Cyber Threat Hunting from Coursera

What's inside

Syllabus

Cyber threat hunting introduction

In this introductory module with Keatron Evans, you'll explore cyber threat hunting: defining it, skills required, hunt modeling with hypotheses, implementation benefits and more.

Threat hunting artifacts and types

In this module, you'll explore what's needed for a really effective threat-hunting program. You'll also learn about artifacts, indicators of compromise, tactics, techniques and procedures, the Pyramid of Pain and many more insights from Keatron.

Threat hunting techniques and generative AI

Explore the concepts of anomalous activity and investigation. The purpose of this module is to help the threat hunter identify whether an anomalous activity is a threat. Explore how to investigate, walking through the information and identifying any issues right away. In this course, Keatron uses generative AI to quickly find malicious activity.

Threat hunting methodologies

In this module, you'll explore the differences between structured and unstructured hunts with Keatron. You will also get into entity-driven hunting.

Threat hunting data and technologies

In this course, Keatron will take you through different data sources that you may hunt through. These include SIEMs, EDR and XDR logs, threat intelligence platforms and several other data sources.

Cyber threat hunting process

In this course, you will learn how to build a hunt. Keatron gets into the details of all the things the learner must consider when building out a hunt and scoping. We also discuss lessons learned and proper execution.

Cyber threat hunting scenarios

In this course, you'll see how different threat hunting scenarios play out. We will use real-world examples to illustrate how we form a hypothesis all the way through lessons learned.

Hunting for network-based threats

In this course, we will go on a deep dive with Keatron concerning network-based threats, including DNS, DDoS and irregular traffic, plus more. This course will include some labs and demonstrations. Locate even the hardest-to-find malware with these techniques.

Hunting for host-based threats

In this course, Keatron will walk through various host-based threats and indicators. There will be labs and demonstrations that include memory forensics, PowerShell and Windows event log parsing.

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Develops threat hunting skills, which are core skills for discovering and mitigating threats

Taught by Keatron Evans, who is recognized for his work in threat hunting

Covers a wide range of threat hunting topics, including threat intelligence, investigation techniques, and remediation methods

Provides hands-on experience with threat hunting tools and techniques

Requires extensive background knowledge in IT and security

Assumes familiarity with threat hunting concepts and terminology

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Cyber Threat Hunting with these activities:

Review core networking concepts

Show steps

Strengthens your foundational networking knowledge, ensuring a solid base for understanding and analyzing network-based threats.

Browse courses on Networking Fundamentals

Show steps

Review the OSI model and its layers.
Study common network protocols, including TCP/IP, UDP, and DNS.
Explore basic network security concepts, such as firewalls, intrusion detection, and prevention.

Review essential cybersecurity concepts

Show steps

Build a strong foundation by revisiting key concepts before starting the course.

Browse courses on Security

Show steps

Review basic network concepts
Refresh your understanding of cyber threats

Read 'The Art of Deception: Controlling the Human Element of Security'

Show steps

Gain insights into social engineering techniques and human vulnerabilities, crucial for understanding attacker methodologies and developing effective countermeasures.

View The Art of Deception: Controlling the Human... on Amazon

Show steps

Study the principles of social engineering and how attackers exploit human weaknesses.
Identify common social engineering tactics and techniques.
Develop strategies to mitigate social engineering attacks and protect against human-based threats.

Eight other activities

Expand to see all activities and additional details

Show all 11 activities

Review network security fundamentals

Show steps

Refreshes foundational network security knowledge, equipping you with a robust understanding before delving into advanced threat hunting concepts.

Browse courses on network security

Show steps

Revise concepts of network topology, IP addressing, and subnetting.
Review common network protocols, including TCP/IP, UDP, and DNS.
Explore fundamental network security principles, such as firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).

Connect with experienced threat hunters

Show steps

Gain valuable guidance and insights from industry professionals.

Show steps

Attend industry events or online forums
Reach out to professionals via LinkedIn or email

Follow tutorials on threat intelligence platforms

Show steps

Strengthens your understanding of threat intelligence sources and tools, enabling you to gather and analyze valuable information for threat hunting.

