We may earn an affiliate commission when you visit our partners.
Course image
Vonnie Hudson

Zeek + Suricata.

Splunk.

Sysmon.

Microsoft Advanced Threat Analytics.

TCPdump + ngrep

Wireshark + tshark.

Wait, I'm not done.

capinfos.

RITA.

Bloodhound.

Bad Blood.

Detection Lab.

Read more

Zeek + Suricata.

Splunk.

Sysmon.

Microsoft Advanced Threat Analytics.

TCPdump + ngrep

Wireshark + tshark.

Wait, I'm not done.

capinfos.

RITA.

Bloodhound.

Bad Blood.

Detection Lab.

Metasploit + msfvenom + Meterpreter + Process Injection.

Mimikatz.

OS Query.

Velociraptor + Memory Forensics.

Taking a breath... one sec... okay..

Fleet.

MITRE ATT&CK.

MITRE Caldera.

Prelude Operator.

Atomic Red Team.

Purple Sharp.

Boss of the SOC???

Yup.

This is one course. One source.  One resource that has the potential to change your professional life.

Check out the free content and level up your cyber skills by learning how to become a threat hunter...

Everything is step by step.

You will learn how to detect advanced threat actors on enterprise networks...

How will you learn this?

By building a modern lab replete with a Domain Controller, Windows 10 endpoint instrumented with Powershell logging, Sysmon, OS Query, Velociraptor and more.  

You will attack and detect threats like a pro. 

This was the dream course I wish I had when I was getting into cyber.

Everything is carefully, patiently and thoughtfully explained. 

It took me two months to build this course and I've poured my heart and soul into every lecture. 

If you're trying to get into cybersecurity from another career or you're curious how the bad guys breach and persist in networks then this course is for you.  I've not held anything back.  Everything you need to become a competent threat hunter is included in over 8 hours of content.

Are you ready?

I am.  sign-up now and let's get started.

Update 10/22/2022: Added new lecture explaining how to install Zeek on the latest Kali

Enroll now

What's inside

Learning objectives

  • Finally feel like you know what you're talking about (say goodbye to imposter syndrome)
  • Find zero-day network threats and malware in modern enterprise networks.
  • Use industry standard security tools to detect evil in organization networks.
  • Execute offensive hacking tools to generate telemetry for detection engineering.
  • Build a self-contained hacking lab, hosted on your laptop, to practice and building cyber confidence
  • Learn advanced linux and powershell command line tricks specifically crafted for threat hunting!

Syllabus

Learn how to setup your threat hunting lab

Yes! The first step to building our cyber threat hunting lab is to download our Type 2 hypervisor.  There are several out there, Hyper-V, VirutalBox and VMWare Workstation are the big one but one reigns supreme!  In this lecture I'll show you how to quickly grab your VMWare Workstation Pro trial so we can prep for installation.

Read more

Now it's time to install our Type 2 hypervisor.  In this lecture we'll install VMWare Workstation Pro and I'll explain a few key settings along the way.  We'll be done in a flash.  Let's go!

Our chief operating VM will be Kali Linux!  In this lightning lecture we'll grab the VMWare version (not the ISO) and prepare for extraction.

Yes! It's time to extract and import baby! We'll talk about some of the files in the VM, a few key settings to establish and then we'll unzip this thing and add to VMWare Workstation Pro!

Now we must pimp our VM.  MUST means it ain't optional! Let's go! 

The TMUX way will become your favorite way to navigate the Linux terminal. In this lecture, you'll learn how to configure this awesome emulator. 

Sweet, now we're going to modify the power settings, tweak the desktop a little and then the best part: I'll teach you how to use TMUX to split panes, resize panes, rename panes, copy and paste from panes, log all your commands and more!  It's going to be a lot of fun so let's go!

Learn where to find the best pcaps for threat hunting skill development

Malware of the Day is one of the best places online to get malicious PCAPs for learning and research.  Be careful, they contain real malware and attacks but it is the perfect situation for our setup and study goals.

