Hunt the Hacker

One of the most concerning problems that organizations face today is not knowing whether or not they are currently compromised. Many organizations invest the majority of their efforts on preventing perimeter attacks, or detecting commodity malware with endpoint protection. However, these defenses are easily evaded by modern threats targeting specific organizations, who prefer not to deal with a hardened perimeterat all and instead target human employees via social engineering techniques such as phishing.

 

This grants the attackers immediate access into the organization’s internal network. If there is no threat hunting capability within an organization, it is now ”game over” and the attackers may operate with relative impunity, since the defenders are blind to what is going on within their own environment. For this reason, a position of ”assumed compromise” along with a ”threat hunting” capability is now as essential part of any serious organization’s ”defense in depth” strategy.

 

Clarified Security’s ”Hunt The Hacker” course is a comprehensive introduction to the technology and skill sets required to hunt threats. During the two day course students will, for the vast majority of their time, be performing actual hands-on hunts for hackers within Clarified Security’s laboratory-based Windows domain.

 

After the course, participants will understand that threat hunting is an essential modern defensive practice, and possess the confidence necessary to evangelize for its adoption in their own organization. Participants will know what capabilities need to be deployed to facilitate threat hunting, and how to use those technologies effectively to identify internal network breaches, reliably and quickly.

 

This course is taught by Clarified Security’s ”Red Team”, whose job is to compromise real organizations’ production environments in ways that real attackers do. Red teaming is the best possible indicator of how resilient an organization is to being compromised by real attackers, but with none of the associated risk or damage. It is also the best possible indicator of how quickly and reliably that organization can detect successful intrusions. Participants are therefore being taught how to detect hackers by expert hackers!

 

Note: This is a Windows environment centric course, but other platforms may be discussed. The concepts presented in this course are universally applicable, only some technology specifics differ.Technologies covered: Windows, Sysmon, Windows Event Forwarding, Elastic Stack (mainly Kibana), Powershell transcript logging, YARA, live query.

Training duration: 2 days of instruction, predominantly in the form of hands-on hunting labs.
Group size: 10 participants maximum
Pre-requisites: To maximize value to the attendee, prior HOHE participation is highly recommended, but not mandatory.
Training schedule: 9.00 am to 17.00 pm (including 2 coffee breaks)

Trainer: (in English)

  • James Dodd
  • Taavi Sonets

Contents of the training:

Participants learn how to hunt hackers within our Windows 10 lab network, using a range of highly effective threat hunting technologies and techniques. Technologies used: Sysmon, the Elastic stack (formerly “ELK”), WinRM, PowerShell, YARA.

Training methods:

The trainers engage participants with lectures, live demonstrations and Q&A sessions.Each participant spends the majority of their time performing a wide variety of hands-on hunts.

Intended outcome:

Participants will understand what threat hunting is, be utterly convinced of the needfor it, know what infrastructure is required to facilitate it, and be able to start doing it with confidence within their own organizations.

Delivery:

We can deliver on-site at group pricing anywhere in the world where good broadbandconnection is available. Ask us for the group pricing or for times and locations of our public courses. Public groups are currently available directly or via partners in: Estonia, Finland, Sweden.

Ohjelma

Day 1

  • Verbal introduction to hunting
  • Practical walkthroughs:

– Live query
– Elastic search with Kibana / Lucene
– Visualizations

  • Hunting challenges

 

Day 2

  • Introduction to YARA
  • Lots more hunting challenges!

Kouluttaja

Hinnat

Yksityinen sektori1 945 €
Julkinen sektori1 945 €
Yksityinen sektori (etuhinta 28.12. asti)1 845 €
Julkinen sektori (etuhinta 28.12. asti)1 845 €

Hintaan lisätään alv 24%. Hintaan sisältyvät sähköiset materiaalit, kahvi- ja lounastarjoilut.

Lisätietoja

Leena Kalaoja

Asiakkuusvastaava

leena.kalaoja@almamedia.fi

050 528 6956

Paikka

Taitotalo kongressikeskus

Valimotie 8

00380 Helsinki

Koulutus järjestetään Taitotalon Kongressikeskuksessa Helsingin Pitäjänmäellä, osoitteessa Valimotie 8, 00380 Helsinki.