Practical training that teaches attendees how to discover hackers that have bypassed existing security mechanisms, and are now operating invisibly within the internal network. Brought to you by professional hackers!
Target audience: Everybody who needs to know more about what threat hunting is, why it is necessary, what is required to start doing it, and how it should be done. Appropriate roles include: CISOs, Security Managers, SOC staffers, Incident Responders, Forensic Analysts, and System Administrators.
After completing this course, students will be able to:
understand what threat hunting is, be utterly convinced of the need
for it, know what infrastructure is required to facilitate it, and be able to start doing it with confidence
within their own organizations
Prerequisites to the course (recommended):
To maximize value to the attendee, prior HOHE participation is highly recommended, but not mandatory.
The training topics and description:
The trainers engage participants with lectures, live demonstrations and Q&A sessions. Each participant spends the majority of their time performing a wide variety of hands-on hunts. Participants learn how to hunt hackers within our Windows and Linux lab network, using a range of highly effective threat hunting technologies and techniques, looking for real life attacks.
Known bad : Students will learn how to research and develop hunts for known indicators of attack.
Known good : Students will learn how to “find evil by knowing normal”, using various processes of elimination to reduce a set of raw collected data down to “not known good”. Students will then determine through investigation whether the remaining data constitute indicators of attack or benign in nature. Benign items are labeled as “known good” so that they need not be investigated again.
Outliers : Outlier detection is the “power technique” of threat hunting. Students will learn how to leverage statistical analysis in order to force anomalies in large-scale sets of data to become apparent, which will commonly highlight indicators of attack.
It is important to note that although this course focuses on Linux and Windows endpoints, the building-block technological capabilities and hunting principles are equally applicable on MacOS and others.
Koolitus toimub aadressil Lõõtsa 12, Tallinn, Clarified Security. Kell 9:00-17:00
Length: 16 academic hours
Continuing Education Curriculum Group: 0688 Information and Communication Technology Interdisciplinary Curriculum Group
The prerequisite for issuing the certificate is full participation in training.
The course is led by Allar Viik
Trainer introduction: Allar is a multi-functional specialist with a background in Devops, red teaming, training and cyber exercise development. His previous work has mainly been in the public sector where he has been a part of IT projects in and outside of Estonia. Before joining the team Allar was one of the lead developers for Locked Shields & Crossed Swords exercises.
IT training is a cooperation partner of the Estonian Unemployment Insurance Fund's training card.
We also recommend that you get acquainted with the in-service training grants offered by the Unemployment Insurance Fund to employers: the training allowance for employers and the reimbursement of the employee's training expenses to the employer.