Adversary Operations & Proactive Hunting

What To Expect

The Adversary Operations & Proactive Hunting course is an advanced hunting course where candidates will not only hunt different tactics and techniques, but will also spend time understanding how the attacks work. The core focus of the training would be on endpoint hunting for Windows which will include in-depth hunting for Windows API/NT API, Windows Event logs and a lot of Open-Source tools used by real-world threat actors. The course is not limited to just log forensics, but will also include source code analysis of Open Source tools and live forensics of hosts/processes to hunt WinAPI and Malware Artefacts.

This training program will discuss in-depth, different attack scenarios and artefacts left over by in-memory attacks and process anomalies. During the course, the candidates will receive certain tools including closed and open source and they will be taught to understand code and the artefacts left in memory by the tools during and after process execution. These artefacts will be then be hunted using Sysmon, Sys-Internals Toolkit, Process Hacker and Elastic Search.

Training Content

The total course duration are 3 days Online Interactive training sessions over Google Meet. Virtual environments such as Active Directory Lab/C2 access/Domain access will be provided where necessary. A detailed information on the training content can be found here.


Dark Vortex provides Certificate Of Completion for every completed course. This certificate may be verified by contacting using the enrolment ID from the given certificate.


The course is highly practical in nature and involves log analytics and hypothesis development for hunting and detection. Its important to have a good grasp of the below fundamentals before approaching the course.

  • Basic Understanding of the Windows Active Directory environment
  • Basic Understanding of Log Analytics
  • Familiarity with programming concepts
  • Strong will to learn and creative mindset.

System Requirements

During the course, we will be working with different virtual machines which will involve cloning, creating, and snapshots and several other hands-on exercises. A properly configured system is extremely important to fully utilize the benefits of the training session. We strongly request you to have fully configured system which meets the below requirements for the course. All the requirements mentioned below are either freely available or open source.

  • Windows 10
    • A laptop with atleast 16GB RAM to run a Kali/Ubuntu virtual machine.
    • VMware/VirtualBox installed
    • Good Internet Connectivity
    • Visual Studio Code/Editor of your choice
  • Kali Linux/Ubuntu 20.04 (Virtual Machine)
    • VS Studio Code
    • Wireshark

NOTE: Make sure you have a snapshot of each virtual machine before you start the class, just in case you have to revert everything back to stock if your Virtual Machine crashes during the training.

Course Fees

Adversary Operations & Proactive Hunting | 3 days (Interactive/Online)

At the end of the course, you will receive a Certificate of Completion and all the training materials including course PDFs/slides, logs and content materials used during your training program.

$2500 USD

*Inclusive of taxes and certification

We conduct live training sessions which are conducted remotely and do not contain pre-recorded videos. For enquiries on training programs or other services, reach us at