Cyber Threat Hunting

Accelerated Training

Introducing the Cyber Threat Hunting

Accelerated Training

Cyber threat hunting is a proactive, iterative, and human-centered process of finding cyber threats that are inside a network that hasn’t been caught by existing security controls. It is now possible for attackers to stay inside a network for a long time and get information and move around without anyone noticing. It’s at this point that Threat Hunting comes in to help.

Threat hunting is based on the concept of “Assumed Breach “. It helps businesses answer questions like: How do we know when we’ve been breached? What is the evidence we have for this?  And how do we use this information to improve our security?”

Using the knowledge or intelligence gained through Threat Intelligence, threat hunters can hunt down the advisories within the network and locate Indication of compromised (IoC).

Introduction to Threat Hunting

  • Cyber threat hunting definition and goals
  • Hunting for Indication of compromise (IoC) and Artifacts.
  • Cyber threat hunting methodologies and techniques

Threat Hunting Use Cases

  • Technology Review
  • Real-world Threats
  • Hunt Mission
  • Data Collection and Hunt Execution
  • Analysis
  • Refining the Hunt Mission

Hunting for The Indication of Compromise (IoC)

  • Hunting for network-based cyber threats
  • Hunting for host-based cyber threats
  • Cyber threat hunting technologies and tools

Threat Hunting Methods

  • Threat Hunting with the Mitre Framework
  • Understand how to use DEtect Tactics, Techniques & Combat Threats model
  • Combining DeTT&CT with Mitre Att&CK
  • Using Caldera to simulate threat

Who Should Attend?

  • Network security professionals
  • Incident responders.
  • Penetration testers
  • Red team members and other white hats
  • Security analysts
  • Security consultants and auditors
  • Managers wanting to create threat-hunting teams
  • Sophisticated threats are bypassing both perimeter and endpoint security.
  • Increase the speed and accuracy of incident response
  • Understand and reduce attack surface exposure / hardened network and endpoints.
  • Reduce the time an adversary dwells on the network unnoticed.
  • Detect/prevent the spread of the attack and lateral movement.
  • Collect evidence of compromise.

At the end of this workshop the participants should be able to:

  • Define Cyber Threat Hunting and explain its value to an organization
  • Understand the Threat Hunting process
  • Know the difference between Cyber Threat Intelligence and Threat Hunting and Incident Response, and they are related and can be used together
  • Learn what data to collect and where to collect it
  • Leverage both endpoint and network data for successful hunting
  • Understand how to hunt for threats in your organization’s systems and network
  • Understand the Hunting Maturity Model to measure your organization’s hunting capability
  • Learn how to find and investigate malware, phishing, lateral movement, data exfiltration, and other common threats
  • Network security professionals
  • Incident responders.
  • Penetration testers
  • Red team members and other white hats
  • Security analysts
  • Security consultants and auditors
  • Managers wanting to create threat-hunting teams
  • Basic information security concepts should be understood.
  • A working understanding of networking devices and protocols is required.
  • Exposure to network monitoring and pentesting tools and methodology