fbpx
cybersecurity
education
€ EUR
  • $ USD
  • € EUR
  • #bootcamp
  • #course

Halloween Threat Hunting Bootcamp for SOC Analyst

with Mike Jankowski-Lorek Ph.D & Mateusz Ziebura
October 28, 2024, 9:00 am
Days
Hours
Min.
Sec.

During this 3-day course in 21 hours of super intensive BOOTCAMP you will gain crucial cybersecurity knowledge and skills in terms of Threat Hunting.

Moreover, you will be able to:

    • Get the highest quality and unique learning experience – the class is limited to 20 participants by default.
    • Get the opportunity to interact with our world-renowned Experts.
    • Go through CQURE’s custom lab exercises and practice them after the course.
    • Receive a lifelong certification after completing the course!
    • Get 12-month access to the recordings!

 

(9:00am – 4:00pm CEST/CET )

Original price was: €2575.Current price is: €2175.

Lowest price within 30 days €2175 (net)

Why this course?

Join us for the Halloween Threat Hunting Bootcamp for SOC Analyst with AI Support! You’ll spend three days diving deep into the world of cybersecurity learning about some of the modern attack techniques, local privilege escalation methods, and identity infrastructure attacks as well as the ways how those attacks could be detected and mitigated

Our Threat Hunting with AI Support course is a training designed for Security Analysts, IT Administrators, Incident Responders, and Threat Hunters.

During the course, you will learn some of the modern attack techniques, local privilege escalation methods and identity infrastructure attacks as well as the ways how those attacks could be detected and mitigated. This knowledge will be enhanced with case studies which will demonstrate how real-world attacks happen using the methods learned.

Additionally, participants will be introduced to solutions, that with AI support can enhance the threat hunting process.

The course will conclude with showcasing how threat hunting and threat detection design can be performed by leveraging manual and automated methods.

 

 

Join us for the Halloween Threat Hunting Bootcamp for SOC Analyst with AI Support! You’ll spend three days diving deep into the world of cybersecurity learning about some of the modern attack techniques, local privilege escalation methods, and identity infrastructure attacks as well as the ways how those attacks could be detected and mitigated

Our Threat Hunting with AI Support course is a training designed for Security Analysts, IT Administrators, Incident Responders, and Threat Hunters.

During the course, you will learn some of the modern attack techniques, local privilege escalation methods and identity infrastructure attacks as well as the ways how those attacks could be detected and mitigated. This knowledge will be enhanced with case studies which will demonstrate how real-world attacks happen using the methods learned.

Additionally, participants will be introduced to solutions, that with AI support can enhance the threat hunting process.

The course will conclude with showcasing how threat hunting and threat detection design can be performed by leveraging manual and automated methods.

 

 

Pricing plan

We offer you pricing plan designed and adjusted to your specific needs and budget. Buy now or book your spot and pay later.

Course timeline

  • 1. Before the course

    You will receive a Student Guide with instruction on how to prepare for the training, information regarding all the technical requirements and your own individual login credentials to the virtual environment.

  • 2. During the course

    You will be able to exercise and review all learned content on an ongoing basis.

  • 3. After the course

    You will receive a Certificate of Completion, all the materials which have been created and presented by the trainer as well as an access to our community on the Discord server.

Course benefits

How our lessons look like

  • Loads of Knowledge
  • Implementation workshop
  • Course materials
  • Unique exercises
  • Certification

Loads of Knowledge

Over the course of 3 days participants will learn some of the modern attack techniques, local privilege escalation methods, and identity infrastructure attacks as well as the ways how those attacks could be detected and mitigated.

This knowledge will be enhanced with case studies which will demonstrate how real-world attacks happen using the methods learned. Additionally, participants will be introduced to Microsoft Sentinel SIEM solution and will learn how to properly set-up, configure, and use this solution.

The course will conclude with showcasing how threat hunting and threat detection design can be performed by leveraging manual and
automated methods.

Implementation workshop

This workshop will guide you through essential techniques for modern attack strategies, including local privilege escalation and identity infrastructure attacks.

Over the course of three days, participants will delve into real-world scenarios, learning how these attacks unfold and mastering the methods to detect and mitigate them effectively.

