Malware Incident & Log Forensics
The Malware Incident & Log Forensics course is designed to help candidates detect and hunt real world adversaries in a simulated environment. This course will take you through the different stages of an Attacker killchain and will focus heavily on threat hunting using log analytics. Most organizations are limited to the knowledge of SOC analysts/Blue team even if they have a good security suite in place. Most of the time, incidents are created when there are alerts by some pre-created detection use cases. But what happens if there is no alert. How do you hunt for something you don’t know exist?
The candidates will get lab access over a cloud environment where they can create their own hunt use cases from the existing logs of actual attacks that have happened over years, and some of them being custom-built attacks using known Command & Control used by Adversaries like Cobalt-Strike, Metasploit, Zeus, Mirai, Covenant and more. This will help the threat hunters to enhance their detection and hunting knowledge on the network and endpoint level.
The total course duration are 3 days Online Interactive training sessions over Google Meet. Virtual environments such as Active Directory Lab/C2 access/Domain access will be provided where necessary. A detailed information on the training content can be found here.
Dark Vortex provides Certificate Of Completion for every completed course. This certificate may be verified by contacting paranoidninja@0xdarkvortex.dev using the enrolment ID from the given certificate.
The course is highly practical in nature and involves a lot of programming in C/C++, reverse engineering in windbg/x64dbg. Its important to have a good grasp of the below fundamentals before approaching the course.
During the course, we will be working with different virtual machines which will involve cloning, creating, and snapshots and several other hands-on exercises. A properly configured system is extremely important to fully utilize the benefits of the training session. We strongly request you to have fully configured system which meets the below requirements for the course. All the requirements mentioned below are either freely available or open source.
NOTE: Make sure you have a snapshot of each virtual machine before you start the class, just in case you have to revert everything back to stock if your Virtual Machine crashes during the training.
At the end of the course, you will receive a Certificate of Completion and all the training materials including course PDFs/slides, content materials, source code for payloads and logs hunted during the training program.
$2000 USD
*Inclusive of taxes and certification
We conduct live training sessions which are conducted remotely and do not contain pre-recorded videos. For enquiries on training programs or other services, reach us at paranoidninja@0xdarkvortex.dev