Welcome to our course for Threat Hunting! This specialised purple-team role focuses on detecting advanced threats that are already within the network, and have so far remained undetected. Using both manual and automated techniques, Threat Hunters search for malicious artefacts over the network and on systems. This role is highly technical and is ever-changing, as adversaries change their tactics, hunters must develop new tools and methods for discovering signs of threats that traditional security controls haven’t detected yet.
Below are the practical aspects that are included in this course, giving you a chance to put the knowledge you’ve learned into practice, and gain some hands-on experience.
generating indicators of compromise
You’ll learn what Indicators of Compromise are, and how to generate your own for files. These will be used in the next challenge where you will search a system using these IOCs to find evidence of various files and malware that is hiding.
hunting for files
You’ll learn how to use IOCs to search an entire system for any evidence of them, allowing you to identify suspicious or malicious files used values such as strings, MD5 hashes, file names, file size, and more.
Course challenge: malware threat hunt
You will be given a system image, which you must load as a virtual machine, and use techniques to generate IOCs from two malware samples, and then search the system to find all other copies of the malware that are hidden deep inside
Below is a list of the tools and services that this course will teach you how to use. Some tools or services may be missing from this list, so it should not be treated as a complete index for everything within the course.
- Mandiant IOC Collector
- MD5 Hashing
- SHA-1 Hashing
- File Properties
- Mandiant Redline
- Virtual Machines
If you complete the final exam, you will be eligible to receive an e-certificate showing that you have completed this course and developed your network analysis fundamental skills! Great for sharing on LinkedIn to showcase your motivation and drive to develop your skills (plus we love hearing from our students!)
All content in this course is Copyrighted by Security Blue Team 2020. Any copying, redistributing, or sharing in any way to non-paying students is an unlawful breach of this copyright, and will result in legal action to claim for damages.