Threat Hunting Training Course

Our next session is Tuesday, October 3rd, 2023 from 11 AM to 5 PM (ET). Register below to attend this course live and receive a certificate. If you cannot attend live, please still register and we will send you a link to the recording.
Over 30,000 students have attended our training live!
Introduction to This Threat Hunting Training Course
In the following video, Chris Brenton provides a brief overview of what you can expect from taking this course.
Welcome to our Threat Hunting Training Course!
Here you will find everything you need to complete this training. The information for the course is broken down into different sections:
Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We hope you enjoy this Threat Hunting Training and plan to join us for future webcasts!
Are you interested in taking an Advanced Threat Hunting class? Chris Brenton holds one quarterly with Antisyphon InfoSec Training.
Happy Hunting!
Hands-on Labs Info
Our labs are designed to run only on Ubuntu or CentOS 7.
The latter portion of this course will be performed by you using hands-on labs with live instruction and guidance. You will be working with traces of real Command and Control (C2) traffic to reinforce what you have learned. The hands-on labs are not required, but they are the best way to learn the threat hunting process in a way you should be able to remember more efficiently – by actually doing it yourself!
All labs are included in our supplied virtual machines and online instance(s).
You have four options for obtaining the pre-configured labs. Links for each are in the next section.
Lab Downloads
Labs Updated 08/08/23
Our supplied lab virtual machines are pre-configured on Ubuntu and include all the tools, directories, and files you will need to perform the hands-on portions of this course.
Our virtual machine labs do not require network access. All labs will be done within the VM itself.
We provide four options for accessing the labs. Please choose ONE of these options that work best for you.
Options #1, 2, & 3 – Download VM
VirtualBox VM
Name: vbox-thunt-L1-202308.zip
Size: 13.1 GB
Hashes:
CRC32: 4525DF25
CRC64: B32C9217A729ACEA
SHA1: BCBE93D8CF0496A3CDCCD3D33421499C0D3FBDBE
SHA256: 5CF82AAEA859F9297CB33569BCFDC5023CAB87E78BD7605C82844D65BB41B899
Generic OVA
Name: ovf-thunt-L1-202308.zip
Size: 13.8 GB
Hashes:
CRC32: 3E068517
CRC64: 5313D0F3A37D3F2C
SHA1: 3F332AFBFB51484443C6FD228899BDF0317589DE
SHA256: D210F54CDC3E425E10C8FF66AE7F9B1EF0AC5924CE6A5543E1DDDC765252F992
VMware Workstation
Name: vmware-thunt-L1-202308.zip
Size: 13.1 GB
Hashes:
CRC32: 6DCCCC08
CRC64: 04A3E9177191E1AF
SHA1: 9A747DD825A10439F12980337E96B62AD13ADCB6
SHA256: 57E63852D10BC3C0D9F5B86E369FEFA555D8BF6B6ADA5D31A3E175F9B5109144
After you have chosen one of the above VM downloads, complete the following steps.
1: Open the ZIP file with your preferred compression utility.
2: Launch/import the VM with your VM software.
3: At the OS login prompt, use the following credentials:
Login: Threat Hunter
Password: hunting
(sudo Password: hunting)
4: If you are presented with an option to update Ubuntu or anything else within the VM – don’t run updates, please leave it as is. Updating the VM may cause issues.
5: In Files/Home or the “threat” shortcut on the Desktop, you will find the “labs” directory. Inside the labs directory will be the subdirectories: lab1, lab2 & lab3. (the CLI path is ‘home/threat/lab*’)
Launching the Chrome browser will provide access to the AC-Hunter UI (127.0.0.1/auth/login)
AC-Hunter login credentials:
Name: [email protected]
Password: hunting2
Option #4 – Online Instance & VM AC-Hunter CE
Don’t want to download the VM? No problem! We have an online option that will let you do most (but not all) of the labs over the Internet. This option will be made available at the start of the class.
Below are links to multiple AC-Hunter CE cloud instances. We have created more than one to keep any one of them from getting overloaded. Please choose ONE of them to use for the labs.
NOTE: Please do not delete any databases or create any safelist entries on the above cloud instances. There will be multiple people using these and any changes you make will negatively affect others.
AC-Hunter login credentials:
Name: [email protected]
Password: hunting2
Threat Hunting Class FAQ
If you run into trouble, please see the FAQ:
FAQ Updated 08/12/23
If you still have questions or need help, please reach out to us on our Threat Hunter Community Discord Server in the “#acm-general” channel.
Previous Course Video Recording
Recorded May 23rd, 2023
Basic Timeline:
Training Begins – 0:00:00
Hands-on Labs – 3:11:01