Course

Objective:

Learning Outcomes:

• Conduct OSINT investigations to collect, analyze, and evaluate publicly available information for cybersecurity purposes
• Construct a threat actor profile from a case study by synthesizing indicators, TTPs, and attribution evidence
• Collect cyber threat intelligence using a Threat Intelligence Platform to organize and contextualize indicators
• Research an advanced persistent threat using a Threat Intelligence Platform to identify tactics, techniques, and indicators
• Detect malicious files using ClamAV and custom YARA rules through signature-based techniques
• Conduct YARA-based threat hunting in a Threat Intelligence Platform and SIEM to detect and analyze malicious activity
• Analyze a malware sample to identify behavior, indicators, and tactics of exploitation
• Formulate a hypothesis explaining the intent and likely payload of a phishing scenario
• Design a threat-hunting plan that outlines data sources, queries, and investigative steps
• Validate investigative assumptions by testing detection queries and documenting corroborating evidence
• Implement the ELK stack to collect, store, and visualize data
• Analyze network traffic patterns in Kibana using Packetbeat telemetry
• Analyze network data in Kibana to detect security threats by creating index patterns, filtering traffic, and identifying suspicious behaviors such as port scanning
• Analyze a Windows system with PowerShell and Sysinternals for persistence mechanisms
• Validate identified persistence artifacts by extracting evidence and confirming their behavior across system reboots
• Conduct an endpoint threat hunt with Velociraptor to collect artifacts, analyze system activity, and identify malicious behavior
• Demonstrate the controlled use of a red-team C2 framework in an isolated lab to observe post-exploitation command execution and system behavior
• Analyze post-exploitation artifacts and command outputs to identify attacker capabilities and remediation steps
• Implement a DNS tunnel using Iodine to demonstrate covert data transport techniques
• Analyze DNS traffic in Wireshark to detect and extract tunneled payloads
• Implement a Cowrie honeypot on a Linux host to simulate an exposed service
• Analyze honeypot logs to identify attacker discovery, access, and interaction patterns
• Implement centralized cloud logging to collect, analyze, and alert on security-relevant events across cloud services
• Analyze breach-related data in PowerBI using natural language queries
• Design visual reports and customize layouts to represent security insights effectively
• Train PowerBI to recognize new terminology for improved query accuracy
• Conduct a risk assessment within the Threat Hunting Maturity Model to evaluate organizational hunting capabilities and identify areas for improvement
• Execute adversary emulation operations in CALDERA to assess detection and response capabilities
• Analyze CALDERA operation outputs to identify gaps in detection and defensive controls
• Implement a Python NLP pipeline to extract indicators of compromise from unstructured threat intelligence
• Evaluate extracted IOCs for relevance and accuracy using automated scoring and manual validation
• Detect anomalies in security telemetry using Elastic machine learning jobs
• Correlate multi-source security events with an AI assistant to prioritize threats

General Topics: