As part of a training course, admission used to drive enrollment
“This course is based on current attacks that APTs use in Iran and the world, and we are going to provide you with our own experience of participating in various attacks in the country in this course.” مهدی هاتی
You can watch the full review and introduction video of the face-to-face course “Threat Hunting & Incident Response” taught by “Mehdi Hatami,” from the link below and register online.
Start of the course: Thursday, October 13
It is possible to register in installments for this course, and you can contact Ravin Academy’s training unit for more information.
Ways of communication with the education office of Ravin Academy:
Contact number: 021-91693023 (extension 1)
The Course:
Threat Hunting & Incident Response
- ADVANCED
- blue path
- 4 lessons
https://www.aparat.com/video/video/embed/videohash/fBjt3/vt/frameREQUEST TO HOLD
INSTITUTIONAL REGISTRATION OF THIS COURSE
START DATE
13 Mehr 1402 COURSE LENGTH
40 hours CERTIFICATE AND TEST
CAPACITY
6 people left
TYPE OF HOLDING
in person
ABOUT THIS COURSE
APT attacks, and targeted attacks in general, have been growing rapidly over the past years. On the other hand, these threats cannot be effectively dealt with using old solutions and methods. That’s why hunting threats and quick response to cyber incidents has become very important compared to the past. Cyber threat hunting consists of processes in which a security analyst (threat hunter) with a combination of human and machine-based methods and analysis, attempts to detect security incidents or threats that are currently undetectable by automated processes in the organization. Identify or so called hunt. By using these processes and the appropriate response, cyber attacks and attackers can be identified and countered before they achieve their final goals (such as sabotage goals, information theft, etc.). During this course, you will get acquainted with the various techniques, tactics and generally the working methods of advanced cyber attackers and APT teams, and you will learn the methods of hunting these threats, analyzing the techniques and responding to them in a practical way. In other words, you will gain the knowledge of how to operate and hunt various methods used by APT teams (such as Fileless malware, advanced access expansion and stabilization methods, ransomware attacks, and many other similar cases) based on the MITER ATT&CK framework, as well as how to respond to these attacks. you will earn
The duration of this course is 40 hours, which will be held in person at Ravin Academy during 5 8-hour sessions on Thursdays and Fridays from 9:00 AM to 5:00 PM. This course will start on Thursday, 13 Mehr.
TO WHOM IS THIS COURSE RECOMMENDED?
- SOC analysts and engineers
- Security assessment/penetration testing/red team experts
- Cyber threat response experts
- Cyber threat hunters
- Cyber security consultants
- Fans of the Purple Team
WHAT KNOWLEDGE DO I NEED TO ATTEND THIS COURSE?
- Familiarity with the concepts of various types of cyber attacks
- Familiarity with Windows operating systems
- Familiarity with TCP/IP protocols
- Getting to know the concepts of event and log analysis
- At least 2 years of experience in the field of cyber security
COURSE TOPICS
Open all
- Apt
- What is an APT attack?
- APT Core Tactics
- APT Attack Lifecycle
- Real world APT Attacks
- Red Team Tools
- Why Threat Hunting
- EDR, SOC, SIEM, Antivirus Can be Bypassed
- Incident Response & Threat Hunting in common
- Incident Response
- How to Catch Bad Guys (SOC, Threat Hunting, Tools)
- Security Controls and Types of Logs in an Organization
- Incident Response Preparation
- Tools
- Useful Audit Policies
- Build Our Tools with PowerShell
- Ravine Hunting Tools
- Sysmon and Configurations
- Harden Your Sysmon 🙂
- EDR
- Event Viewer and ETW
- Useful Audit Policies
- Hunting APTs Core Tactics
- Initial Access
- malicious attachment
- Advanced Execution Techniques
- Password Spray
- Analyze Attacks Using Sysmon & Splunk OR Elastic
- Phishing
- Persistence
- DLL Proxy DLL Hijacking
- Logon Scripts
- Screensavers
- Scheduled Tasks Elevated Multi-Action
- SSP and Authentication Packages
- Application Shims
- Registry (Not Just Run Keys)
- WMI Event Subscriptions
- Active Directory Persistence
- Golden Ticket Hunting
- Lateral Movement
- Hunting Impacket for Lateral Movement
- Remote Service and SCM
- Remote Schedule Task
- Remote Registry
- Name Pipes
- PowerShell for Lateral Movement
- Customized Psexec (Service, Pipe rename)
- Com Objects for Lateral Movement
- Credential Attacks
- LSASS Memory Read Advance Detection
- Dumping NTDS Detection
- Hunting Native DLLs and Tools for Credential Dumping
- DCSync and Stealthy DCSync
- Abusing ACLs, SACL and Active Directory Rights
- Unconstrained Delegation
- Hunt What Your SIEM does not Detect for Credential Dump
- MiniDump WriteDump
- Token Impersonation Hunt
- Hunt Stealthy usage of Impacket for Credential Dump
- Implementing Credential Guard & Powered Use
- Pass the Hash
- Execution and Defense Evasion
- Malware Defense Evasion Techniques
- Process Injection
- Use of Legitimate Applications
- Disguise Malware Using COM Objects
- Detecting & Preventing the Abuse of the Legitimate Applications
- Sysmon & EDR Bypass Techniques
- Recon and Discovery
- LDAP Hunting (Powerview, Bloodhound, …)
- User and Group Enumeration Hunting
- Decoy
- Hunt Registry for Recon Purposes
- In-Depth Investigation & Forensics
- Incident Response in an Enterprise
- Intro to PowerShell
- PowerShell Remoting
- Collect & Analyze Malicious
- Collect Minidumps Using PowerShell
- Detect Suspicious Processes Using PowerShell
- Automating Artifacts Collection & Analysis for Threat Intelligence
- Convert Your Threat Hunting Hypothesis into an Alert
- Write Your Own SIGMA Rules
- Malware Privilege Escalation Techniques
- UAC Bypasses Using Legitimate Apps
- UAC Bypasses Using COM Objects
- UAC Bypasses Using Shimming
- Abusing Services for Privilege Escalation
- DLL Order Hijacking
- Privilege Escalation to SYSTEM
- Initial Access
You must be logged in to post a comment.