Malware Traffic Analysis has been around forever... and you'll see why in this short lecture!  We'll take a quick flyover the site and show you how to grab the malicious PCAPs and writeups posted here.

Get the top tools for discovering and analyzing malicious network traffic

Wireshark ships with Kali and it's beautiful!  Entire courses have been written on just this one tool (I know because I've written one... search on the site for the title).  Wireshark is awesome - the GUI interface lowers the learning curve and you can quickly click a few buttons and get insights into PCAP traffic.  Let me show you how!  Let's go!

tshark is Wireshark's little command-line cousin.  Jump into this micro lecture and get an overview of this tiny yet powerful tool.

Before there was Wireshark... there was TCPDUMP! Almost as old as the internet itself, tcpdump is a powerful weapon in a cyber threat hunters arsenal.  Allow me to introduce the tool and show some basic features!

Most people have never heard of ngrep, even many seasoned cyber threat hunters haven't heard of it.  GREP yes.  ngrep? not so much.  In this lecture we'll take a glance at functionality so we can use it to study PCAPs in later lectures!  Let's go!

capinfos? What's that? It's a little tool for displaying PCAP Information!  Yup! You'll like it because it gives you a 30,000 foot snapshot of a PCAP before you ever open it.  It's fast.  It's simple.  It's capinfos!  And it's waiting for..... you! Let's go!

Ahhhh RITA! Hands down my favorite free beacon detection tool on the internet right now.  RITA is an advanced command and control channel detection tool that sifts through Zeek data mining out evil and surfacing it to you: the capable cyber threat hunter.  Setup isn't supported on Kali Linux but in this lecture I'll show you how to bend the rules starting with our Mongo database.  This will be the backend storage system for detected threats. 

And now the hard part: building RITA from source code?  Yup!  Don't worry, I'm going to careful, and patiently, walk you through the entire process from A to Z.  By the end of this lecture you will have RITA successfully running on Kali Linux

Installing Zeek on Kali Linux? Yup.  So this is actually not as straight forward as it seems.  You can't just download a zeek binary and call it a day. In this lecture I'm going to carefully walk you through the correct way to get zeek up and running in Kali.  I'm also going to help you steer around common pitfalls people make during the installation.  At the end, we'll verify everything is up and running as expected! Let's go!

You guys asked for it and now you got it! I've been reading the Q/A and see many of you are having difficulty installing Zeek in Kali.  I also Googled around and searched Youtube and see there is very little information on how to do this.  Even Zeek's website has an arcane install process.  Let me show you the correct way to install Zeek now!  You ready! LET'S GO!!

Here are the copy and paste commands for getting this working!

READY TO THREAT HUNT YOUR FIRST INCIDENT!!?? It's about to happen - now.  This is one of my favorite lectures in the course because... although I haven't even shared how to threat hunt you will still jump right into the deep end of the pool with me.  Then in later lectures, we'll slow down as I carefully, and methodically, walk you through the hunting process and hunter's mindset.

Learn the methodical process for threat hunting malware in network traffic

Hooded hackers in Grandma's basement are so... 1990's.  Welcome to the modern adversary.  In this lecture you'll take a walk with me in the woods of threat intelligence, the new threat scape and the advanced threat actor's we are fighting against!  Let's go!!

Learn why the current way organizations think about modern threats is... broken.  :(

Learn exactly what cyber threat hunting is.  You'll learn about the detection gap and how cyber threat hunters close that gap and minimize adversarial dwell time.  You'll also learn how to critically think about risk and make evidential backed security assessments.  You'll also get the scoop on modern malware techniques and tactics.  Let's go!


What is a beacon? By the end of this lecture you'll know!  It will finally make sense... join me as we take a walk through the woods learning beaconing basics and how advanced adversaries compromise computers.

DNS is used to resolve domain names into IP addresses.  But what is a DNS beacon?  How can you abuse this seemingly simple and benign process for evil? Join me as I share how the bad guys are doing it!

