In-Depth Investigation & Threat Hunting
March 25-28, 2023
This live hands-on training focuses on in-depth investigation through the logs, memory and digital forensics artifacts to detect, investigate and hunt for the targeted attacks, APT attacks and ransomware attacks
HANDS-ON TRAINING
With the rise of APT attacks and targeted ransomware attacks, there's a huge need for in-depth investigation & threat hunting skills to detect these attacks early on before the cost of the breach gets doubled every day.
In this In-Depth Threat Hunting & Purple Teaming Training, you will learn how real APT attacks and targeted attacks work, how to perform in-depth investigation through collecting and analyzing digital artifacts, performing live forensics, memory forensics, and how to automate this process across the whole enterprise in Powershell.
As well, you will learn how to perform threat hunting based on the MITRE ATT&CK framework and powered by threat intelligence. Not just the Attackers' IoCs but their tactics, techniques, and procedures.
WHO IS THIS TRAINING FOR?
This training is for Security Professionals who want to expand their skills in red teaming, understand how real-world attacks look like and better protect their organizations against APT Attacks, Targeted Ransomware attacks and Fileless attacks
- Cyber Security Professionals
- Penetration Testers
- Purple Teamers
- Threat Hunters
- Incident Handlers
- SOC Analysts
Testimonials & Endorsements
"ONE OF THE BEST COURSES I EVER HAD"
"I have finished the Malware Analyst Mindset Program with full satisfaction. He did a fantastic job with more than 60 hours of hands-on and practice which makes it one of the rare courses out there. Let me say: One OF THE BEST Courses I EVER HAD"
- Yazeed Alabbad, Managed Cybersecurity Services ManagerE
"Clear example of operators that are experts in the field"
"We've worked with hundreds of security professionals and businesses over the years, and MalTrak are a clear example of operators that are experts in the field. With SUBSTANTIALLY deeper experience in malware/ransomware than just about any other organisation on the planet, they're who we go to for expert analysis and commentary on any new (or old) malware threats"
- Cameron Perry, COO of KBI.Media
"I CAN FINALLY ANALYZE, UNDERSTAND & CONTROL THE MALWARE"
"Before the training, I was always feeling that malware is a very scary thing and is a very out of hand event. This training helped me in analyzing and recognizing the malware features and if it's getting to the perimeter. And now, I feel it’s not scary anymore. I can actually analyze it, understand it and control it"
- Fung Dao Ying, System Analyst in Bintulu
"ONE OF THE BEST COURSES I EVER HAD"
"I have finished the Malware Analyst Mindset Program with full satisfaction. He did a fantastic job with more than 60 hours of hands-on and practice which makes it one of the rare courses out there. Let me say: One OF THE BEST Courses I EVER HAD"
- Yazeed Alabbad, Managed Cybersecurity Services ManagerE
"Clear example of operators that are experts in the field"
"We've worked with hundreds of security professionals and businesses over the years, and MalTrak are a clear example of operators that are experts in the field. With SUBSTANTIALLY deeper experience in malware/ransomware than just about any other organisation on the planet, they're who we go to for expert analysis and commentary on any new (or old) malware threats"
- Cameron Perry, COO of KBI.Media
"I CAN FINALLY ANALYZE, UNDERSTAND & CONTROL THE MALWARE"
"Before the training, I was always feeling that malware is a very scary thing and is a very out of hand event. This training helped me in analyzing and recognizing the malware features and if it's getting to the perimeter. And now, I feel it’s not scary anymore. I can actually analyze it, understand it and control it"
- Fung Dao Ying, System Analyst in Bintulu
The strategies, skills, and tools required to simulate real targeted attacks and harden your organization's defenses and security teams
WHAT'S IN THE TRAINING?
DAY 1
Introduction to APT Attacks & MITRE ATT&CK
- What is an APT Attack?
- What are the Attack Stages? And what’s MITTRE ATTACK?
- APT attack lifecycle
- Examples of real-world APT attacks
- Deep dive into the attackers' tactics, techniques, and procedures (TTPs) Using Threat Intelligence
- Understand the attackers' malware arsenal
Intro to Incident Response & Threat Hunting
- The Incident Response Lifecycle
- How attacks are being discovered (SOC, 3rd party & threat hunting)
- Security Controls and types of logs in an organization
- What's Threat hunting & why threat hunting?
- Types of Threat hunting
- The threat hunting process step by step
- Intelligence-based Threat hunting
Building Your Threat Detection Lab
- Intro to Log Analysis
- Build Your honeypot Domain in the Cloud (AWS & Terraform)
- Installing & Configuring ELK and Winlogbeat
- Installing & Configuring Sysmon
- Installing & Configuring OpenEDR
- Hardening Your Windows machines
Initial Access & Log Analysis
- Spearphishing Attacks with malicious attachment
- Spearphishing attacks with links
- Spearphishing attacks using social media
- Credential pharming
- Detecting Spearphishing using EDR Logs
- Advanced execution techniques
- Analyze attacks using sysmon & Splunk
- Analyze logs using sysmon & Elasticsearch
DAY 2
Packet Analysis & Malware Exfiltration
- Hunting the evil in packets
- Detecting Malware Exfiltration methods
- Detecting Downloaders, malicious documents, exploits and others
- Detecting IP Flux, DNS Flux, DNS over HTTPS
- Malicious bits transfer, malware communicating through legitimate websites
- Detecting peer-to-peer communication, Remote COM Objects and unknown RDP Communications
- Hands-on analysis using Wireshark & Microsoft Network Monitor
- Hunting the evil in zeek logs
- Hands-on analysis using zeek logs & Elasticsearch
Malware In-Depth & Malware Functionalities
- Types of Malware
- Malware Functionalities in-depth (APIs, Code Functionalities & Detection Techniques)
- Malware Encryption & Obfuscation (packing, strings encryption, API encryption .. etc)
- Strings and API Encryption & Obfuscation
- Network communication Encryption & Obfuscation
- Virtual machine & Malware analysis tools bypass techniques
- Write your own YARA rule
In-Depth Investigation & Forensics
- Why in-depth investigation?
