Adversary Operations & Proactive Hunting
The Adversary Operations & Proactive Hunting course is an advanced hunting course where candidates will not only hunt different tactics and techniques, but will also spend time understanding how the attacks work. The core focus of the training would be on endpoint hunting for Windows which will include in-depth hunting for Windows API/NT API, Windows Event logs and a lot of Open-Source tools used by real-world threat actors. The course is not limited to just log forensics, but will also include source code analysis of Open Source tools and live forensics of hosts/processes to hunt WinAPI and Malware Artefacts.
This training program will discuss in-depth, different attack scenarios and artefacts left over by in-memory attacks and process anomalies. During the course, the candidates will receive certain tools including closed and open source and they will be taught to understand code and the artefacts left in memory by the tools during and after process execution. These artefacts will be then be hunted using Sysmon, Sys-Internals Toolkit, Process Hacker and Elastic Search.
The total course duration are 3 days Online Interactive training sessions over Microsoft Teams. Virtual environments such as Active Directory Lab/C2 access/Domain access will be provided where necessary. A detailed information on the training content can be found here.
Dark Vortex provides Certificate Of Completion for every completed course. This certificate may be verified by contacting firstname.lastname@example.org using the enrolment ID from the given certificate.
The course is highly practical in nature and involves log analytics and hypothesis development for hunting and detection. Its important to have a good grasp of the below fundamentals before approaching the course.
During the course, we will be working with different virtual machines which will involve cloning, creating, and snapshots and several other hands-on exercises. A properly configured system is extremely important to fully utilize the benefits of the training session. We strongly request you to have fully configured system which meets the below requirements for the course. All the requirements mentioned below are either freely available or open source.
NOTE: Make sure you have a snapshot of each virtual machine before you start the class, just in case you have to revert everything back to stock if your Virtual Machine crashes during the training.
At the end of the course, you will receive a Certificate of Completion and all the training materials including course PDFs/slides, logs and content materials used during your training program.
Inclusive of taxes and certification
We conduct live training sessions which are conducted remotely and do not contain pre-recorded videos. For enquiries on training programs or other services, reach us at email@example.com