Akamai, AWS, Cloudflare, Microsoft and others have content delivery networks known as CDNs.  They help reduce latency by delivering content to the closest requesting computer.  But bad guys are using it to obfuscate their C2 origins.  How?  Jump inside to learn. Now! lol let's go! :)

One way to detect beaconing is through timing.  In this quick lecture I'll talk about a modern machine learning algorithm used to detect beacons and then I'll share the liabilities with this approach.  Yup, machine learning isn't a panacea!  You'll also learn how to carefully think about beacon detections so you can become a cyber superstar! haha

Session size analysis is amazing.  In this lecture, I'm going to show you how to go from bytes to beacon in such a way that you can not only identify what commands were transferred but also identify the attackers kill chain stage even if all the traffic is encrypted.  YUP.  Learn  you will learn this seemingly magical thinking process in five minutes.

The Methodical Guide to Effective Threat Hunting

There are two types of connection persistency: long connections and cumulative.  In this lecture you'll learn what connection persistency, then we'll get hands on with Zeek, RITA, grep and some Linux BASH fu to find evil in a mystery pcap!

In this lecture we're going to investigate a real incident containing a pcap where a threat actor used a non-malicious app, TeamViewer, for evil.  You'll learn what Team Viewer is and then we'll twist, cut, slice and dice the pcap using zeek.  There's a lot of zeek action going on in the lecture so get ready!  Let's go!

Let's see how deep this rabbit hole really goes.  We'll get even deeper with Zeek, capinfos and other Linux tools to understand the traffic in our mystery pcap.

We're going to the understand the business need by digging into the Zeek dns log.  We're going to recursively filter the log, removing benign domains as we zero in on evil.   We'll also look at the http and files Zeek logs and use AWK to pivot and understand the traffic flow!

Now it's time to bring in RITA to see what we can find.  You'll see RITA's beacon analysis, user-agent analysis and more. You'll also learn how to use open source tools to understand if there is business justification for a particular network flow.

Do you know the difference between unknown applications on standard ports vs known app on non-standard ports?  You will after this lecture!  We'll also get into JA3/S hashes and I'll share why they can help use understand unknown apps.  Let's do this baby!

Quick quiz: can you imagine an example of unexpected protocol behavior?  If you couldn't answer in five seconds you need to watch this two minute video!  Let's go!

Let's do some research on that sketchy destination IP! Here's how to think through the vetting process...

This is one of the most important lectures in this section of the course.  You'll learn about the fuzzy line between threat hunting and forensic incident response and why you should never cross it without careful calculation! 

How to tell when tools get tricked by evil!

Now it's time to install, incontestably, the most powerful open-source IDS in the world: Suricata.  I'll take you through the process step by step, we'll modify the config file and I'll explain the ET-OPEN and ET-PRO rulesets.  I'll even hint how you can LEGALLY grab the paid ET-PRO ruleset for free. 

Now we're going to square off Suricata against RITA to show you why layered defenses are critical.  Will Suricata detect the threat? Or will it miss it?

Okay, let's try this with a more advanced C2 framework: Powershell Empire by BC-Security.  Will Suricata catch it?

Now you will build a cyber range on your laptop to learn and hack without legal risk or damage. Yeah, it's actually as awesome as it sounds. Let's go!

It all starts with VMWare Workstation Pro running on a Windows Host. 

In this lecture you will learn what you will build.  Your lab will have Microsoft ATA, Splunk, Windows Event Forwarding, Powershell Transcriptoin logging, OS Query, Fleet, Sysmon, Zeek, Suricata, Guacomole, a Windows 10 endpoint, a Windows Server Domain Controller and more! 

Now we need to grab and install Vagrant. Let's go!

Next, we need to install the VMWare Desktop Vagrant plugin.  We do this through command line... but don't worry - it's super easy.  I've got you covered in 90 seconds!

