Threat Intelligence with MSTICPy

Focused View

Ian Hellen

33:35

96 View

Exercise Files

threat-intelligence-msticpy.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:47

Module 2 - Threat Intelligence with MSTICPy

1. Intro.mp4

04:21

2. Accounts Part 1 - Intro.mp4

03:09

3. Accounts Part 2.mp4

04:14

4. Accounts Part 3.mp4

03:28

5. Scripted Attacks Part 1.mp4

03:19

6. Scripted Attacks Part 2.mp4

04:30

7. Persistence Part 1.mp4

04:01

8. Persistence Part 2.mp4

02:45

9. Conclusion.mp4

00:58

Module 3 - Resources

1. Resources.mp4

01:03

Description

This course will focus on using MSTICPy in notebooks to detect adversary logons, decode obfuscated scripting attacks, and attempts to establish persistence.

What You'll Learn?

MSTICPy is a Python library of CyberSec tools designed for hunting and investigations using Jupyter notebooks. Jupyter notebooks are an ideal tool for CyberSec/SOC work. You can ingest data from multiple sources, analyze, reshape, and visualize the data and add your own commentary.

In this course, Threat Intelligence with MSTICPy, you’ll cover how to utilize MSTICPy to detect against adversary intrusions in an enterprise or cloud environment. First, you’ll learn how to query and analyze network and endpoint logs to identify adversary activity. Next, you’ll analyze logon sessions on a compromised host and identify and decode a scripted attack. Finally, we will pinpoint the way that attacker has enabled a persistent foothold on the host. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: T1078.002 - Valid Accounts/Domain Accounts; T1059.001 - Command and Scripting Interpreter: PowerShell; and T1053.005 - Scheduled Task/Job: Scheduled Task, using MSTICPy and Jupyter Notebooks.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Software Development

Network Security

Information Security

Ian Hellen

Instructor's Courses

Ian is a Principal Software Engineer in the Microsoft Threat Intelligence Centre (MSTIC). He has worked in security for 20 years and has been with MSTIC for the past 5 years (from infrastructure/network consulting to building compiler plug-ins and authoring detections and detection systems). He's the creator and joint-author/maintainer of MSTICPy - Python CyberSec tools for Jupyter notebooks - and spends most of his time creating notebooks and enhancing and fixing MSTICPy. In the time left over he's an avid music fan and not-very-accomplished player, loves skiing, travel and, most recently has developed a passion for scuba diving.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.