Threat Hunting Training Course
Over 30,000 students have attended our training live!
Thank you all who joined us on Friday, September 6th, 2024 for the Threat Hunting Training Level 1 Course!
The date of the next live Threat Hunting Training Course is not scheduled yet.
As soon as registration is open, this text will be replaced by a registration button.
Introduction to This Threat Hunting Training Course
In the following video, Chris Brenton provides a brief overview of what you can expect from taking this course.
Welcome to our Threat Hunting Training Course!
Here you will find everything you need to complete this training. The information for the course is broken down into different sections:
Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We hope you enjoy this Threat Hunting Training and plan to join us for future webcasts!
Are you interested in taking an Advanced Threat Hunting class? Chris Brenton holds one quarterly with Antisyphon InfoSec Training.
Happy Hunting!
Hands-on Labs Info
Our labs are primarily designed to run on Ubuntu.
The latter portion of this course will be performed by you using hands-on labs with live instruction and guidance. You will be working with traces of real Command and Control (C2) traffic to reinforce what you have learned. The hands-on labs are not required, but they are the best way to learn the threat hunting process in a way you should be able to remember more efficiently – by actually doing it yourself!
All labs are included in our supplied virtual machines.
You have three options for obtaining the pre-configured labs. Links for each are in the next section.
Lab Downloads
Labs Updated 08/30/24
Our supplied lab virtual machines are pre-configured on Ubuntu and include all the tools, directories, and files you will need to perform the hands-on portions of this course.
Our virtual machine labs do not require network access. All labs will be done within the VM itself and include RITA.
We provide three options for accessing the labs. Please choose ONE of these options that work best for you.
Option #1 – Download Virtual Machine for VMWare
Filename: rita5-thunt-vmware.zip
Size: 3.7 GB
SHA256 Checksum: 0F1E793CE0CAA03F9328179BC1F5437A684F9EB17F50B0E9908C0BC1E4A4FAE2
1: Open the ZIP file with your preferred compression utility.
2: Launch/import the VM with your VM software.
3: If you are presented with an option to update Ubuntu or anything else within the VM – don’t run updates, please leave it as is. Updating the VM may cause issues.
VM Login: student
VM Password: findc2
Option #2 – Download Generic Virtual Machine for VirtualBox and all Other Hypervisors
Filename: rita5-thunt-ovf.zip
Size: 6.5 GB
SHA256 Checksum: 5671BFA4E83E9D3DCF6588D9653F3E5DC4135F56EB1F145E7B83DC335E69D0B4
1: Open the ZIP file with your preferred compression utility.
2: Launch/import the VM with your VM software.
3: If you are presented with an option to update Ubuntu or anything else within the VM – don’t run updates, please leave it as is. Updating the VM may cause issues.
VM Login: student
VM Password: findc2
Option #3 – Install Directly on Ubuntu (Metal or Cloud-based)
If you cannot run a VM, or prefer to do the labs on a local physical machine or public cloud Ubuntu instance, here are the steps you need to follow:
Spin up an Ubuntu instance, login with sudo access, and run the following commands:
wget https://github.com/activecm/rita/releases/download/v5.0.8/install-rita-zeek-here.sh
then:
chmod +x install-rita-zeek-here.sh
then:
./install-rita-zeek-here.sh
Follow the onscreen prompts. When the install is complete, you do not need to run “zeek start”. Next, run these commands:
wget https://thunt-level1.s3.amazonaws.com/thunt5-labs.tar.gz
then:
tar xvzf thunt5-labs.tar.gz
Threat Hunting Class FAQ
If you run into trouble, please see the FAQ:
Updated Friday, September 6th, 2024
If you still have questions or need help, please reach out to us on our Threat Hunter Community Discord Server in the “#acm-general” channel.
Previous Course Video Recording
Recorded September 6th, 2024