And now we need the Vagrant VMWare Utility.  Let's knock that out really quick.

Alright, now it's time to download the Detection Lab and extract the setup file!

Okay so before we jump in we need to make sure everything is going to work.  So we can run the prepare Powershell script to make sure we have the green light to go.  We're also going to cover a crucial subject: the Vagrant file and network subnets.  We're going to intercept a common pitfall people experience during setup.  Pay attention here and it will save you many hours of grief later!

This IS the most important lecture for making the Detection Lab work.  If your networking isn't setup correctly everything will fail.  In this quick video I'll show you the EXACT network settings you need to have success with your cyber range!  Let's do this baby!

Okay, now we're going to setup the first VM in the Detection Lab: Logger.  This VM includes, Velociraptor, Splunk  Zeek, Suricata and more so we need to make sure this one works.  I'll share some of the problems I encountered along the way and provide tips to help you avoid them!  Let's do this baby!!

What's an Active Directory lab without a domain controller? NOTHING! haha, in this lecture we'll setup our DC and I'll share commentary during the installation process to help you avoid any setup errors you might encounter. 

What the heck is a WEF? hahaha it's the Windows Event Forwarder - it collects the logs from the DC and Windows 10 endpoint and ships it to Splunk for indexing.  It also hosts our Microsoft ATA instance so we need to make sure we get this one right too.  Don't worry - I got your back!  I'll share tips and tricks as we set this one up.  Follow my lead and you'll be good to go. 

Now we create our employee endpoint.  This is patient zero!  The system we'll pop, infect and own in our lab.  Let's set 'er up!

Threat Hunting: Hands on Practice

This is a really fun lecture.  I'm going to show you how to use Splunk to threat hunt for evil in our Zeek logs.  You're going to learn some awesome Splunk queries that are going to make you look really smart :)

Hunting evil on the host using Sysmon is soo much fun.  I'm going to show you my favorite Splunk queries for threat hunting evil on the host using Sysmon!  We're going to use stats... sort... and all that good stuff.

Now it's time to dive head first into Fleet DM and use some canned OS Queries to threat hunt across our environment! It's super fun - let's do this!

Roar!!! One of my favorite incident response tools is here! VELOCIRAPTOR! Yes yes yes!  We'll use it to access the file system of our target, pull down files, run hunting artifacts and basically gain unprecedented visibility into our endpoint!  LETS GO!!

Yup, we're going to run Mimikatz malware on our Windows 10 host... and guess what? It's not going to show up in our SOC Dashboard!!!  But don't worry! I'm going to show you how to use Splunk, Process Hacker and OS Query to find it - anyway!   Yup, malware can't hide from us! LET'S GO!!!

What the heck??? Yup, in this lesson you will use the Metasploit Framework to create a malicious binary, drop it on the target, gain a reverse shell via Meterpreter, inject into a process and then detect the attack using Splunk and Velociraptor.  I honestly don't know how I could have made this lecture any more awesome!  hahaha - let's go!

Entire multi-hour courses have been created for just this one tool: Atomic Red Team.  In this lecture I'll condense all the goodness into a tidy lecture you can take with you and start running attacks in Atomic Red Team.  I'll show you how to map Atomic Red Team to MITRE ATT&CK using layers, you'll learn how to actually use the Atomic Red Team in our detection lab and we'll run a few attacks so you can see the real value of this amazing tool.

In this quick lesson, I'll show you how to use Purple Sharp with playbooks and we'll run some attacks in our Detection Lab

Sysmon Simulator isn't included in the Detection Lab so in this lesson I'll show you how to install and run it.  Then we'll check Splunk to observe the attack telemetry we generated!

MITRE Caldera is a mature, open-source, breach and attack simulation platform.  It's sooo awesome but kind of difficult to setup.  So in this lecture I'll show you how to setup the tool and then how to use it.  You'll also get a behind the scenes peek into my thought process as I think through some hurdles I'll encounter along the way.

