Advanced Network Defender With Threat Intelligence and Threat Hunting


Course Duration

4 Days


 Introducing The advanced Network Defender With Threat Intelligence and Threat Hunting

The goal of this course is to teach you how to look at threats from an Intelligence perspective. How to gain intelligence and analyse it so risk-based decisions can be made. The course is a combination of the Threat Intelligence and the Threat Hunting course into one powerful master class course. This Advance Network Defender Threat Intelligence, and Threat Hunting course starts with an overview of threat intelligence, framework, and its role in the security operations of your organization.

When adversaries attack. The time they spend on the network undetected can be up to 6 months or even years. How do you detect attackers in your network that have bypassed all the security measures you have in place? This is where a threat hunting program comes in.

Learning Objectives
  • Explain the concept of threats and how it relates to cyber security risks
  • Define Cyber Threat Intelligence, what it is and what it is not.
  • Be able to differentiate between Threat Intelligence and Threat Hunting
  • Explain why Threat Intelligence is an important part of cyber security risk management
  • Explain the Lockheed Martin Kill Chain, Diamond Model, and Mitre Framework for Threat intelligence
  • Know the tools that are used for Threat Intelligence and be able to use them
  • Learn to gather Threat Intelligence feed and process them
  • Define Cyber Threat Hunting and explain its value to an organization
  • Understand the Threat Hunting process
  • Know the difference between Cyber Threat Intelligence and Threat Hunting and Incident Response.
  • Learn what data to collect and where to collect it
  • Leverage both endpoint and network data for successful hunting
  • Understand how to hunt for threats in your organization’s systems and network
  • Understand the Hunting Maturity Model to measure your organization’s hunting capability
  • Learn how to find and investigate malware, phishing, lateral movement, data exfiltration, and other common threats
Course Description

Day 1

Cyber Threat Intelligence

  • Introduction to Threat Intelligence
  • Threat Intelligence Frameworks:
  • Lockheed Martin Kill Chain
  • Diamond Model
  • Mitre ATT&CK Framework
  • Threat Intelligence (TaHiTI) methodology

    Threat Intelligence Use Cases

    • Security Operations Center (SOC)
    • Incident Response management
    • Vulnerability management

    Cyber Threat Intelligence (CTI) at the various level:

    • Strategic level
    • Tactical level
    • Operational level
    • Technical Intelligence level

    The Cyber Threat Intelligence Cycle

    • Requirements, Planning, Direction
    • Threat Intelligence Data Collection
    • Data Processing
    • Data Analysis
    • Intelligence Reporting
    • Dissemination

    Day 2

    Tools for Threat Intelligence

    • Yara for malware identification and classification
    • Structured language for cyber threat intelligence (STIX)
    • A transport mechanism for sharing cyber threat intelligence (TAXI)
    • Sophisticated threats are bypassing both perimeter and endpoint security.
    • Increase the speed and accuracy of incident response
    • Understand and reduce attack surface exposure / hardened network and endpoints.
    • Reduce the time an adversary dwells on the network unnoticed
    • Detect/prevent the spread of the attack and lateral movement
    • Collect evidence of compromise

    Day 3

    Threat Hunting

    • Introduction to Threat Hunting
    • Cyber threat hunting definition and goals
    • The pyramid of pain
    • The Six D’s of Threat hunting
    • Hunting for Indication of compromise (IoC) and Artifacts.
    • Cyber threat hunting methodologies and techniques

    Threat Hunting Use Cases

    • Technology Review
    • Real-world Threats
    • Hunt Mission
    • Data Collection and Hunt Execution
    • Analysis
    • Refining the Hunt Mission

    Threat Hunting Methods

    • Threat Hunting with the Mitre Framework
    • DEtect Tactics, Techniques & Combat Threats model
    • Combining DeTT&CT with Mitre Att&CK
    • Using Caldera to simulate threat

    Day 4

    How to Build a Hunting Lab

    • The Technical requirements
    • Building the Elastic Machine
    • Setting up the OS
    • Install and setup Kibana
    • Setup a small network for the hunting lab

    Hunting for The Indication of Compromise (IoC)

    • Hunting for network-based cyber threats
    • Hunting for host-based cyber threats
    • Cyber threat hunting technologies and tools

    Using Elastic Stack for Threat Hunting

    • Use available opensource tools for threat hunting
    • Introduction to Elastic Stack
    • Collection and analyses of data with Elastic Stack
    • View Elastic Stack data using Kibana
    Other Information

    Labs will be used throughout this course. You will have the opportunity to put what you’ve learned into practice through a series of hands-on labs.


    This course assumes that you have a basic understanding of security operations and some understanding of computer networking and security concepts.

    What You Will Receive:

    • Printed courseware
    • Electronic reading materials
    • Access to the course lab exercises
    • Access to a Cloud Service Provider for the labs
    • Additional book on related topics

    System Requirements:

    Some of the labs will be performed in the cloud and others on your local laptops. As such, you need to have admin access to your system and be able to access the internet.

    Therefore, your system should meet the following requirements:

    • A modern laptop with full Admin access
    • Unrestricted Internet
    • An OpenSSH client installed
    • A PDF reader

    Who Should Attend?

    This training is for anyone working in the security Operating Center (SOC) who wants to learn how to get more enriched security operations. The following roles can also benefit from the course:

    • Network security professionals
    • Incident responders
    • Penetration testers
    • Red team members and other white hats
    • Security analysts
    • Security consultants and auditors
    • Security Managers who want to create threat-hunting teams

    Course duration

    This is a Master class course with a duration of 4 days of classroom training and 2 additional days of home study and lab work.

    Course Registration Form

    Type in your details to register for this course below.