Practical Threat Hunting is for you if
You’ve ever sat at a screen feeling paralyzed by not knowing what to look for next.
You’ve always wanted to be able to find evil on your network without alerts, but don’t know how to approach it.
You struggle to dissect attacks and derive hunting strategies from them.
You have a mountain of data at your disposal but don’t know which techniques are best suited for gaining the necessary perspective over it to spot anomalies.
You want to add threat hunting capabilities to your security team but don’t know how to get buy-in from management or prove just how valuable it can be.
You’re tired of being told hunting is as simple as “knowing what’s normal so you can spot evil” — there’s more to it than that!
Practical Threat Hunting is the course that will teach you to hunt in a way that will never leave you at a shortage of places to start or techniques to manipulate data to spot anomalies. You’ll build skills through a series of expert-led lectures, scenario-based demonstrations, and hands-on lab exercises. Through a combination of theory and application, you’ll learn the basics of threat hunting and apply them to your network immediately.
You’ll learn:
Two hunting frameworks: Attack-Based Hunting (ABH) and Data-Based Hunting (DBH)
Techniques for leveraging threat intelligence and the MITRE ATT&CK framework for hunting input
The 9 most common types of anomalies you’ll encounter when reviewing evidence.
The 4 ways threat hunters most commonly transform data to spot anomalies
Typical staffing models for hunting capabilities in organizations of all sizes along with pros/cons
5 metrics that support and enable threat hunting operations
My two-step system for effective note taking while hunting (and how to transition those notes to longer-term storage for easy searching)
An ideal design for a hunter’s wiki/knowledgebase
A 5-step framework for dissecting and simulating attacks to prepare for hunting expeditions