Now it's time to talk about a promising premium breach and attack simulation platform: Prelude Operator.  It was built by the same team who created Caldera so you know it's awesome!  We'll also explore some other paid attack simulation platforms for your general awareness.

Now we're going to use Bad Blood to inject realism into our Active Directory lab.  Then we'll use Bloodhound, Sharphound and Microsoft ATA to attack and detect recon activity in our environment!!

Yes! Boss of the SOC! In this lecture you'll learn about the famous BOTS CTF and learn how you can level up your threat hunting on this FREE cloud training platform being provided by Splunk right now!

Now it's time to explore C2 frameworks you've NEVER heard of before.  This project is awesome! Not only does it show you new C2 frameworks but it also tells you the license, price and website to learn more.  You'll also see all the C2 channels used by the C2 products (along with their capabilities).  There's also columns for detections (yes JA3 for some!) and how well maintained the product is!  I can't wait to show this one off to you guys - let's go!!!

BONUS SECTION: THANK YOU!
BONUS LECTURE

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Teaches modern threat hunting techniques and methodologies that are relevant to industry
Builds a solid foundation in threat hunting principles and practices
Suitable for individuals with no prior experience in threat hunting
Provides hands-on experience through labs and exercises
This is a comprehensive course that covers a wide range of threat hunting topics
Course materials are current and relevant to the latest trends in threat hunting

Save this course

Save Cybersecurity Threat Hunting for SOC Analysts to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Cybersecurity Threat Hunting for SOC Analysts with these activities:
Review prerequisite skills
Review the skills and knowledge you should already have before starting this course to ensure you have a solid foundation for the course materials.
Browse courses on Tcpdump
Show steps
  • Review key concepts in TCPdump, such as packet filtering, capture modes, and analysis techniques.
  • Practice writing Python scripts for network analysis.
  • Review Bash scripting fundamentals, including variables, loops, and file handling.
  • Refresh your knowledge of Linux fundamentals, such as file permissions, user management, and command-line navigation.
  • Review basic cybersecurity concepts, such as network security, threat detection, and incident response.
Review network security fundamentals
Refresh your understanding of network security principles to strengthen your grasp of the course materials.
Browse courses on network security
Show steps
  • Review key concepts such as network protocols, firewalls, and intrusion detection systems.
  • Understand the different types of network attacks and their potential impact.
  • Revisit network security best practices and recommendations.
Familiarize Yourself with Suricata
Setup and walk through Suricata's basic functionality to get a feel for the program.
Show steps
  • Install Suricata
  • Configure Suricata
  • Start Suricata
  • Monitor Suricata
Nine other activities
Expand to see all activities and additional details
Show all 12 activities
Attend a Cyber Threat Intelligence Workshop
Attend a workshop to gain insights into the latest threat intelligence techniques and best practices.
Show steps
  • Find a workshop
  • Register for the workshop
  • Attend the workshop
Join a Cyber Threat Hunting Study Group
Connect with other students to discuss threat hunting concepts and share knowledge.
Show steps
  • Find a study group
  • Join the study group
  • Participate in discussions
Create a study guide based on course materials
Organize and condense the course materials into a comprehensive study guide to facilitate your learning.
Browse courses on Study Skills
Show steps
  • Gather and review all relevant course materials, including lecture notes, slides, assignments, and readings.
  • Identify key concepts, definitions, and techniques covered in the course.
  • Summarize and organize the information into a concise and accessible study guide.
Follow online tutorials on threat detection tools
Supplement your understanding of the threat detection tools covered in the course by following guided tutorials online.
Browse courses on Wireshark
Show steps
  • Find reputable online tutorials for each tool.
  • Follow the tutorials step-by-step, practicing the installation, configuration, and usage of the tools.
  • Experiment with different settings and scenarios to deepen your understanding.
  • Document your findings and observations in a personal notebook or blog.
Practice Analyzing Suspicious Network Traffic
Analyze a set of captured network packets to identify malicious activity.
Show steps
  • Identify the packets
  • Analyze the packets
  • Generate a report
Conduct simulated threat detection exercises
Apply your skills and knowledge by participating in simulated threat detection exercises.
Browse courses on Threat Detection
Show steps
  • Find online platforms or resources that provide simulated threat detection environments.
  • Participate in exercises that simulate real-world threat scenarios.
  • Analyze the threats, identify indicators of compromise, and respond accordingly.
  • Review your performance and identify areas for improvement.
Create a Presentation on Threat Hunting Techniques
Develop a presentation to demonstrate your understanding of threat hunting techniques.
Show steps
  • Decide on the format (e.g. Slides, video)
  • Research threat hunting techniques
  • Develop the content
  • Practice the presentation
Develop a threat detection cheat sheet
Create a concise and practical resource to help you quickly reference key threat detection information during your work.
Browse courses on Threat Detection
Show steps
  • Gather relevant information from the course materials and other sources.
  • Organize the information into a logical and easy-to-navigate format.
  • Create a cheat sheet that includes essential commands, tools, and techniques for threat detection.
  • Test the cheat sheet in a simulated threat detection environment to ensure its effectiveness.
Contribute to open-source threat detection projects
Enhance your skills and contribute to the broader cybersecurity community by participating in open-source threat detection projects.
Browse courses on Open Source Software
Show steps
  • Identify open-source threat detection projects that align with your interests.
  • Review the project documentation and codebase to understand its functionality and goals.
  • Propose and implement improvements to the project, such as new features, bug fixes, or documentation updates.
  • Collaborate with other contributors and maintainers to refine your contributions.

