Learn to identify threats before they impact your system.
Difficulty: Advanced CSF Domain: DetectAs a threat hunting specialist, it is your responsibility to understand the offensive side of cybersecurity in order to strengthen an organization''s defensive position. In this lab, students will exploit a Windows Server system in order to understand how vulnerabilities can be used maliciously.
In this lab we will take a look at the memory dump we did earlier and do some pretty cool forensics against that dump. In most enterprise environments organizations have host-based agents on most devices that are able to on-the-fly perform memory dumps which would then allow you the threat hunter to literally pick a device, or group of devices and say “I’d like a memory dump of that device or those devices please”, and get it pretty quickly. For smaller environments, you may have to go to devices and individually perform the dump as we have with this Windows virtual machine. That will take more time, but either way, you’ll know how to do it!
In this lab we will look at the memory dump we did earlier and do some pretty cool forensics against that dump. In most enterprise environments organizations have host-based agents on most devices that are able to on-the-fly perform memory dumps which would then allow you the threat hunter to literally pick a device, or group of devices and say “I’d like a memory dump of that device or those devices please”, and get it pretty quickly. For smaller environments, you may have to go to devices and individually perform the dump as we have with this Windows virtual machine. That will take more time, but either way, you’ll know how to do it!
As a threat hunting specialist, it is your responsibility to both create and investigate attacks for education and action taking purposes. In order to strengthen your company''s security, you will need to understand the fundamentals of browser exploits, how they take advantage of vulnerabilities, and how to mitigate the possibility of this happening to your company.
As a cybersecurity professional specializing in threat hunting, it will be your responsibility to use Zeek in order to cut and examine log files. This data can provide experts with the critical information needed to identify HTTP threats and other potential malicious activity.
As a threat hunting specialist, it is your responsibility to understand the offensive side of cybersecurity in order to strengthen an organization''s defensive position. In this lab, you will exploit a Windows Server system in order to understand how vulnerabilities can be used maliciously.
As a threat hunting cybersecurity practitioner, you will need to focus a lot of your attention on what an exploit looks like when attackers use encryption for exfiltration. It will be your responsibility to act as both the attacker and the victim during an investigation process.
As a threat hunting specialist, it is your responsibility to understand the offensive side of cybersecurity in order to strengthen an organization''s defensive position. In this lab, you will exploit a Windows Server system in order to understand how vulnerabilities can be used maliciously.
As a threat hunting expert, it will be your responsibility to apply your skills and abilities to investigate. Your customer is not aware of an attack but thinks there are competitors who seem to be making very similar products. This is a hunt to see if there are any issues. You will need to use your memory forensics skills in order to figure if there is anything to be concerned with.