Practical Cyber Threat Hunting

Name: Practical Cyber Threat Hunting
Rating: 4.3 (817 reviews)

Purple Team Techniques Part 1 Threat Hunting

Created byM. Alparslan Akyıldız

Last updated 9/2020

English

What you'll learn

Students will gain abilities like Network forensic skills, Memory Forensic skills threat hunting over ELK incident response skills for APT analysis and more. In this course students will learn counducting threat hunting and compromise assessment. In the first module I created a real life attack scenerio as an adversary simulation in a demo lab. I lecture to my students about cyber threat intelligence sources and types, basic definition and terms like IOC, TTP, Cyber Kill Chain Model, Incident Response Steps. I critisize security devices capabilities for explaining why we need monitoring and SIEM infrastructure. In the second module I give you therotical knowledge about real attack techniques like SQL Injection, Buffer OverFlow Exploit Codes, SSH tunneling methods and more... I teach to my students how to collect full pcap traffic and which tools should be used for analysing. In module two I analysis tunnels, pivot points, web attacks, Remote Code Execution Exploits, Web Shells and Web attacks traffic from pcap files and I share my real world analysis experince with my students. In third module, First I present the fundamental windows processes and process injections, hollowing techniques and tools, pe injection and thread injection techniques and tools as theoritically. Then I teach you dumping memory samples for memory forensic and I analyze Stuxnet attack's memory image, Cridex, Zeus, Darkcomet Rat's Memory images and DLL injection event's memory image. In fourth module I perform therat hunting over ELK. First I explain the event id numbers which are used common for hunting and I analyze a real life scenerio. I detected malicious word documents, hta files, unsigned exe files, vbs files and more. I teach you how to detect and investigate tunneling methods, persistency methods like registeries, services, schedule tasks. Some techniques are used like lolbas in attack lab and we investigate and map them by using MITRE framework. Google Rapid Response And Osquery usage and labs are performed by me.

Course content

3 sections • 39 lectures • 7h 23m total length

Introduction To Network Forensic7:09
I will teach you calculating for our requirements for full packet collection. You will learn tools and systems for collecting full pcap capture in a network. Also you find out why we implement network forensic for detection.
Basic Protocols Analysis6:07
In this lesson We analyzed basic protocols connections like Mysql, HTTP, FTP, NFS. You will learn Wireshark basics and basic protocol analysis.
Phishing Detection Over SMTP And DNS Traffic5:52
Students will analyze the DNS and SMTP packets for detecting phishing attacks. They will learn how to extract malicious files from network traffic.
Understanding Protocol Anomalies12:09
In this lesson student learns to detect protocol-port mismatches.
Anormal User Agents Detection6:05
In this lesson students learn how to detect malware or attack traffic from anormal user agents.
Ransomware Traffic Analysis1:50
In this lesson students learn analysing Ransomware traffic and examining the trafic patterns.
Buffer Overflow Exploit Detection Over Network14:23
In this lesson students learn Remote Code Execution exploit mechanism theoritaclly. After that they will learn how to detect a shellcode, return address and nop values for finding exploit code in the network traffic.
SSH Tunnel Traffic Analysing15:49
In this lesson students learn how to detect SSH tunnels in the Network traffic. First I explain the SSH tunnel mechanism as theoritaclly and I show you how to establish a SSH tunnel and you will analyze it.
ICMP Tunnel Analysis8:17
In this lesson students learn how to detect ICMP tunnels in the Network traffic. First I explain the ICMP tunnel mechanism as theoritaclly and I show you how to establish a ICMP tunnel and you will analyze it.
DNS Tunnel Analysis8:26
In this lesson students learn how to detect DNS tunnels in the Network traffic. First I explain the DNS tunnel mechanism as theoritaclly and I show you how to establish a DNS tunnel and you will analyze it.
Analysing Multiple Tunnel Techniques For Detecting Pivoting8:11
You will teach you performing timeline analysis and mapping the tunnels for solving the node to clearify to pivot pionts in network.
SQL Injection Analysis From Network Traffic5:50
Sql injection basics are explained in a an example source code as therotically and you will learn how to analyze and detect SQL injection in network traffic.
Detecting Command Injection Attacks With Network Forensic6:37
Command injection basics are explained in a an example source code as therotically and you will learn how to analyze and detect Command injection in network traffic.
Web Shell Detection With Pcap Analysis21:03
You will learn fundamental functions of webshells and their execution analysis. In this lesson you will learn how to detect web shells in network traffic.
File Upload Attacks Analysis4:03
File Upload basics are explained in a an example source code as therotically and you will learn how to analyze and detect File upload attacks in network traffic.
RFI And LFI Attack Detection With Network Hunting9:08
RFI/LFI basics are explained in a an example source code as therotically and you will learn how to analyze and detect RFI/LFI attacks in network traffic.
XSS Attack Analysis With Pcap Analysis10:35
You will learn to basic XSS detection by investigating network traffic.

