Dates: December 7th – 8th
We will spend most of this class analyzing PCAP files for Command and Control (C2) communications in order to identify malware back channels. It is assumed that the student will already understand the basics of network threat hunting, so we can immediately jump into applying that knowledge. The goal will be to create a threat hunting runbook that you can use within your own organization in order to identify systems that have been compromised.
- Identify tools and processes for network threat hunting
- How to set up a threat hunting environment
- Threat score system to prioritize artifacts
- Leveraging network findings to pivot into a forensic analysis
Audience Skill Level
Students should have a working understanding of IP communications. They should also have a basic understanding of network threat hunting. It is highly recommended that you attend our free one-day threat hunting course prior to taking this class. This class builds on the content of that one-day course.