Master Class: Threat Hunting for SOC Analysts (THBC) – Details

Detaillierter Kursinhalt

Module 1: Modern Attack Techniques and Tracing Them
  • Discussion: Top attack techniques
  • Advanced Persistent Threats
  • Initial access vectors
  • Phishing – rev shell mail phishing bob
  • Valid Credentials– password spray exc.
  • Spoofing – DSN Twist
  • Vulnerable components (drive by download)
  • Weak defaults
    • Other vectors Escalation through Windows Services
Module 2: Local Privilege Escalation Techniques and Tracing Them
  • Unquoted service path
  • Image and DLL manipulation
  • Schedule Tasks
  • Access Token Manipulation
  • SeImpersonate
  • SeTcb
  • Create User Token
  • Process Injection
  • DLL Injection and Reflective DLL Injection
  • CreateRemoteThread
  • Memory Injection
  • Other techniques
Module 3: Case Study – Investigating In-Place Attacks
Module 4: Windows Authentication Architecture & Cryptography
  • Windows Logon
  • Windows Logon Types
  • LSASS Architecture
  • NTLM
  • Kerberos
  • SAM Database
  • NTDS.dit
  • LSA Secrets & gMSA accounts
  • Secrets, credentials and Logon Data
  • SSP Providers
  • Data Protection API
Module 5: Case Study –Investigating Identity Theft
Module 6: Attacks on Identity Infrastructure and Tracing Them
  • Pass-the-Hash, OverPTH attacks
    • Pass the ticket
    • Golden and silver ticket
    • Pass the PRT
    • Shadow Credentials / NGC
  • NBNS/LLMNR spoofing, NTLM Relay, Kerberoasting
  • DCSync and DCShadow
  • AdminSDholder
  • Other Modern identity attack techniques
Module 7: Case Study – Determining Identity Theft in the Infrastructure
Module 8: eXtended Detection and Response with Sentinel
  • Sentinel 101 - Azure Sentinel Dashboards, Connectors
  • Understanding Normalization in Azure Sentinel
  • Cloud & on-prem architecture
  • Workbooks deep dive - Visualize your security threats and hunts
  • Incidents
  • KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL
  • Auditing and monitoring your Azure Sentinel workspace
  • Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
  • Fusion ML Detections with Scheduled Analytics Rules
  • Deep Dive into Azure Sentinel Innovations
  • Investigating Azure Security Center alerts using Azure Sentinel
  • Introduction to Monitoring GitHub with Azure Sentinel for Security Professionals
  • Hunting in Sentinel
  • Deep Dive on Threat Intelligence
  • End-to-End SOC scenario with Sentinel
Module 9: Case Study – Detecting a Complex Threat with Sentinel
Module 10: Practical and Advanced Use Cases of Sentinel
  • Visualizing Sentinel data with Workbooks
  • Creating automation playbooks in Microsoft Sentinel
  • KQL for Sentinel hands-on lab
  • Proactively hunt for threats using Microsoft Sentinel
  • Basic SOC investigation scenario
  • Auditing and monitoring Microsoft Sentinel workspace
  • Creating scheduled analytics rules for Microsoft Sentinel alerts
  • Manage Cloud App Discovery and protect your environment from risky applications
  • Microsoft Cloud App Information Protection activities
  • Investigating risky users with Defender for Cloud apps user entity behavioral analytics