Conducting Threat Hunting and Defending using Cisco Technologies for Cybersecurity (CBRTHD)

Duration: 5 Days

The Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD) is a Cisco threat hunting training that introduces and guides you to a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools.
Course Outline

 

Threat Hunting Theory 
  • Threat Hunting Concepts
  • Threat Hunting Types
  • Conventional Threat Detection vs Threat Hunting

 

Threat Hunting Concepts, Frameworks and Threat Models 
  • Cybersecurity Concepts
  • Common Threat Hunting Platforms
  • Threat Hunting Frameworks
  • Threat Modeling
  • Case Study: Use the PASTA Threat Model

 

Threat Hunting Process Fundamentals 
  • Threat Hunting Approaches
  • Threat Hunting Tactics and Threat Intelligence
  • Defining Threat Hunt Scope and Boundaries
  • Planning the Threat Hunt Process

 

Threat Hunting Methodologies and Procedures 
  • Investigative Thinking
  • Identify Common Anolmalies
  • Analyze Device and System Logs
  • Determine the Best Threat Hunt Methods
  • Automate the Threat Hunting Process
 
Network-Based Threat Hunting 
  • Operational Security Considerations
  • Performing Network Data Analysis and Detection Development
  • Performing Threat Hunting in the Cloud

 

Endpoint-Based Threat Hunting 
  • Threat Hunting for Endpoint-Based Threats
  • Acquiring Data from Endpoint
  • Performing Host-Based Analysis

 

Endpoint-Based Threat Detection Development
  • Analyze Endpoint Memory
  • Examining Systems Memory Using Forensics
  • Developing Endpoint Detection Methods
  • Uncovering New Threats, Indicators and Building TTPs

 

Threat Hunting with Cisco Tools 
  • Threat Hunting with Cisco Tools
  • Cisco XDR Components

 

Threat Hunting Investigation Summary: A Practical Approach 
  • Conducting a Threat Hunt
 
Reporting the Aftermath of a Threat Hunt Investigation 
  • Measure the Success of a Threat Hunt
  • Report Your Findings
  • Threat Hunting Outcomes
 
Lab Outline
  • Categorize Threats with MITRE ATTACK Tactics and Techniques
  • Compare Techniques Used by Different APTs with MITRE ATTACK Navigator
  • Model Threats Using MITRE ATTACK and D3FEND
  • Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain
  • Determine the Priority Level of Attacks Using MITRE CAPEC
  • Explore the TaHiTI Methodology
  • Perform Threat Analysis Searches Using OSINT
  • Attribute Threats to Adversary Groups and Software with MITRE ATTACK
  • Emulate Adversaries with MITRE Caldera
  • Find Evidence of Compromise Using Native Windows Tools
  • Hunt for Suspicious Activities Using Open-Source Tools and SIEM
  • Capturing of Network Traffic
  • Extraction of IOC from Network Packets
  • Usage of ELK Stack for Hunting Large Volumes of Network Data
  • Analyzing Windows Event Logs and Mapping Them with MITRE Matrix
  • Endpoint Data Acquisition
  • Inspect Endpoints with PowerShell
  • Perform Memory Forensics with Velociraptor
  • Detect Malicious Processes on Endpoints
  • Identify Suspicious Files Using Threat Analysis
  • Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk
  • Conduct Threat Hunt Using Cisco XDR Control Center and Investigate
  • Initiate, Conduct, and Conclude a Threat Hunt