- Detecting malware persistence: Autoruns registry keys and options
- Detecting malware persistence: Scheduled tasks and jobs
- Detecting malware persistence: BITs jobs
- Detecting malware persistence: Image File Execution Options & File Association
- Detecting Malware & Malicious Documents Execution (Prefetch, MRU, Shims, Outlook Attachments)
- $MFT structure and cavity searching
- How to perform Live Forensics (Hands-on)
DAY 3
Malware Defence Evasion Techniques
- Process Injection (DLL & Shellcode Injection)
- Advanced Process Injection (APC Queue Injection)
- Advanced Injections: Using NTFS NxF Feature
- Detecting Process injection using Sysmon logs
- Detecting Process injection using Live Forensics
- Use of legitimate applications for Applocker bypass
- Disguise malware using COM Objects
- Detecting & preventing the abuse of the legitimate applications
- Sysmon & EDR Bypass Techniques
- Detecting EDR bypass techniques with Live forensics
Memory Forensics
- Intro to Memory Forensics & Volatlity
- Capture a full memory dump
- Extract suspicious & hidden processes
- Detecting memory injection, process hollowing & API hooking
- Detect injected threads using call stack backtracing
- Detect suspicious network communication & extract network packets
- Detect malware persistence Functionalities using registry hives
- Detect the initial access using Prefetch files & MFT extraction
- Extract windows event logs from memory
- Automate memory processing using python
DAY 4
Malware Privilege Escalation Techniques
- UAC bypasses using legitimate apps
- UAC bypasses using COM objects
- UAC bypasses using Shimming
- Abusing Services for privilege escalation
- DLL Order Hijacking
- Privilege escalation to SYSTEM
- Best practicies for detecting & preventing privilege escalation
- Mac OSX & Linux privilege escalation
Incident Response In an Enterprise: Powershell Intro
- Intro to Powershell
- Powershell Remoting
- Logon Types and Powershell vs RDP
- Collect & Analyze Malicious Artifacts using Kansa
- Collect Minidumps using Powershell
- Detect suspicious processes using Powershell
- Automating Artifacts collection & analysis for threat intelligence
- Convert your threat hunting hypothesis into an alert
- Write your own SIGMA rules
Credential Theft Detection & Prevention
- Detecting & Preventing Lsass Memory dump
- Detecting & Preventing Token Impersonation
- Find attack paths & weak links using Bloodhound
YOUR INSTRUCTOR
Amr Thabet
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies including Symantec, Tenable, and others.
He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.
Amr is a speaker and a trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help security professionals all around the world to build their expertise in malware analysis, threat hunting, red teaming. and most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.
The strategies, skills, and tools required to simulate real targeted attacks and harden your organization's defenses and security teams
ALL OUR LIVE TRAINING SCHEDULE
LOOKING FOR GROUP TRAINING?
We offer group training discounts for both our live training and on-demand sessions organisations. To discuss your specific requirements, book a time to speak with one of our consultants to discuss your options.
NOT YET READY YET?
You can check out our resources that will show you exactly the quality and support you can expect from our Master's Program and our Training programs, and see why MalTrak students are in such high demand
Watch Our On-Demand Webinars
The Most Demanded Cybersecurity Skills in 2023
The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant
Enroll In Our Entry-Level Courses
Kickstart Your Cybersecurity Career
This training will give you the fundamental skills and the roadmap you need to build a successful career in cybersecurity.
Watch Our On-Demand Webinars
The Most Demanded Cybersecurity Skills in 2023
The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant
Enroll In Our Entry-Level Courses
Kickstart Your Cybersecurity Career
This training will give you the fundamental skills and the roadmap you need to build a successful career in cybersecurity.
STILL GOT QUESTIONS? WE GOT YOU!
Frequently Asked Questions
WHAT ARE THE TRAINING PREREQUISITES?
- Good IT Administration Background especially in Windows (Linux preferred)
- Good Cybersecurity & Network protocols background
- C++ Programming Background (Only in the Advanced Red Teaming Training)
WHAT HARDWARE/SOFTWARE IS REQUIRED?
- Laptop with minimum 8GB RAM and 60GB free hard disk space
- VMware Workstation or VMware Fusion (even trial versions can be used). You can use VirtualBox or other virtualization software. However, the training will be delivered based on VMware Workstation.
- Delegates have Microsoft Visual Studio or GNU C++ Compiler installed on their machine and their preferred Code Editor (Visual Studio or VS Code are preferred)