Browse courses on Threat Intelligence

Show steps

Explore online resources and tutorials from vendors such as Mandiant, FireEye, and Recorded Future.
Sign up for free trials or demos to gain hands-on experience with threat intelligence platforms.
Practice using threat intelligence feeds to identify and track malicious actors and campaigns.

Hunt for malicious activity using network traffic analysis

Show steps

Sharpens your ability to identify and analyze suspicious network activity, enhancing your threat detection capabilities.

Browse courses on Network Traffic Analysis

Show steps

Use Wireshark or other network packet analysis tools to capture and inspect network traffic.
Identify patterns and anomalies in network traffic that may indicate malicious activity.
Correlate network traffic data with other security logs and data sources to identify potential threats.

Participate in online discussion forums on threat hunting

Show steps

Connects you with a community of threat hunters, enabling you to share knowledge, learn from others, and stay up-to-date on industry best practices.

Show steps

Join online forums dedicated to threat hunting, such as the SANS DFIR Forum or the Threat Hunting Discord server.
Participate in discussions, ask questions, and share your experiences.
Network with other threat hunters to expand your professional network.

Solve cybersecurity puzzles and challenges

Show steps

Enhance your analytical skills and test your knowledge in real-life scenarios.

Browse courses on Threat Hunting

Show steps

Participate in online CTFs (Capture the Flag) events
Solve puzzles or challenges provided by cybersecurity blogs

Develop a threat hunting playbook

Show steps

Provides you with a valuable resource to guide your threat hunting process, ensuring consistency and efficiency in responding to potential threats.

Browse courses on Incident Response

Show steps

Identify the specific threats and scenarios your organization is most vulnerable to.
Define the steps and procedures for threat detection, investigation, and remediation.
Test and refine your playbook through simulations or tabletop exercises.
Regularly update and iterate the playbook based on lessons learned and new threat intelligence.

Contribute to open-source threat hunting tools

Show steps

Enhances your technical skills, exposes you to cutting-edge tools, and contributes to the broader threat hunting community.

Browse courses on Security Tools

Show steps

Identify open-source threat hunting projects that align with your interests.
Review the project's documentation and contribute bug reports or feature requests.
Develop or improve upon existing threat hunting tools, and submit your contributions for review.

Career center

Learners who complete Cyber Threat Hunting will develop knowledge and skills that may be useful to these careers:

Threat Hunter

Threat Hunters are responsible for proactively identifying and hunting for threats to an organization's security. They use a variety of techniques to identify and track threats, and they work to prevent those threats from causing damage. If you want to build a career in cybersecurity, then the Cyber Threat Hunting course is a great resume booster. This course may help you develop the skills you need to become a successful Threat Hunter.

See salaries and explore the career path for Threat Hunter

Penetration Tester

Penetration Testers are ethical hackers who are hired to test the security of an organization's computer systems and networks. They work to identify and exploit vulnerabilities before they can be exploited by malicious actors. If you want to build a career in penetration testing, then the Cyber Threat Hunting course is a great place to start. This course will teach you the skills and techniques you need to become a successful Penetration Tester.

See salaries and explore the career path for Penetration Tester

Threat Analyst

Threat Analysts are responsible for identifying and assessing threats to an organization's security. They collect and analyze information about potential threats, and they develop and implement strategies to mitigate those threats. If you want to build a career in intelligence and risk management, then consider taking the Cyber Threat Hunting course.

See salaries and explore the career path for Threat Analyst

SOC Analyst

Security Operations Center (SOC) Analysts are responsible for monitoring and analyzing security events and incidents. They investigate security alerts, respond to security incidents, and work to prevent future security breaches. If you want to build a career working in a fast-paced environment, monitoring and analyzing security events and incidents, then you should consider the Cyber Threat Hunting course.

See salaries and explore the career path for SOC Analyst

Incident Responder

Incident Responders play a critical role in minimizing the damage caused by cyberattacks. An Incident Responder must establish incident response protocols and procedures. They work to contain the damage, restore normal operations, and provide guidance to other teams throughout the incident. If you want to build a career working on the frontlines of network security, helping organizations to respond to and recover from cyberattacks, then you should consider the Cyber Threat Hunting course.

