Hunt Training

Threat Hunting Training Course

Over 30,000 students have attended our training live! 

Thank you all who joined us on Friday, September 6th, 2024 for the Threat Hunting Training Level 1 Course!

The date of the next live Threat Hunting Training Course is not scheduled yet.

As soon as registration is open, this text will be replaced by a registration button.

Subscribe to us to get notified.

Introduction to This Threat Hunting Training Course

In the following video, Chris Brenton provides a brief overview of what you can expect from taking this course.

Welcome to our Threat Hunting Training Course!

Here you will find everything you need to complete this training. The information for the course is broken down into different sections:

Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We hope you enjoy this Threat Hunting Training and plan to join us for future webcasts!

Are you interested in taking an Advanced Threat Hunting class? Chris Brenton holds one quarterly with Antisyphon InfoSec Training.

Happy Hunting!

Course Slides

DOWNLOAD COURSE SLIDES PDF

Updated Friday, September 6th, 2024

Hands-on Labs Info

Our labs are primarily designed to run on Ubuntu.

 

The latter portion of this course will be performed by you using hands-on labs with live instruction and guidance. You will be working with traces of real Command and Control (C2) traffic to reinforce what you have learned. The hands-on labs are not required, but they are the best way to learn the threat hunting process in a way you should be able to remember more efficiently – by actually doing it yourself!

All labs are included in our supplied virtual machines.

You have three options for obtaining the pre-configured labs. Links for each are in the next section.

Lab Downloads

Labs Updated 08/30/24

Our supplied lab virtual machines are pre-configured on Ubuntu and include all the tools, directories, and files you will need to perform the hands-on portions of this course.

Our virtual machine labs do not require network access. All labs will be done within the VM itself and include RITA.

We provide three options for accessing the labs. Please choose ONE of these options that work best for you.

Option #1 – Download Virtual Machine for VMWare

Download VM for VMWare

Filename: rita5-thunt-vmware.zip
Size: 3.7 GB

SHA256 Checksum: 0F1E793CE0CAA03F9328179BC1F5437A684F9EB17F50B0E9908C0BC1E4A4FAE2

 

1: Open the ZIP file with your preferred compression utility.

2: Launch/import the VM with your VM software.

3: If you are presented with an option to update Ubuntu or anything else within the VM – don’t run updates, please leave it as is. Updating the VM may cause issues.

 

VM Login: student

VM Password: findc2

Option #2 – Download Generic Virtual Machine for VirtualBox and all Other Hypervisors

Download Generic VM for VirtualBox and Others

Filename: rita5-thunt-ovf.zip
Size: 6.5 GB

SHA256 Checksum: 5671BFA4E83E9D3DCF6588D9653F3E5DC4135F56EB1F145E7B83DC335E69D0B4

 

1: Open the ZIP file with your preferred compression utility.

2: Launch/import the VM with your VM software.

3: If you are presented with an option to update Ubuntu or anything else within the VM – don’t run updates, please leave it as is. Updating the VM may cause issues.

 

VM Login: student

VM Password: findc2

Option #3 – Install Directly on Ubuntu (Metal or Cloud-based)

If you cannot run a VM, or prefer to do the labs on a local physical machine or public cloud Ubuntu instance, here are the steps you need to follow:

Spin up an Ubuntu instance, login with sudo access, and run the following commands:

wget https://github.com/activecm/rita/releases/download/v5.0.8/install-rita-zeek-here.sh

then:

chmod +x install-rita-zeek-here.sh

then:

./install-rita-zeek-here.sh

Follow the onscreen prompts. When the install is complete, you do not need to run “zeek start”. Next, run these commands:

wget https://thunt-level1.s3.amazonaws.com/thunt5-labs.tar.gz

then:

tar xvzf thunt5-labs.tar.gz

Threat Hunting Class FAQ

If you run into trouble, please see the FAQ:

Updated Friday, September 6th, 2024

THREAT HUNTING CLASS FAQ

If you still have questions or need help, please reach out to us on our Threat Hunter Community Discord Server in the “#acm-general” channel.

Previous Course Video Recording

Recorded September 6th, 2024

Interested in helpful threat hunting tools?

CHECK OUT AC-HUNTER
OUR OPEN-SOURCE TOOLS
Latest Active Countermeasures Blog Posts: