Phase 5 - Exfiltrate files from staging server, perform cleanup and set long-term persistence mechanisms (alternatively this phase would be used to deploy ransomware).Phase 4 - Find exfiltration point, collect and stage data for theft.Phase 3 - Searching for intellectual property, network profiling, business email compromise, dumping enterprise hashes.Phase 2 - Privilege escalation, lateral movement to other systems, malware utilities download, installation of additional beacons, and obtaining domain admin credentials.Phase 1 - Patient zero compromise and malware C2 beacon installation.The course exercises and final challenges illustrate real attacker traces found via end point artifacts, event logs, system memory, and more: Build advanced forensics skills to counter anti-forensics and data hiding from technical subjects.Hunt down additional breaches using knowledge of the adversary.Track adversaries and develop threat intelligence to scope a network.Contain and remediate incidents of all types.Perform damage assessments and determine what was read, stolen, or changed.Quickly identify compromised and infected systems.Understand attacker tradecraft to perform compromise assessments.This in-depth incident response and threat hunting course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and ransomware syndicates.įOR508: Advanced Incident Response and Threat Hunting Course will help you to: Incident response and threat hunting teams are the keys to identifying and observing malware indicators and patterns of activity in order to generate accurate threat intelligence that can be used to detect current and future intrusions. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems, provide ineffective containment of the breach, and ultimately fail to rapidly remediate the incident or contain propagating ransomware.
Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Immediately apply the skills and techniques learned in SANS courses, ranges, and summits
0 kommentar(er)
