With the rise of APT attacks and targeted ransomware attacks, there's a huge need for in-depth investigation & threat hunting skills to detect these attacks early on before the cost of the breach gets doubled every day.
In this In-Depth Investigation & Threat Hunting Training, you will learn how real APT attacks and targeted attacks work, how to perform in-depth investigation through collecting and analyzing digital artifacts, performing live forensics, memory forensics, and how to automate this process across the whole enterprise in Powershell.
As well, you will learn how to perform threat hunting based on the MITRE ATT&CK framework powered by threat intelligence. Not just the Attackers' IoCs but their tactics, techniques, and procedures.
This training is for Security Professionals who want to expand their skills in red teaming, understand how real-world attacks look like and better protect their organizations against APT Attacks, Targeted Ransomware attacks and Fileless attacks
An The Ability to perform purple teaming exercises that simulates APT attacks, fileless malware, and targeted ransomware attacks from initial access until the lateral movement and domain overtake.
How to perform an in-depth digital investigation through live forensics, triaging, memory forensics, or using Powershell to automate the analysis of key artifacts to detect malicious activities.
How to build a threat hunting process that is powered by MITRE ATT&CK framework and threat intelligence information.
What is an APT Attack?
What are the Attack Stages? And what’s MITTRE ATTACK?
APT attack lifecycle
Examples of real-world APT attacks
Deep dive into the attackers' tactics, techniques, and procedures (TTPs)
Using Threat Intelligence
Understand the attackers' malware arsenal
The Incident Response Lifecycle
How attacks are being discovered (SOC, 3rd party & threat hunting)
Security Controls and types of logs in an organization
What's Threat hunting & why threat hunting?
Types of Threat hunting
The threat hunting process step by step
Intelligence-based Threat hunting
Intro to Log Analysis
Build Your honeypot Domain in the Cloud (AWS & Terraform)
Installing & Configuring ELK and Winlogbeat
Installing & Configuring Sysmon
Hardening Your Windows machines
Spearphishing Attacks with malicious attachment
Spearphishing attacks with links
Spearphishing attacks using social media
Credential pharming
Detecting Spearphishing using EDR Logs
Advanced execution techniques
Analyze attacks using sysmon & Splunk
Analyze logs using sysmon & Elasticsearch
Hunting the evil in packets
Detecting Malware Exfiltration methods
Detecting Downloaders, malicious documents, exploits and others
Detecting IP Flux, DNS Flux, DNS over HTTPS
Malicious bits transfer, malware communicating through legitimate websites
Detecting peer-to-peer communication, Remote COM Objects and unknown RDP Communications
Hands-on analysis using Wireshark & Microsoft Network Monitor
Hunting the evil in zeek logs
Hands-on analysis using zeek logs & Elasticsearch
Types of Malware
Malware Functionalities in-depth (APIs, Code Functionalities & Detection Techniques)
Malware Encryption & Obfuscation (packing, strings encryption, API encryption .. etc)
Strings and API Encryption & Obfuscation
Network communication Encryption & Obfuscation
Virtual machine & Malware analysis tools bypass techniques
Write your own YARA rule
Why in-depth investigation?
Detecting malware persistence: Autoruns registry keys and options
Detecting malware persistence: Scheduled tasks and jobs
Detecting malware persistence: BITs jobs
Detecting malware persistence: Image File Execution Options & File Association
Detecting Malware & Malicious Documents Execution (Prefetch, MRU, Shims, Outlook Attachments)
$MFT structure and cavity searching
How to perform Live Forensics (Hands-on)
Intro to Memory Forensics & Volatlity
Capture a full memory dump
Extract suspicious & hidden processes
Detecting memory injection, process hollowing & API hooking
Detect injected threads using call stack backtracing
Detect suspicious network communication & extract network packets
Detect malware persistence Functionalities using registry hives
Detect the initial access using Prefetch files & MFT extraction
Extract windows event logs from memory
Automate memory processing using python
UAC bypasses using legitimate apps
UAC bypasses using COM objects
UAC bypasses using Shimming
Abusing Services for privilege escalation
DLL Order Hijacking
Privilege escalation to SYSTEM
Best practicies for detecting & preventing privilege escalation
Intro to Powershell
Powershell Remoting
Logon Types and Powershell vs RDP
Collect & Analyze Malicious Artifacts using Kansa
Collect Minidumps using Powershell
Detect suspicious processes using Powershell
Automating Artifacts collection & analysis for threat intelligence
Convert your threat hunting hypothesis into an alert
Write your own SIGMA rules
Detecting & Preventing Lsass Memory dump
Detecting & Preventing Token Impersonation
Find attack paths & weak links using Bloodhound
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies including
Symantec, Tenable, and others.
He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.
Amr is a speaker and a trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help security professionals all around the world to build their expertise in malware analysis, threat hunting, red teaming. and most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.
Here is the list of the upcoming training (Virtual & In-person).
Month | Training | Location | Dates | Register |
---|---|---|---|---|
April 2022 | In-Depth Investigation & Threat Hunting | Virtual | April 25-28, 2022 | Register |
June 2022 | Hands-on Malware Analysis & Incident Response | Virtual | June 13-16 2022 | Register |
Aug 2022 | Advanced Red Teaming: Weaponization & Adversary Simulation | Virtual | Aug 22-25, 2022 | Register |
Are you looking for a group training for your team? To discuss your specific requirements, reach out to us from here
You can check out our resources that will show you exactly the quality and support you can expect from our Master's Program and our Training programs, and see why MalTrak students are in such high demand
The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant
The top 4 reasons you are vulnerable to these attacks and how to implement threat hunting today to become more resilient against these attacks.
These are 3 expert-crafted copy-paste cheatsheets accompanied by a hands-on training to help you impersonate an expert in the field, analyze real cybersecurity attacks, showcase your skills to land your first job in the field
All you need is:
➡️ Good IT Administration Background especially in Windows (Linux preferred)
➡️ Good Cybersecurity & Network protocols background
➡️Only in red team training: C++ Programming Background
Laptop with minimum 8GB RAM and 10-20 GB free hard disk space
It's a live 4-days training delivered either in person or virtually through Zoom
In case of virtual event (through zoom), you will have access to the recordings for one year after the training
Yes, you will.