By the end, you’ll have a well-rounded skill set for identifying vulnerabilities and fortifying defenses in a Windows infrastructure.

Course materials

During the course, you will be provided with a bunch of materials such as lab exercises, presentations, intriguing articles and useful tools to make your tasks a little bit easier!

Unique exercises

All exercises are based on O365 and Azure Cloud. During the course, our finest specialists will use their unique tools, practical exercises, and presentations slides with notes.

Certification

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

Course syllabus

The Halloween Threat Hunting Bootcamp for SOC Analystagenda consists of 11 Modules that will be covered during intense 3 Days.

 

  • Module 1: Modern Attack Techniques and Tracing Them

    • 1. Discussion: Top attack techniques
    • 2. Advanced Persistent Threats
    • 3. Initial access vectors
    • 4. Phishing – rev shell mail phishing bob
    • 5. Valid Credentials– password spray exc.
    • 6. Spoofing – DSN Twist
    • 7. Vulnerable components (drive by download)
    • 8. Weak defaults

      a. Other vectors Escalation through
      Windows Services

  • Module 2: Local Privilege Escalation Techniques and Tracing Them

    • 1. Unquoted service path
    • 2. Image and DLL manipulation
    • 3. Schedule Tasks
    • 4. Access Token Manipulation
    • 5. SeImpersonate
    • 6. SeTcb
    • 7. Create User Token
    • 8. Process Injection
    • 9. DLL Injection and Reflective DLL Injection
    • 10. CreateRemoteThread
    • 11. Memory Injection
    • 12. Other techniques
  • Module 3: Case Study – Investigating In-Place Attacks

  • Module 4: Windows Authentication Architecture & Cryptography

    • 1. Windows Logon
    • 2. Windows Logon Types
    • 3. LSASS Architecture
    • 4. NTLM
    • Kerberos
    • 6. SAM Database
    • 7. NTDS.dit
    • 8. LSA Secrets & gMSA accounts
    • 9. Secrets, credentials and Logon Data
    • 10. PKI Misconfigurations
    • 11. SSP Providers
    • 12. Data Protection API
  • Module 5: Case Study – Investigating Identity Theft

  • Module 6: Attacks on Identity Infrastructure and Tracing Them

    • 1. Pass-the-Hash, OverPTH attacks

      a. Pass the ticket
      b. Golden and silver ticket
      c. Pass the PRT
      d. Shadow Credentials / NGC

    • 2. NBNS/LLMNR spoofing, NTLM Relay, Kerberoasting
    • 3. DCSync and DCShadow
    • 4. AdminSDholder
    • 5. Other Modern identity attack techniques
  • Module 7: Microsoft 365 Defender for Endpoint – EDR

    • 1. Intro 101 to Microsoft Defender ecosystem
    • 2. EDR deployment strategies
    • 3. EDR installation and configuration
    • 4. Fine tuning and hardening of EDR configuration
    • 5. Managing and Maintaining Security Posture
    • 6. Troubleshooting Common Issues
    • 7. Automation with ServiceNow and 3rd party
  • Module 8: Integration with Defender Family

    • 1. Microsoft 365 Defender Stack Overview
    • 2. Microsoft Defender for Identity
    • 3. Microsoft Defender for Cloud Apps
    • 4. Microsoft Defender for Cloud
    • 5. Microsoft Defender for Server
    • 6. EDR integration with Microsoft Azure Sentine
  • Module 9: Security Operations with Microsoft EDR (Defender for Endpoints) Advanced Threat Hunting with Defender

    • 1. EDR integration with Microsoft Azure Sentinel
    • 2. Security Operations best practices with Microsoft EDR and Sentinel
    • 3. How to manage Incidents inside EDR and Sentinel
    • 4. Kusto language 101 – basic and advanced queries
    • 5. Advanced Hunting
    • 6. Hacker ways to hide malware and bypass EDR
  • Module 10: eXtended Detection and Response with Sentinel

