Overview What You Will Learn Curriculum Instructor

Course Overview

Threat hunting is human-driven, iterative, and systematic. It effectively reduces damage and overall risk to an organization, as its proactive nature enables security professionals to respond to incidents rapidly. The combination of dynamic intelligence, analytics, and situational awareness tools, and perpetual data monitoring, brings about a reduction in false positives and wasted time throughout the Security Operations Center.

The course begins with the basics of threat hunting and data on threat hunting. Moving on, you will understand the adversary. Further, you will learn the mapping and working of an adversary with a data adversary. Next, you will work on creating research environments. After that, you will learn how to query the data. Next, you will explore hunting the adversary. Further, you will learn the importance of documenting and automating the process. As you move on, you will explore communicating and assessing data quality. Next, you will learn to understand the output and defining good metrics to track success in threat hunting. Then you will learn tools such as firewalls, antivirus, endpoint management, network packet capture, and security information and event management (SIEM). You will also need access to threat intelligence resources so you can look up IP addresses, malware hashes, indicators of compromise (IoCs), and more. Finally, you will learn to real-world use cases to identify attacker techniques

By the end of the course, you will have the skills and knowledge to hunt for threats with various techniques when responding to security incidents.

What You Will Learn

  • Gain the foundation knowledge of the threat hunting practice.
  • Learn about the frameworks and industry standards for hunting.
  • Master how to extract
  • ingest
  • visualize
  • and analyze basic logs and events.
  • Discover how to enrich your findings and add intelligence to them.
  • Explore hunting the adversary.

Program Curriculum

  • What Is Threat Hunting?
  • Threat Hunter Mission
  • What Do I Need to Be a Threat Hunter?
  • Cyber Kill Chain
  • Using MITRE ATT&CK Framework to map adversary TTP
  • Exploits and Vulnerabilities
  • $7 Million Cybersecurity Scholarship by EC-Council
  • Chapter 1 Quiz

  • Pyramid of Pain
  • Signatures
  • IOCs and IOAs
  • Enrichment and Threat Intelligence
  • Yara Rules
  • Chapter 2 Quiz

  • Windows Events
  • Linux logs
  • Application logs
  • Chapter 3 Quiz

  • Hunting Network Traffic
  • Shipping Network Data Using Elastic
  • Chapter 4 Quiz

  • Getting Started with Elastic Stack
  • Deploying Elastic Stack with Docker
  • Shipping Logs to the Elastic Stack
  • How to Query the Data?
  • Using Dashboards for Data Visualization
  • Chapter 5 Quiz

  • Recommended Tools for Your Research Environment
  • Chapter 6 Quiz

  • Introduction
  • Use case #1 - RDP Activities
  • Use case #2 - AV Disabled
  • Use case #3 - Credential Dump
  • Use case #4 - Suspicious PowerShell
  • Chapter 7 Quiz

Recap Course Topics and Conclusion

Load more modules

Instructor

Marcos Vinicios Penha

Marcos Vinicios Penha has worked in companies in south and north America over the last 20 years. His experience ranges from defensive, offensive, incident response and infrastructure security. He has a variety of certifications in different fields of cyber-security, including CEH, CISSP, CRTE, CRTP, OSCP, F5-CA, Pentest+, CySA+, CASP+, Linux+, and others. Marcos has supported many companies worldwide to fight vulnerabilities, cyber-crime and advanced persistent threats while helping them to improve their maturity, visibility and protection controls. He has solid knowledge about the following subjects: Vulnerability Management, Red teaming, Ethical Hacking and Adversary Simulation, System Hardening, Defense Evasion, Threat Hunting, Incident Response, Blue teaming, Intrusion Detection and Prevention, Endpoint Detection and Response, Next-Gen Firewalls and Web Application Firewalls, and others. Marcos has been supporting the cyber-security community participating as a speaker in a variety of events worldwide.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

$ 499.00
Billed annually or $59.00 billed monthly
Get Started Now
Start your 7-day trial for $1

What is included

  • 700+ Premium Short Courses
  • 50+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

$ 599.00
Billed annually or $69.00 billed monthly
Get Started Now
Start your 7-day trial for $1

Everything in Pro and

  • 800+ Practice Lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Practice Labs and Challenges added every month
  • 3 Official EC-Council Essentials Certifications¹ (retails at $897!)
    Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

  • Hands-on FortiGate Firewall

    Hands-on FortiGate Firewall

    Short Course

    Hands-on FortiGate Firewall

    Security Architecture and Operations

    Learn how to deploy the FortiGate NGFW and how to configure t...

    $99.99

    Intermediate

    3 hr 0 m

  • Hands-on SELinux

    Hands-on SELinux

    Short Course

    Hands-on SELinux

    Security Architecture and Operations

    Learn SELinux Basics: Implement Security Policies, Troublesho...

    $49.99

    Beginner

    5 hr 28 m

  • Complete Bash Shell Scripting

    Complete Bash Shell Scripting

    Short Course

    Complete Bash Shell Scripting

    Security Architecture and Operations

    Automate repetitive tasks with Bash Shell Scripting to save v...

    $79.99

    Intermediate

    18 hr 10 m

  • Installing and Mitigating Linux Rootkits

    Installing and Mitigating Linux Rootkits

    Short Course

    Installing and Mitigating Linux Rootkits

    Security Architecture and Operations

    Understanding the threat posed by rootkits in Linux and poten...

    $59.99

    Advanced

    3 hr 0 m

  • Start Hacking and Making Money Today at HackerOne

    Start Hacking and Making Money Today at HackerOne

    Short Course

    Start Hacking and Making Money Today at HackerOne

    Security Architecture and Operations

    Hack Legally and Get Paid for Your Findings

    $59.99

    Beginner

    1 hr 9 m

  • PowerShell Scripting Essentials: Anatomy of Logging – Developing a Logging Module

    PowerShell Scripting Essentials: Anatomy of Logging – Developing a Logging Module

    Short Course

    PowerShell Scripting Essentials: Anatomy of Logging – Developi...

    Security Architecture and Operations

    How to write a PowerShell module that contains functions to d...

    $69.99

    Intermediate

    6 hr 1 m

  • Machine Learning for Application in Digital Forensics

    Machine Learning for Application in Digital Forensics

    Short Course

    Machine Learning for Application in Digital Forensics

    Security Architecture and Operations

    Unlocking the Potential of Machine Learning: From Theory to P...

    $99.99

    Intermediate

    4 hr 0 m

  • Applied Python Cryptography

    Applied Python Cryptography

    Short Course

    Applied Python Cryptography

    Security Architecture and Operations

    Securing your Python code and protecting your users private i...

    $79.99

    Intermediate

    4 hr 0 m

1 8