Threat hunting laboratory

By Jameel Nabbo

Elevator Pitch

this course is 100% hands-on and based on real-world samples and attack techniques. Besides the manual techniques and methods, we’ll cover open-sourced tools that make the SOC analysist day-to-day tasks much easier than writing Sigma rules for your SIEM.

Description

Introduction:

This course covers a wide range of threat hutting techniques and methods and dives into the art of Network, Web, Malware and binary analysis and exploitation techniques.

What skills you’ll gain after completing this course:

  • Understanding about network analysis
  • Understanding of the techniques regarding binary exploitation
  • Basic knowledge about reverse engineering
  • Using both tools and manual techniques for analyzing network protocols data
  • Understating of malware analysis techniques.
  • Web shells and threats
  • Understating of kernel-level analysis

Who should take this course:

  • SIEM Engineers.
  • SOC analysts
  • Threat hunters
  • Sysadmins
  • Penetration testers

Prerequisites

  • Basic understating of network protocols
  • Basic scripting knowledge python, bash, PowerShell, etc..
  • Virtual Box
  • Admin privileges on your computer

Training Outline

  • Introduction to Threat hunting
  • Preparing a Hunt
  • Sample extraction
  • Techniques and logic

Network analysis

  +      ARP Analysis 
  +	DNS analysis 
  +	HTTP/HTTPs traffic analysis 
  +	Unknown traffic

Memory analysis

    +	Understanding the memory stack 
    +	Introduction to debuggers 
    +	Reverse engineering sample (Real-world security application)
    +	Analyzing memory processes 
    +	Kernel memory and objects
    +	WinDbg and low-level analysis.

Malware analysis

    *	Malware evasion techniques 
    +	Malware persistence
    +	Delivery techniques
    +	UAC bypassing techniques 
    +	Zero-Day samples
    +	Browser delivery exploits  
    +	Document-based malware

Web threats analysis

    +	Serializations attacks with cryptographic implementation weakness 
    +	Web shells 
    +	Analyzing source code
    +	Hands-on workshop
    +	How and when to follow up on findings
    +	How and when to escalate findings

Notes

Jameel is a master of binary exploitation and founder of a well known binary exploitation blog within the infosec community bufferoverflows.net with over 10 years of offensive security experience. he’s the head of offensive security of Capgemini.