    • 1. Sentinel 101 - Azure Sentinel Dashboards, Connectors
    • 2. Understanding Normalization in Azure Sentinel
    • 3. Cloud & on-prem architecture
    • 4. Workbooks deep dive - Visualize your security threats and hunts
    • 5. Incidents
    • 6. KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL
    • 7. Auditing and monitoring your Azure Sentinel workspace
    • 8. Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
    • 9. Fusion ML Detections with Scheduled Analytics Rules
    • 10. Deep Dive into Azure Sentinel Innovations
    • 11. Investigating Azure Security Center alerts using Azure Sentinel
    • 12. Introduction to Monitoring GitHub with Azure Sentinel for Security Professionals
    • 13. Hunting in Sentinel
    • 14. Deep Dive on Threat Intelligence
    • 15. End-to-End SOC scenario with Sentinel
  • Module 11: Case Study – Detecting a Complex Threat with Sentinel and Microsoft Copilot for Security

Who is it for?

Audience

SOC analysts, Enterprise administrators, infrastructure architects,
security professionals, systems engineers, network
administrators, IT professionals, security consultants, and other
people responsible for implementing network and perimeter
security. To attend this training, you should have a good hands-on experience in administering Windows infrastructure and
basic around public cloud concept (Office 365, Azure)

Platform and Technical Requirements

To participate in the course you need a stable internet connection. For best learning experience we also need you to have a webcam, headphones and a microphone. Open RDP port 3391 for the connection to the lab environment is needed as well. We will setup a secure Zoom classroom for every day of the course – we will send you a safe link to join the conference by e-mail.

Exercises

All exercises are based on O365 and Azure Cloud. This course is based on practical knowledge from tons of successful projects, many years of real-world experience and no mercy for misconfigurations or insecure solutions! Remember that the labs will stay online for an extra three weeks so you may practice even more after the
training is completed!

How to persuade your manager that this course is meaningful?

Investing in knowledge is one of the most worthy investment not only for us, but also for our environment. Learning new skills and insights in terms of cybersecurity may benefit with gaining awareness and as a result, may prevent falling a victim to cyber threats in the future.

Protects the Company

You will be the valuable element in regards to company’s safety – knowing about potential threats and ways of avoiding them may be incredibly useful in a daily company life.

Improves Employees skills

Not only your company will gain a specialist in terms of cybersecurity, but also you will unlock the door for expanding your skills horizon even further.

Boosts customer confidence

Completed course with personal certification may be the perfect advantage when it comes to business.

Helps comply with regulations

Knowledge is power—it helps navigate through complex regulatory landscapes. Keeping up-to-date with the latest cybersecurity regulations and standards ensures your company remains compliant, thus avoiding costly penalties and reputational damage.

Saves money in the long run

Who would have want to pay regularly for help in case of emergency data leakage in a company? It’s much better to educate the employees and prevent any cybersecurity risks.

Prepares for emerging threats

After our course, you will be educated in the possible threats and you will identify any suspicious activity online with ease.

Register now and learn from the best!

During this 3-day course in 21 hours of super intensive BOOTCAMP you will gain crucial cybersecurity knowledge and skills in terms of Threat Hunting for SOC Analyst. Moreover, you will be able to:

    • Get the highest quality and unique learning experience – the class is limited to 20 participants by default.
    • Get the opportunity to interact with our world-renowned Experts.
    • Go through CQURE’s custom lab exercises and practice them after the course.
    • Receive a lifelong certification after completing the course!
    • Get 12-month access to the recordings!

Your Experts

This course is delivered by one of the greatest, world-renowned Cybersecurity Experts with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.

Mike

Jankowski-Lorek, Ph.D.

Director of Consulting, Cybersecurity Expert, MCT

Cybersecurity Expert, solution architect, consultant, penetration tester, and developer with more than 20 years of experience in the field. Mike holds multiple certifications, in security, database and software development. He also holds a Ph.D. in Computer Science.

Mateusz

Ziebura

Cybersecurity Analyst

Mateusz Ziebura is an expert in the field of cybersecurity. At CQURE, he specializes in incident response, regularly supporting and participating in post-attack situation analysis, and assisting companies in cybersecurity education. A highly skilled researcher!

How can we help you?

Suggested searches

    Search history

      Popular searches:

      Not sure what course to look for?

      Mobile Newsletter Form