Event ID Numbers For Hunting21:27
Threat Hunting With ELK Part 122:35
Threat Hunting With ELK Part 215:20
Threat Hunting With ELK Part 311:36
Threat Hunting With ELK Part 43:59
Mapping Attacks With MITRE Framework21:07
Incident Response With Google Rapid Response17:43
Incident Response With Osquery11:25
Malicious Document Analysis17:48
Creating Image With FTK4:28
Threat Hunting With VIRUS TOTAL INTELLIGENCE PLATFORM18:19
Creating Indicator Of Compromise12:11
Detecting Web Shells In Server Side17:28
APT Attack Simulation In A Demo Network & CYBER KILL CHAIN31:36
In this lesson you are gonna learn Cyber Kill Chain Method by watching a real life attack scenerio in a lab network. Various techniques are used like port scanning, client side attacks with malicious documents, RCE exploits, lateral movment, tunnelling techniques like ICMP, DNS, L2 VPN pivoting, socks5, web attacks, password attacks. I learn you step by step Cyber Kill Chaing during you are watching the attack cycle.
Research Over Security Devices For Detection And Preventing13:21
In this lesson we have created a scenerio based hacking techniques and we critisized the security devices. We created a table for talking about security devices detection and prevention capabilities for explaining our SIEM and Network Monitoring needs.
Post Activities Snort & Suricata4:55

Requirements

Knowledge of Basic TCP/IP Basic Attack techniques lile SQL injection, RCE and others.

Description

In this course students will learn counducting threat hunting and compromise assessment. In the first module I created a real life attack scenerio as an adversary simulation in a demo lab. I lecture to my students about cyber threat intelligence sources and types, basic definition and terms like IOC, TTP, Cyber Kill Chain Model, Incident Response Steps. I critisize security devices capabilities for explaining why we need monitoring and SIEM infrastructure. In the second module I give you therotical knowledge about real attack techniques like SQL Injection, Buffer OverFlow Exploit Codes, SSH tunneling methods and more... I teach to my students how to collect full pcap traffic and which tools should be used for analysing. In module two I analysis tunnels, pivot points, web attacks, Remote Code Execution Exploits, Web Shells and Web attacks traffic from pcap files and I share my real world analysis experince with my students. In third module, First I present the fundamental windows processes and process injections, hollowing techniques and tools, pe injection and thread injection techniques and tools as theoritically. Then I teach you dumping memory samples for memory forensic and I analyze Stuxnet attack's memory image, Cridex, Zeus, Darkcomet Rat's Memory images and DLL injection event's memory image. In fourth module I perform therat hunting over ELK. First I explain the event id numbers which are used common for hunting and I analyze a real life scenerio. I detected malicious word documents, hta files, unsigned exe files, vbs files and more. I teach you how to detect and investigate tunneling methods, persistency methods like registeries, services, schedule tasks. Some techniques are used like lolbas in attack lab and we investigate and map them by using MITRE framework. Google Rapid Response And Osquery usage and labs are performed by me.

Important Note: My Udemy Training only includes the videos. Memory images, pcaps and virtual machines aren't shared in Udemy. I am creating lab environment in a different platform in Cloud and when I complete the Lab network in cloud I will announce and You can purchase separately from this.

Who this course is for:

Who want to be member of Blue Team Or Purple Team As a Threat Intelligence Analyst Or Incident Responder Or Threat Hunter

Practical Cyber Threat Hunting

What you'll learn

Explore related topics

Course content

Network Forensic And Pcap Anlysis For Threat Hunters17 lectures • 2hr 32min

Memory Forensic For Threat Hunters6 lectures • 47min

Endpoint Analysis For Threat Hunters16 lectures • 4hr 5min

Requirements

Description

Who this course is for: