Session 1: Introduction to Threat Hunting
• Need for Threat Hunting
• Threat Hunting Framework
• Typical Data Sources
• Threat Hunting Maturity Model
• What is a Threat Hunter?
• Threat Hunting Skills
• MITRE ATT&CK
• MITRE CAR
• Current Attacks Case Studies
Session 3: Introduction to Malware Analysis
• Types of Malwares
• Skills required by a Malware Analyst
• Levels of Malware Analysis
• Sandboxing
• Online sandboxing
• Setting up a malware analysis lab
• Procedures
• Tools required
• Non malicious vs malicious behavior
• Malware attack case studies
|
Session 2: Practical Threat Hunting
• Types of Threat Hunting
• Analysis Techniques used by a Threat Hunter
• Creating Hypothesis
• Understanding Log Sources in an Organization
• Network
• OS
• Solutions
• Hunting on Network log sources
• Firewall
• DNS
• Hunting on OS log Sources
• Windows
• Linux
• Threat Intelligence:
• Threat Intelligence Feeds
• Operationalizing Threat Intelligence
• Metrics for Threat Hunting Success
• Reporting for Threat Hunting
|
Session 4: Practical Malware Analysis
• Static Analysis of Malware:
• Files and File Formats
• Properties of files
• Content of files
• Malware Funneling
• Behavioral Analysis:
• Analyzing Process Behavior
• System Activity monitoring
• Analyzing network communication and packet captures
• Extracting IOCs to be used for Blocking
• Anti-Analysis techniques of malware
• Analysis of trending malwares
|
|