Threat Hunting: Hypothesize and Plan

Focused View

Aaron Rosenmund

44:28

74 View

Exercise Files

threat-hunting-hypothesize-plan.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:48

Module 2 - Prepare

1. Understanding Threat Hunting.mp4

02:22

2. Types of Threat Hunting Teams.mp4

03:17

3. Aligning Intel and Hunting Techniques.mp4

08:19

4. They Threat Hunting Cycle.mp4

01:13

Module 3 - Hypothesize

1. Cyber Threat Intel Alert.mp4

02:17

2. Demo - Navigating Mitre Att&ck.mp4

06:06

3. Hypothesizing Network Attack Indicators.mp4

02:47

4. Hypothesizing Endpoint Attack Indicators.mp4

04:05

Module 4 - Plan

1. Making a Network Data Collection Plan.mp4

02:51

2. Making a Endpoint Data Collection Plan.mp4

01:47

3. Integrating Data Collection Into Continuous Monitoring.mp4

01:28

4. Exploring Coverage of MITRE ATT&CK by Data Type.mp4

04:33

5. Isolating Threat Hunting Outcomes.mp4

01:35

Description

Being responsible for finding malicious anomalies within an environment can be a daunting task. This course will teach you about different methodologies for threat hunting, and how to take action on indicators provided through threat intelligence.

What You'll Learn?

Finding anomalies or malicious artifacts without the help of alerts or defensive mechanisms can be very challenging. In this course, Threat Hunting: Hypothesize and Plan, you’ll learn hypotheses about threat actor activity and artifacts, and plan a hunt for specific APT techniques. First, you will cover the different types and methodologies used in a threat hunt, and how to process cyber threat intelligence. Next, you’ll learn to hypothesize what artifacts, what data, and what techniques you could use to hunt for threat actor activity. Finally, you’ll create a comprehensive threat hunting plan that will be executed over the course of the series. When you’re finished with this course, you’ll have the skills and knowledge of threat hunting needed to implement proactive detections in your environment.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Artificial Intelligence

Ethical Hacking

Aaron Rosenmund

Instructor's Courses

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber security workforce and technologies for business and national enterprises alike. In support of the Air National Guard, he contributes those skills part time in various initiatives to defend the nation in cyberspace. Certifications: GIAC GCIA, GIAC GCED, CCNA Cyber Operations, Pentest+, CySa+, CASP www.AaronRosenmund.com @arosenmund "ironcat"

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.