CSX Threat Hunting
Learn to identify threats before they impact your system.
Difficulty: Advanced CSF Domain: Detect
CTHC: CSX Threat Hunting Course
The Cybersecurity Nexus (CSX) Threat Hunting Course (CTHC) course provides students with an understanding of cybersecurity threat hunting and a set of skills, techniques, and tactics which they can implement to identify and combat known threats and protect against potential unidentified threats on a system of responsibility. Students will work with real systems in real environments and will leverage forensics, attack techniques, custom scripts, and specific toolsets to complete tasks in a cybersecurity environment. Upon completion, students will be able to proactively leverage their new skill set to identify and combat threats within networks and systems– valuable traits in the cybersecurity field.Continuing Professional Education (CPE) Credit Count: 18
Schedule
Lesson Introduction to Threat Hunting
- Gain an overall understanding of threat hunting
- Understand the importance of threat hunting
Lesson Threat Hunting Methodology
- Learn the process of threat hunting before attempting threat hunting
Lesson The Threat Landscape
- Learn and identify organizational threats
- Learn and identify global threats
Lab/Instructional Exploitation and Threat Creation
As a threat hunting specialist, it is your responsibility to understand the offensive side of cybersecurity in order to strengthen an organization''s defensive position. In this lab, students will exploit a Windows Server system in order to understand how vulnerabilities can be used maliciously.
Lesson Memory Forensics
- Learn about the history and need for memory forensics.
Lab/Instructional Memory Forensics
In this lab we will take a look at the memory dump we did earlier and do some pretty cool forensics against that dump. In most enterprise environments organizations have host-based agents on most devices that are able to on-the-fly perform memory dumps which would then allow you the threat hunter to literally pick a device, or group of devices and say “I’d like a memory dump of that device or those devices please”, and get it pretty quickly. For smaller environments, you may have to go to devices and individually perform the dump as we have with this Windows virtual machine. That will take more time, but either way, you’ll know how to do it!
Lesson Network Forensics
- Learn about network forensics
- Discover the tools to use while conducting Network Forensics
- Get a packet analysis primer!
Lab/Instructional Network Forensics
In this lab we will look at the memory dump we did earlier and do some pretty cool forensics against that dump. In most enterprise environments organizations have host-based agents on most devices that are able to on-the-fly perform memory dumps which would then allow you the threat hunter to literally pick a device, or group of devices and say “I’d like a memory dump of that device or those devices please”, and get it pretty quickly. For smaller environments, you may have to go to devices and individually perform the dump as we have with this Windows virtual machine. That will take more time, but either way, you’ll know how to do it!
Lesson Incident Response Detection and Threat Hunting
- Discover the intel that Threat Hunting can provide
- Learn the benefits of an incident response team
- Utilize Threat Hunting in Incident Response
Lab/InstructionalCreating and Investigating Browser Attacks
As a threat hunting specialist, it is your responsibility to both create and investigate attacks for education and action taking purposes. In order to strengthen your company''s security, you will need to understand the fundamentals of browser exploits, how they take advantage of vulnerabilities, and how to mitigate the possibility of this happening to your company.
LessonEnterprise Threat Hunting
- Discover the nuances for threat hunting in an enterprise environment
- Learn the tools that can be used for big data Threat Hunting
Lab/InstructionalUtilizing Zeek (Bro) for HTTP Threat Hunting
As a cybersecurity professional specializing in threat hunting, it will be your responsibility to use Zeek in order to cut and examine log files. This data can provide experts with the critical information needed to identify HTTP threats and other potential malicious activity.
LessonPowerShell
- Find out how PowerShell can be utilized to conduct Threat Hunting
Lab/InstructionalThreat Hunting with PowerShell
As a threat hunting specialist, it is your responsibility to understand the offensive side of cybersecurity in order to strengthen an organization''s defensive position. In this lab, you will exploit a Windows Server system in order to understand how vulnerabilities can be used maliciously.
LessonEvasion Techniques
- Discover the basic evasion techniques used by malware
- Find out the tools used in order to obfuscate and evade common IDS/IPS
Lab/InstructionalCovert Communications Examination
As a threat hunting cybersecurity practitioner, you will need to focus a lot of your attention on what an exploit looks like when attackers use encryption for exfiltration. It will be your responsibility to act as both the attacker and the victim during an investigation process.
Challenge LabThreat Hunt Challenge 1
As a threat hunting specialist, it is your responsibility to understand the offensive side of cybersecurity in order to strengthen an organization''s defensive position. In this lab, you will exploit a Windows Server system in order to understand how vulnerabilities can be used maliciously.
Challenge LabThreat Hunt Challenge 2
As a threat hunting expert, it will be your responsibility to apply your skills and abilities to investigate. Your customer is not aware of an attack but thinks there are competitors who seem to be making very similar products. This is a hunt to see if there are any issues. You will need to use your memory forensics skills in order to figure if there is anything to be concerned with.