See salaries and explore the career path for Incident Responder

Cloud Security Architect

Cloud Security Architects design, implement, and maintain the security of cloud computing environments. They work to protect cloud-based applications and data from unauthorized access, data breaches, and other threats. If you want to build a career in cloud security, the Cyber Threat Hunting course is a resume booster. It will prepare you with the skills and knowledge to keep your cloud environments secure.

See salaries and explore the career path for Cloud Security Architect

Network Security Engineer

Network security engineers are responsible for designing, implementing, and maintaining the security of an organization's computer networks. They work to protect networks from unauthorized access, denial of service attacks, and other threats. If you want to work in network security, consider the Cyber Threat Hunting course. This course will prepare you with the skills needed to identify and mitigate threats to network security.

See salaries and explore the career path for Network Security Engineer

Forensic Investigator

Forensic Investigators collect, analyze, and interpret digital evidence to investigate cybercrimes. They work to identify and apprehend cybercriminals and to prevent future cyberattacks. If you want to build a career in digital forensics, consider the Cyber Threat Hunting course. This course may help you develop the skills you need to become a successful Forensic Investigator.

See salaries and explore the career path for Forensic Investigator

Vulnerability Analyst

Vulnerability Analysts are responsible for identifying and assessing vulnerabilities in an organization's computer systems and networks. They work to identify and fix vulnerabilities before they can be exploited by attackers. If you want to build a career in cybersecurity, then consider taking the Cyber Threat Hunting course. This course can help you build a foundation in vulnerability assessment and management.

See salaries and explore the career path for Vulnerability Analyst

Security Engineer

Security Engineers are responsible for the security of an organization's computer systems and networks. They install, maintain, and monitor security systems, and they respond to security incidents. If you want to build a career in designing, implementing, and maintaining secure computer systems and networks, then consider taking the Cyber Threat Hunting course.

See salaries and explore the career path for Security Engineer

Cybersecurity Manager

Cybersecurity Managers are responsible for the overall security of an organization's information systems and data. They work to develop and implement security policies and procedures, and they oversee the organization's cybersecurity team. If you want to build a career in cybersecurity management, then consider taking the Cyber Threat Hunting course. This course will help you build a foundation in cybersecurity management and leadership.

See salaries and explore the career path for Cybersecurity Manager

Security Architect

Security Architects are in charge of making sure the right security measures are in place to protect the company they work for. They are responsible for ensuring that information is properly protected and that security measures are in place to protect from data breaches. If you wish to create a career in helping organizations design, build, and maintain secure IT systems and networks, then consider the Cyber Threat Hunting course.

See salaries and explore the career path for Security Architect

Cyber Risk Analyst

Cyber Risk Analysts assess the risks to an organization's information systems and data. They work to identify, analyze, and mitigate these risks. If you want to build a career in cyber risk management, then consider taking the Cyber Threat Hunting course. This course will help you build a foundation in cyber risk assessment and management.

See salaries and explore the career path for Cyber Risk Analyst

Information Security Analyst

An Information Security Analyst is capable of ensuring that a company's cybersecurity infrastructure is properly in place and constantly being improved upon. They must be skilled in looking for and managing risks, as well as ensuring the company's computer networks and systems are secure. If you want to build a career keeping information safe from unauthorized access, use, disclosure, disruption, modification, or destruction, then the Cyber Threat Hunting course may help get you started.

See salaries and explore the career path for Information Security Analyst

Cybersecurity Analyst

Cybersecurity Analysts can defend and direct a team to defend against cyberattacks, and the need for these cybersecurity measures is only increasing. Organizations big and small need Cybersecurity Analysts who can monitor and analyze computer networks, systems, and applications for threats and vulnerabilities. If you wish to create a career in building a safe and secure network for organizations and individuals, Cybersecurity Threat Hunting is a course that may be useful.

See salaries and explore the career path for Cybersecurity Analyst