Threat Hunting: Endpoint Hunting

Focused View

Brandon DeVault

1:21:30

62 View

1. Course Overview

1. Course Overview.mp4

01:48

2. Endpoint Data Sets

1. Who Are You and Where Are We Now.mp4

01:43

2. Approaching an Intel Based Threat Hunt.mp4

03:00

3. Demo - MITRE ATT&CK.mp4

05:43

4. Wheres the Data Come From.mp4

04:11

5. Scaling and Obfuscation.mp4

01:36

3. Access and Implants

1. Gaining Access.mp4

04:34

2. Demo - Process Execution.mp4

05:54

3. LNK Parser.mp4

01:38

4. Demo - LNK Analysis.mp4

04:48

5. User Behavior.mp4

00:51

4. Persistence

1. Digging In.mp4

02:48

2. Demo - Hunting for Registry Keys.mp4

05:05

3. More Holes.mp4

01:26

4. Demo - Hunting for Scheduled Tasks.mp4

10:46

5. Looking Harder.mp4

00:44

5. Privilege Escalation and Credential Stealing

1. Elevating Status.mp4

04:57

2. Demo - Mimikatz Execution.mp4

06:03

3. Hunting with Expertise.mp4

01:17

6. Impossible Login

1. What Are They up To.mp4

04:08

2. Demo - Detecting Impossible Travel.mp4

03:33

3. Caveats and Additional Metrics.mp4

04:08

4. Conclusion.mp4

00:49

Description

Being responsible to go find the anomalies within an environment can be a daunting task. This course will teach you how to hunt through endpoint artifacts to find malicious behavior.

What You'll Learn?

Finding anomalies or malicious artifacts without the help of alerts or defensive mechanisms can be very challenging. In this course, Threat Hunting: Endpoint Hunting, you’ll learn to hunt for specific APT techniques found in endpoint data. First, you’ll explore the various endpoint data sets and how to take advantage of correlation. Next, you’ll discover how to find artifacts related to initial access, implants, and persistence. Finally, you’ll learn how to detect behaviors related to privilege escalation and credential stealing. When you’re finished with this course, you’ll have the skills and knowledge of endpoint hunting needed to provide the proactive approach to security analytics.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Ethical Hacking

Windows Server

Brandon DeVault

Instructor's Courses

Brandon DeVault is an Sr. Security Author focusing on general blue team operations, incident response, and threat hunting at Pluralsight. He is also a member of the Florida Air National Guard and works as a threat hunter on a Mission Defense Team (MDT) defending North America’s air tracks. Prior to joining Pluralsight, Brandon worked with Elastic as an Education Architect creating and delivering security content. He also worked with Special Operations Command where he had two deployments to Afghanistan on deployable communications teams. His experience spans satellite communications, radio technologies, system and network administration. Brandon is also passionate about hardware hacking, soldering, hiking, and currently holds the GCIA, GCED, and Security+ certifications.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.