介绍:
原老外的课程链接:
https://www.networkdefense.co/courses/hunting/
结构化的系统,确保您永远不会不知从何入手寻找恶意攻击。实用威胁搜寻是一门基础课程,它将教您如何使用经过验证、结构化且可重复的框架进行威胁搜寻。实用威胁搜寻课程将教您如何以最佳方式进行威胁搜寻,让您永远不会缺少切入点或操纵数据以发现异常的技术。您将通过一系列专家指导的讲座、基于场景的演示和动手实验来提升技能。通过理论与应用相结合的课程,您将学习威胁搜寻的基础知识,并立即将其应用于您的网络。
教学大纲
- 两种狩猎框架:基于攻击的狩猎(ABH)和基于数据的狩猎(DBH)
- 利用威胁情报和 MITRE ATT&CK 框架进行输入追踪的技术
- 审查证据时会遇到的 9 种最常见的异常类型。
- 威胁猎手转换数据以发现异常的四种最常见方式
- 各种规模的组织中典型的猎头人员配置模型及其优缺点
- 支持并实现威胁搜寻行动的 5 个指标
- 我在狩猎时有效记录笔记的两步系统(以及如何将这些笔记转换为长期存储以便于搜索)
- 猎人维基/知识库的理想设计
为狩猎行动做准备的五步框架,用于分析和模拟攻击
目录:
├── 01. Course Introduction
│ └── 1. Course Welcome and Approach.mp4
├── 02. Overview of the Hunting Process
│ ├── 1. The Investigation Process, Where Hunting Fits In, And Hunting Defined.mp4
│ ├── 2. Attack-Based Hunting (ABH) Overview.mp4
│ ├── 3. Working through an ABH Example.mp4
│ ├── 4. Data-Based Hunting (DBH) Overview.mp4
│ └── 5. Working through a DBH Example.mp4
├── 03. Anomaly Detection
│ ├── 1. Subject vs. Context Anomalies and the Eye Test.mp4
│ ├── 2. Common Anomaly Types 1.mp4
│ ├── 3. Common Anomaly Types 2.mp4
│ └── 4. Common Anomaly Types 3.mp4
├── 04. The Lab Network
│ ├── 1. Accessing the Lab
│ │ └── pth-analyst-vmware-1.0.zip
│ └── 2. Lab Tools Walkthrough.mp4
├── 05. Hunting Labs - Anomaly Spotting
│ ├── 1. Hunting Lab 1.mp4
│ └── 2. Hunting Lab 2.mp4
├── 06. Data Transformation
│ ├── 01. The GAPSS Model for Hunters.mp4
│ ├── 02. Search Strategies.mp4
│ ├── 04. Mastering Any Search Tool 1.mp4
│ ├── 05. Mastering Any Search Tool 2.mp4
│ ├── 06. Aggregations - Concepts.mp4
│ ├── 07. Aggregations - Tools.mp4
│ ├── 08. Aggregations - In Practice.mp4
│ ├── 09. Simple Statistics for Anomaly Hunting.mp4
│ ├── 10. More Statistics for Anomaly Hunting.mp4
│ └── 11. Context Switching with Pivots.mp4
├── 07. Threat Intelligence and Attack Dissection
│ ├── 1. Attack Dissection Overview and Collecting Examples.mp4
│ ├── 2. Identifying Entities, Relationships, and Steps.mp4
│ ├── 3. Simulating Attacks (+Detection Lab).mp4
│ ├── 4. Mapping Attack Steps to Evidence.mp4
│ └── 5. Correlating Evidence to Expected Anomaly Types.mp4
├── 08. Hunting Labs - ABH
│ ├── 1. Hunting Lab 3.mp4
│ └── 2. Hunting Lab 4.mp4
├── 09. Hunting in your Organization
│ ├── 1. Enabling Hunting in your Organization without the BS.mp4
│ ├── 2. 3 Common Operational Hunting Models.mp4
│ ├── 3. Metrics to Gain and Keep Organizational Support.mp4
│ ├── 4. Must-Have Hunting Data Sources and Tools.mp4
│ └── 5. The Hunt Once Principle.mp4
├── 10. Hunting Knowledge Management
│ ├── 1. My Two-Step System for Documenting Hunting Knowledge.mp4
│ ├── 2. Constructing the Hunter's Wiki - Principles and Software.mp4
│ └── 3. Constructing the Hunter's Wiki - Structure.mp4
├── 11. Hunting Labs - DBH
│ ├── 1. Hunting Lab 5.mp4
│ └── 2. Hunting Lab 6.mp4
├── 12. Course Conclusion
│ └── 1. Course Conclusion and Next Steps.mp4
├── Lab
│ ├── Hunting Tool Recommendations.pdf
│ └── pth_data
│ ├── __MACOSX
│ │ └── pth_data
│ │ ├── ._.DS_Store
│ │ └── pdfs
│ │ ├── ._Hunting Expedition Ideas.pdf
│ │ ├── ._Hunting Tool Recommendations.pdf
│ │ ├── ._Hunting Wiki Construction.pdf
│ │ ├── ._Kibana Searches.pdf
│ │ └── ._Twitter Follows.pdf
│ └── pth_data
│ ├── .DS_Store
│ ├── pdfs
│ │ ├── Hunting Expedition Ideas.pdf
│ │ ├── Hunting Tool Recommendations.pdf
│ │ ├── Hunting Wiki Construction.pdf
│ │ ├── Kibana Searches.pdf
│ │ └── Twitter Follows.pdf
│ └── scenarios
│ ├── lab1
│ │ ├── import.sh
│ │ └── lab1.zip
│ ├── lab2
│ │ ├── import.sh
│ │ └── lab2.zip
│ ├── lab3
│ │ ├── import.sh
│ │ ├── lab3-1.zip
│ │ ├── lab3-2.zip
│ │ ├── lab3-3.zip
│ │ ├── lab3-4.zip
│ │ └── lab3-5.zip
│ ├── lab4
│ │ ├── import.sh
│ │ └── lab4.zip
│ ├── lab5
│ │ ├── import.sh
│ │ └── lab5.zip
│ └── lab6
│ ├── import.sh
│ └── lab6.zip下载链接:
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容