Course Summary
Threat hunting and incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems, provide ineffective containment of the breach, and ultimately fail to rapidly remediate the incident or contain propagating ransomware. Incident response and threat hunting teams are the keys to identifying and observing malware indicators and patterns of activity in order to generate accurate threat intelligence that can be used to detect current and future intrusions. This in-depth incident response and threat hunting course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and ransomware operators.
Understand attacker tradecraft to perform compromise assessments
Detect how and when a breach occurred
Quickly identify compromised and infected systems
Perform damage assessments and determine what was read, stolen, or changed
Contain and remediate incidents of all types
Track adversaries and develop threat intelligence to scope a network
Hunt down additional breaches using knowledge of adversary techniques
Build advanced forensics skills to counter anti-forensics and data hiding from technical subjects
Analyzing Volatile Malicious Event Artifacts
The candidate will demonstrate an understanding of abnormal activity within the structure of Windows memory and be able to identify artifacts such as malicious processes, suspicious drivers and malware techniques such as code injection and rootkits.
Analyzing Volatile Windows Event Artifacts
The candidate will demonstrate an understanding of normal activity within the structure of Windows memory and be able to identify artifacts such as network connections, memory resident command line artifacts and processes, handles and threads.
Enterprise Environment Incident Response
The candidate will demonstrate an understanding of the steps of the incident response process, attack progression, and adversary fundamentals and how to rapidly assess and analyze systems in an enterprise environment scaling tools to meet the demands of large investigations.
File System Timeline Artifact Analysis
The candidate will demonstrate an understanding of the Windows filesystem time structure and how these artifacts are modified by system and user activity.
Identification of Malicious System and User Activity
The candidate will demonstrate an understanding of the techniques required to identify and document indicators of compromise on a system, detect malware and attacker tools, attribute activity to events and accounts, and identify and compensate for anti-forensic actions using memory and disk resident artifacts.
Identification of Normal System and User Activity
The candidate will demonstrate an understanding of the techniques required to identify, document, and differentiate normal and abnormal system and user activity using memory and disk resident artifacts.
Introduction to File System Timeline Forensics
The candidate will demonstrate an understanding of the methodology required to collect and process timeline data from a Windows system.
Introduction to Memory Forensics
The candidate will demonstrate an understanding of how and when to collect volatile data from a system and how to document and preserve the integrity of volatile evidence.
NTFS Artifact Analysis
The candidate will demonstrate an understanding of core structures of the Windows filesystems, and the ability to identify, recover, and analyze evidence from any file system layer, including the data storage layer, metadata layer, and filename layer.
Windows Artifact Analysis
The candidate will demonstrate an understanding of Windows system artifacts and how to collect and analyze data such as system back up and restore data and evidence of application execution.
Other Popular Courses
Next Generation Mindfulness
- Duration: 1 Days
- Language: English
- Level: Foundation
- Exam: NGM
Nutanix Multicloud Infrastructure Design (NMC...
- Duration: 1 Days
- Language: English
- Level: Advanced
- Exam: Nutanix Certifi
CertNexus: CyberSec First Responder (CFR)
- Duration: 5 Days
- Language: English
- Level: Advanced
- Exam: CFR-410