Course Overview
This 1-Day prerecorded course provides the participants with in-depth knowledge of contemporary attack techniques, including initial access vectors, phishing, spoofing, and privilege escalation methods, as well as strategies to trace and mitigate these threats.
This course is designed to equip professionals with the expertise to tackle modern cybersecurity challenges. Participants will gain in-depth knowledge of contemporary attack techniques, including initial access vectors and privilege escalation methods, as well as strategies to trace threats. Through case studies, real-world scenarios are dissected to showcase the lifecycle of attacks and effective response measures.
It is deep dive into Windows authentication architecture and cryptography, uncovering the mechanisms behind NTLM, Kerberos, and identity theft techniques, along with methods to secure critical infrastructure. It also covers techniques for malware identification and analysis. We consider this course as an absolute base for ANYBODY who wants to get any approach to threat hunting!
- 9,5-hour ON-DEMAND workshop.
- Demo-intensive content from real case scenarios.
- 12-month access to the course content incl. recording.
- Lifelong certificate.
Who should attend
The course is designed for anyone interested in cybersecurity, regardless of experience level. Whether you’re just starting your journey or are already a seasoned professional, this course provides the tools and knowledge needed to identify and address hidden cyber threats. It’s especially suitable for:
- Beginners and Students:
If you’re new to cybersecurity, this course serves as an accessible entry point into threat hunting. You’ll learn foundational concepts, practical skills, and real-world techniques that will help you confidently step into the field of cybersecurity. - Threat Hunters:
Those with an interest in uncovering cyber threats will gain a structured approach to mastering essential skills, from understanding permissions and misconfigurations to analyzing malware behavior. - Cybersecurity Enthusiasts:
If you’re curious about how attackers operate and how to stop them, this course offers insights into the tools, methodologies, and mindset of a threat hunter. - SOC Analysts and IT Administrators:
Beginners in these roles will benefit from learning proactive techniques to detect vulnerabilities and mitigate risks effectively. - Intermediate and Advanced Cybersecurity Professionals:
Those looking to enhance their knowledge of specialized topics, such as malware analysis, system misconfigurations, and Yara rules, will find in-depth content and case studies to advance their expertise.
Whether you’re exploring cybersecurity for the first time or seeking to build a career in threat hunting, this course bridges the gap between theoretical knowledge and hands-on practical skills. You’ll come away prepared to contribute meaningfully to securing systems and identifying hidden threats.
Course Content
Module 1: Introduction to Threat Hunting
The introductory module of the course outlines the core principles, methodologies, and objectives of threat hunting, setting the stage for practical exploration and advanced techniques in subsequent modules.
Module 2: Permissions in Threat Hunting
Module focuses on understanding and analyzing system permissions to uncover potential threats, detect misconfigurations, identify attempts to hide malicious activity through permissions, and ensure proper access control for enhanced security.
Module 3: SDDL in Threat Hunting
Module highlights the importance of Security Descriptor Definition Language (SDDL) in uncovering hidden permissions and unclear settings, providing a clear view of resultant permissions on objects to identify potential security risks.
Module 4: Privileges in Attacks
Module focuses on how attackers exploit privileges to gain unauthorized access, escalate their control within systems, and maintain persistence, emphasizing detection strategies and mitigation techniques to counter these threats.
Module 5: Account Rights
Module provides an in-depth analysis of logon types, such as interactive, network, service, and remote logons, exploring how attackers leverage these methods to gain access, escalate privileges, and evade detection. The module also emphasizes detecting abnormal logon activity and misconfigurations to strengthen threat detection and response capabilities.
Module 6: Services and Their Misconfigurations
Module explores common mistakes in service configurations that attackers frequently exploit, such as improper access controls, unsecured paths, and excessive permissions, providing insights into identifying and mitigating these vulnerabilities. Learn 5 biggest mistakes!
Module 7a: Pass the…
Module dives into various “pass-the” attack techniques, exploring their mechanisms and impact. The module includes forensic analysis methods, focusing on artifacts like the USN Journal and Prefetch, among other tools, to uncover evidence of these attacks and enhance threat-hunting capabilities.
Module 7b: Kerberos Tickets and Directory Access
Module provides a deep dive into the mechanics of Kerberos authentication, focusing on ticket creation, usage, and potential abuse. It also explores how attackers exploit directory access to manipulate tickets, gain unauthorized privileges, and persist in the environment, while equipping participants with techniques to detect such activities.
Module 7c: Scanning for Credentials
Module focuses on risk assessment by identifying where credentials are stored on the compromised machine. Participants will learn how to locate credentials, evaluate their sensitivity, and assess the potential impact of an attack based on the exposure and misuse of these credentials.
Module 8: Malware Analysis Process
Module introduces the systematic approach to analyzing malicious software, covering key stages such as identification, static and dynamic analysis, behavioral monitoring, and reporting. This module provides a foundational understanding of how to dissect malware to uncover its functionality, objectives, and potential impact.
Module 8a: Basic Static Analysis
Module introduces foundational techniques for examining malware without executing it, focusing on analyzing file metadata, identifying file types, extracting strings, and using tools like disassemblers to gain insights into the malware’s structure and potential behavior.
Module 8b: Packed Sample Indicators
Module focuses on identifying signs of packed malware, such as unusual file structures, high entropy, and suspicious section names. It equips participants with techniques to recognize packing methods and analyze packed samples effectively to uncover hidden malicious content.
Case Study: Pony Malware
Module provides an in-depth analysis of the Pony malware, focusing on its credential-stealing capabilities, command-and-control mechanisms, and obfuscation techniques. Participants will explore its architecture and learn how to detect, analyze, and mitigate this malware through real-world examples and forensic insights.
Module 9: Behavioral Malware Analysis
Module explores techniques for analyzing the runtime behavior of malware by monitoring its interactions with the operating system, file system, network, and memory. Participants will learn how to identify indicators of compromise, observe malicious patterns, and use sandbox environments to safely analyze malware behavior.
Module 10: Malware Functionalities
Module provides an overview of common malware capabilities, including data theft, system manipulation, persistence mechanisms, evasion techniques, and propagation methods. Participants will learn to recognize these functionalities during analysis to better understand the intent and impact of malicious software.
Module 11: Indication of Compromise & Yara Rules
Module focuses on identifying signs of a breach through key indicators of compromise (IoCs) and leveraging Yara rules to detect and classify malicious files. Participants will learn how to create and optimize Yara rules for effective threat detection and response.
Module 12a Code Analysis
Module focuses on examining malicious code to uncover its functionality, techniques, and intent. Participants will learn to decompile, debug, and analyze malware code to identify critical components, understand its behavior, and develop effective countermeasures.
Module 12b Code Analysis x86 Assembly #1
Reviewing the sample.
Module 12c Code Analysis x86 Assembly #2
Reviewing the sample.
Case Study: Static Analysis with IDA PRO
Module provides hands-on experience in using IDA Pro for analyzing malware statically. Participants will explore real-world examples, learning how to navigate the interface, interpret disassembled code, and identify malicious functions and behavior without executing the malware.
Case Study: Dynamic Analysis with x64dbg
Module offers practical experience in using x64dbg for dynamic malware analysis. Participants will learn how to debug malicious binaries, monitor their behavior in real-time, analyze runtime modifications, and uncover hidden functionalities through step-by-step examples.