Legend:
File Certificate
Digital Badge
YouTube Video
YouTube Playlist
White Paper
Cyber Threat Hunter
Foundational
Begin Your Hunt The Threat Hunting Workshop •
Cyborg Security • Workshop
Description: To begin, you have to know what threat hunting is. Ask 10 people in cybersecurity what threat hunting is, and you'll get 10 different answers.
Description: To begin, you have to know what threat hunting is. Ask 10 people in cybersecurity what threat hunting is, and you'll get 10 different answers.
Threat Hunting Training Course •
Active Counter Measures • Course •
Description: Threat hunting course from AC, highly recommended.
Description: Threat hunting course from AC, highly recommended.
Wireshark •
Bowne Consulting • Course
Description: Threat hunters often pivot to PCAP analysis to find artifacts, phishing emails, and other bad stuff.
Description: Threat hunters often pivot to PCAP analysis to find artifacts, phishing emails, and other bad stuff.
VirusTotal •
Sam's Class • Course
Description: Learn how to upload, and work with artifacts in Virus Total.
Description: Learn how to upload, and work with artifacts in Virus Total.
How to Build a Malware Lab •
Neil Fox • YouTube Play List •
Description: A good threat hunter has a virtual environment, or lab, where they can handle malicous artifacts and code. You'll need to be able to reset this when you mess it up, and you will mess it up.
Description: A good threat hunter has a virtual environment, or lab, where they can handle malicous artifacts and code. You'll need to be able to reset this when you mess it up, and you will mess it up.
MITRE ATT&CK Defender™ (MAD) ATT&CK® Fundamentals •
Cybrary • Course •
Description: Gain an understanding of the common vernacular used in cybersecurity and threat hunting.
Description: Gain an understanding of the common vernacular used in cybersecurity and threat hunting.
Intro to Regular Expressions •
Taggart Tech • Course
Description: REGEX is used across many niches of cybersecurity and threat hunting, know how to leverage REGEX when hunting for bad stuff.
Description: REGEX is used across many niches of cybersecurity and threat hunting, know how to leverage REGEX when hunting for bad stuff.
Intrusion Analysis and Threat Hunting with Suricata •
Shark Fest • YouTube Video •
Description: Threat Hunting Overview with Suricata.
Description: Threat Hunting Overview with Suricata.
SIEM Basics
Elastic Fundamentals •
Elastic • Courses
Description: Elastic is a popular SIEM tool used by threat hunters to find bad stuff. Know how to use it.
Description: Elastic is a popular SIEM tool used by threat hunters to find bad stuff. Know how to use it.
Splunk Fundamentals •
Splunk • Courses •
Description: Splunk is another popular SIEM, more often used by government agencies, to collect log data.
Description: Splunk is another popular SIEM, more often used by government agencies, to collect log data.
Phishing Analysis
Hiding in Plain Sight - Obfuscation Techniques in Phishing Attacks •
Proof Point • White Paper •
Description: Understand how obfuscation has made detecting phishing emails harder.
Description: Understand how obfuscation has made detecting phishing emails harder.
Hunting Labs or Workshops
Persistence is Futile •
Cyborg Security • Workshop •
Description: Adversaries will always try to obtain, and maintain, a foot hold in your network. Learn how to find these persistence mechanisms.
Description: Adversaries will always try to obtain, and maintain, a foot hold in your network. Learn how to find these persistence mechanisms.
Execution •
Cyborg Security • Workshop •
Description: Without execution, the adversary won't get anywhere. Learn how to find that activity.
Description: Without execution, the adversary won't get anywhere. Learn how to find that activity.
Defense Evasion •
Cyborg Security • Workshop •
Description: With EDR tools getting better and better, adversaries will always try to find ways to evade your security tools and other defenses.
Description: With EDR tools getting better and better, adversaries will always try to find ways to evade your security tools and other defenses.
Credential Access •
Cyborg Security • Workshop •
Description: Adversaries will often try and obtain legitimate credentials for your network.
Description: Adversaries will often try and obtain legitimate credentials for your network.
Lateral Movement •
Cyborg Security • Workshop •
Description: On average, and adversary will move laterally within your nework within 90 minutes of gaining access.
Description: On average, and adversary will move laterally within your nework within 90 minutes of gaining access.
Hunting for Impact •
Cyborg Security • Workshop •
Description: Threat hunt workshop designed to teach you to hunt for the impact.
Description: Threat hunt workshop designed to teach you to hunt for the impact.
Exfiltration •
Cyborg Security • Workshop •
Description: The goal of an adversary is often to exfiltration some kind of data: proprietary data, your customer list, etc...
Description: The goal of an adversary is often to exfiltration some kind of data: proprietary data, your customer list, etc...