Welcome
Cyber Threat Hunting Course
This course is for those interested in cyber defense and the tools that are used by security analysts. We will cover basic packet analysis, threat hunting fundamentals, and provide an introduction to the Elastic Stack. You will learn how to deep dive into individual packets with wireshark and also learn about utilizing Kibana for security data analysis. We will also explore threat hunting philosophy, workflow, models, and techniques to improve security operations effectiveness. These concepts will be applied through guided and unguided threat hunts with incorporated Capture the Flags (CTFs), offering hands-on experience and friendly competition.
Lesson Plan
Day 1: Packet Analysis
- Introduction
- TCP/IP Model
- Protocol Basics
- Data Sources
- Wireshark
- Protocols & Attacks
- Zeek/Suricata
Day 2: Event Analysis
- Kibana Overview
- Elastic Common Schema (ECS)
- Searching
- Advanced Searching
- Visualizations
- Dashboards
- Hunt Training
Day 3: Team Threat Hunting
- Threat Models
- Threat Hunting Tips
- Hunt Exercise #1
- Hunt Exercise #2
- Hunt Exercise #3
- Hunt Exercise #4
Pre-reqs
- Contact the Instructor to get registered
- Familiarity with basic networking and network security recommended
- Motivation to learn!