology, cutting-edge content, digital platforms for learning and assessment, and strong industry relations, to deliver training programs that result in higher employability and graduate satisfaction. This, in turn, also creates a strong training brand and a sustainable business for Wawiwa’s partners.