Advanced Threat Hunting
Advanced Threat Hunting with Splunk – When it comes to log analysis Splunk is one the most popular enterprise-grade solutions in the field today. It can pull logs from nearly any device in the network, and it can integrate with most of the popular security products on the market. In the InfoSec field today Splunk is a common tool for what called Cyber Threat Hunting/Hunt Teaming/Malware Hunting/Defensive Cyber Operations (DCO)/Cyber Threat Analysis and many other names.
As popular as Splunk is – surprisingly few people are comfortable performing security event analysis with it. We decided to develop a Hands-on Splunk course designed specifically for InfoSec Professionals that want to do HANDS-ON DEEP TECHNICAL SECURITY ANALYSIS with Splunk.
Module 1: Deploying Splunk, configuring logging and forwarding
- Installing Splunk
- Configuring logging in Windows and Linux
- Setting up log forwarding
- Understanding how Windows Event logging works
Module 2: Attacking Servers and Workstations
- Learning attacker tools/tactics/procedures (TTPs)
- Generating real-world security events to analyze
- Attacking Workstations
- Attacking Application Servers
- Learning what types of security events generate log events
- Writing basic queries for common attacks
- Analyzing PCAP files with Splunk
Module 3: Hunting with Splunk
- Data-Centric vs End-Point Hunting
- Understanding IOCs/IOAs
- Indicators of Compromise (IOCs)
- Indicators of Attack (IOAs)
- Integrating data from popular security products
- Writing complex queries
- Detecting Zero-Day attacks
Who is this class for?
IT System Administrators, IT Security Professionals, SOC Analysts, First Responders, Incident Handlers, Intrusion Analysts, Malware Analysts
Students should be familiar with using Windows and Linux operating environments and be able to troubleshoot general connectivity and setup issues.
Students should be familiar with VMware Workstation and be able to create and configure virtual machines.
Students are recommended to have a high-level understanding of key programming concepts, such as variables, loops, and functions; however, no programming experience is necessary.
Students will be provided with detailed courseware, detailed lab manuals, and copy/paste notes so that even if a student is not very strong technically they will be able to complete the lab exercises and take notes effectively.
May 7th & 9th, 7:00 pm EST – 9:00 pm EST
May 22nd & 24th, 7:00 pm EST – 9:00 pm EST
Class Delivery Method
Online students will be given access to VMWare virtual machines to download for the class and the previous version of the Splunk course as well. A new updated version of the courseware will be delivered on the first day of class
Students will receive
- 24 hours of CPEs
- Several virtual machines
- Courseware slides
- Lab manual
Each class will be recorded and made available to the students via email. So you can keep up with the class even if you have to miss time or even a whole day.
Students can request help via email based trouble ticketing system (allow 24 hours for a response). Send all questions/concerns to [email protected]
Class Cost: $200
The class cost is regularly $500, but you can get it for $200 if you sign up before April 30th.
Fill out this form to sign up for the class.
If you know that you are interested in this class as well as other InfoSec classes then you should consider the unlimited classes package for $49.99 per month. You can find out more about it by clicking on the link below:
NOTE: Due to Joe McCray’s travel and work schedule (ex: short notice consulting/training engagements or changes to those engagements) classes may reschedule or cancel. In these situations a refund will NOT be granted as the class will re-run the following week, or additional days will be added to the class schedule to make up for this.