Course Overview
Our Threat Hunting bootcamp course is a training designed for Security Analysts, IT administrators, Incident Responders and Threat Hunters. Over the course of 3 days participants will learn some of the modern attack techniques, local privilege escalation methods and identity infrastructure attacks as well as the ways how those attacks could be detected and mitigated. This knowledge will be enhanced with case studies which will demonstrate how real-world attacks happen using the methods learned. Additionally, participants will be introduced to Microsoft Sentinel SIEM solution and will learn how to properly set-up, configure and use this solution. The course will conclude with showcasing how threat hunting and threat detection design can be performed by leveraging manual and automated methods.
Who should attend
SOC analysts, threat hunters, incident responders, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security. To attend this training, you should have a good hands-on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).
Course Content
- Modern Attack Techniques and Tracing Them
- Local Privilege Escalation Techniques and Tracing Them
- Case Study – Investigating In-Place Attacks
- Windows Authentication Architecture & Cryptography
- Case Study –Investigating Identity Theft
- Attacks on Identity Infrastructure and Tracing Them
- Case Study – Determining Identity Theft in the Infrastructure
- eXtended Detection and Response with Sentinel
- Case Study – Detecting a Complex Threat with Sentinel
- Practical and Advanced Use Cases of Sentinel
