Hunt The Hacker (inglise keeles)
Training duration: 2 days (16 academic hours) of instruction, predominantly in the form of hands-on hunting labs.
Group size: 10 participants maximum
Target audience: Everybody who needs to know more about what threat hunting is, why it is necessary, what is required to start doing it, and how it should be done. Appropriate roles include: CISOs, Security Managers, SOC staffers, Incident Responders, Forensic Analysts and System Administrators.
Pre-requisites: To maximize value to the attendee, prior HOHE participation is highly recommended, but not mandatory.
The training is held by our partner Clarified Security.
Contents of the training
During the 2 days hands-on training experience the participants learn how to hunt hackers within our Windows 10 lab network, using a range of highly effective threat hunting technologies and techniques. Technologies used: Sysmon, the Elastic stack (formerly “ELK”), WinRM, PowerShell, YARA.
Participants will understand what threat hunting is, be utterly convinced of the need for it, know what infrastructure is required to facilitate it, and be able to start doing it with confidence within their own organizations.
The training environment is a remotely accessed lab that can be used by participants anywhere in the world as long as VPN connection via decent Internet connectivity is viable. The hunting lab is hosted on Clarified Security’s own virtualized infrastructure. Each student has their own account on the shared environment, made up of a Windows domain plus threat hunting infrastructure.
Technical requirements for the training
You will need to bring your own laptop. Everyone needs to bring their own laptop that has WiFi (or LAN cable port) for connecting to the training environment via our VPN device. Any OS is fine, all you need is a SSH and VNC client. For Windows users portable apps Putty.exe and vncviewer.exe will be available to download locally, thus, typical corporate Windows users do NOT need any admin privileges.
Computers need at least 1024×768 resolution, must be able to obtain IP address from our device’s DHCP server, users must be able to log in with local accounts as domain controller nor direct Internet connection will not be available.
You will be connecting to your attack platform (a Kali Linux VM), hosted within our our hacking lab environment, using SSH and VNC. If you don’t have clients for these protocols already, we can provide them to you when you arrive.
Täienduskoolituse õppekavarühm: Informatsiooni- ja kommunikatsioonitehnoloogia interdistsiplinaarne õppekavarühm
Karl RaikPentester (WebApps) and trainer
Karl joined Clarified Security team in September 2015 as a Web application pentester. His previous work experience consists mainly of Web Application development. He holds a M.Sc. degree in Cyber Security from Tallinn University of Technology. He wrote his masters thesis about improving Web Attack Campaign overview in Cyber Defense Exercises. Karl is a trainer of our Hands-on Hacking Essentials (HOHE) and Hands-on Hacking Advanced (HOHA) courses.