In this course students will learn counducting threat hunting and compromise assessment. In the first module I created a real life attack scenerio as an adversary simulation in a demo lab. I lecture to my students about cyber threat intelligence sources and types, basic definition and terms like IOC, TTP, Cyber Kill Chain Model, Incident Response Steps. I critisize security devices capabilities for explaining why we need monitoring and SIEM infrastructure. In the second module I give you therotical knowledge about real attack techniques like SQL Injection, Buffer OverFlow Exploit Codes, SSH tunneling methods and more… I teach to my students how to collect full pcap traffic and which tools should be used for analysing. In module two I analysis tunnels, pivot points, web attacks, Remote Code Execution Exploits, Web Shells and Web attacks traffic from pcap files and I share my real world analysis experince with my students. In third module, First I present the fundamental windows processes and process injections, hollowing techniques and tools, pe injection and thread injection techniques and tools as theoritically. Then I teach you dumping memory samples for memory forensic and I analyze Stuxnet attack’s memory image, Cridex, Zeus, Darkcomet Rat’s Memory images and DLL injection event’s memory image. In fourth module I perform therat hunting over ELK. First I explain the event id numbers which are used common for hunting and I analyze a real life scenerio. I detected malicious word documents, hta files, unsigned exe files, vbs files and more. I teach you how to detect and investigate tunneling methods, persistency methods like registeries, services, schedule tasks. Some techniques are used like lolbas in attack lab and we investigate and map them by using MITRE framework. Google Rapid Response And Osquery usage and labs are performed by me.
Link:
