Threat Hunting Training Course
If you would like to take this training live and receive a certificate, Register Here for the next session of this training!
Welcome to our Threat Hunt Training Course!
Here you will find everything you need to complete this training. The information for the course is broken down into different sections…
- Course slides
- Course video recordings (with timeline breakdowns)
- Hands-on Lab info
- Lab downloads
- FAQ document
- Download notes
Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We hope you enjoyed this Threat Hunt Training and plan to join us for future webcasts!
Interested in taking an “Advanced Threat Hunting” Class? Chris Brenton does one quarterly with WWHF! Check it out Here!
Happy Hunting!
Threat Hunt Training Course Recording
Timeline Breakdown
Training Begins – 00:29:20
Start of Labs – 03:35:40
Labs
We’ve updated the options for performing the labs, so if you are returning to the class as a refresher please read this section carefully!
The end of the class is all hands-on labs. You will be working with traces of real command and control (C2) traffic in order to reinforce what you have learned. The labs are optional, but they are the best way to really learn the threat hunting process.
You have two options for performing the labs…
1) Download a copy of the VMWare virtual machine
2) Start your own Linux system and run the class install script
With option #1 you get a self-contained virtual machine that is all configured and ready to go. It’s 2 GB in size and requires VMWare Player compatible software to run it, but this is usually the easiest option to get running.
With option #2, you avoid downloading a single large file and it gives you the option of performing the labs within a public cloud environment. This option can be useful if you have very slow Internet access speeds or don’t have the resources on your local system to run the VM. However, this option is more likely to be buggy, as we’ve only tested it on Ubuntu 18 and CentOS 7 (we still consider the install to be beta).
All of the labs will be performed from the command line, so if you can see the files you are set to go! If you run into trouble, please reach out to us on our Threat Hunter Community Discord Server in the #acm-general channel.
or, email us: [email protected]
Lab Download Options
Option 1 – Downloading the VM
Option 2 – Downloading the Install Script
Login to the Linux system on which you will be performing the labs via SSH. Your account needs to have “sudo” access so that you can run commands as root. From your home directory, run the following command:
wget https://threat-huntiing.s3.amazonaws.com/install- tools.v0.2.3.sh
This will download the install script. You now need to make the script executable by running the following command:
chmod +x install-tools.v0.2.3.sh
You can now run the install script:
./install-tools.v0.2.3.sh
You will be prompted for your password so that sudo commands can be run. Answer “yes” to all prompts during the install. Once the install script finishes you will need to logout and log back into the system. You should see three new directories in your home directory named “lab1”, “lab2” and “lab3”.
Notes for the Lab Download
Name: thunt-202102.zip
Size: 2193726370 bytes (2092 MiB)
CRC32: C8E75210
CRC64: CB1CCD83D0FAFE1A
SHA1: EB38C2CC4E5074A11DE231945A2447
SHA256: 50A1A2CFC431777B7EDF25553072BE
Name: install-tools.v0.2.3.sh
Size: 7943 bytes (7 KiB)
CRC32: 40246E46
CRC64: 9ED640DA78F8681A
SHA1: 8EBFC7573B42AD793E84116F35C057
SHA256: 00A1CC67013E0ABD4DC116E2AB5389