Career center

Learners who complete Cybersecurity Threat Hunting for SOC Analysts will develop knowledge and skills that may be useful to these careers:
Cybersecurity Analyst
Cybersecurity analysts monitor and protect computer systems from cyberattacks. They use a variety of tools and techniques to detect, prevent, and respond to threats, including those learned in this course. Threat-hunting is a fundamental part of cybersecurity analysts' daily work. Threat-hunters often use endpoint detection and response systems like Splunk and OS Query to improve their threat detection. The skills learned in this course will help you obtain the knowledge needed to net-hunt evil actors on enterprise networks.
Information Security Analyst
Information security analysts plan and implement security measures to protect an organization's computer systems and networks. They also develop and implement security policies, procedures, and guidelines. Knowledge of widely-used tools in the field, such as Splunk and Suricata, will help you succeed in this role. Threat-hunting is also a key component of an information security analyst's role.
Penetration Tester
Penetration testers evaluate the security of computer systems and networks by simulating attacks. They use a variety of tools and techniques to find vulnerabilities that could be exploited by attackers. This course will teach you to become a threat-hunter by providing foundational knowledge in threat intelligence. By learning industry standard security tools, you will have a better understanding of the tools that penetration testers use to simulate attacks, providing you with an advantage in this field.
Security Engineer
Security engineers design, implement, and maintain security systems for organizations. They also develop and implement security policies, procedures, and guidelines. The knowledge you will gain in this course are the fundamentals required to succeed in this role. You will learn industry standard security tools, including Suricata and Velociraptor. These are commonly found in enterprise security engineer's tool belt.
Threat Intelligence Analyst
Threat intelligence analysts collect, analyze, and disseminate information about threats to computer systems and networks. They use this information to help organizations develop and implement security measures to protect their systems and networks. The tools and knowledge learned in this course are a great stepping stone into the Threat Intelligence field. You will learn threat detection, proactive threat hunting, and how to wield industry standard tools such as Splunk and Suricata.
SOC Analyst
SOC analysts monitor security systems and networks for threats. They use a variety of tools and techniques to detect, prevent, and respond to threats. This course will help you stand out, as it teaches industry standard tools and threat-hunting techniques. The knowledge you will gain in this course will help you detect advanced threat actors on enterprise networks. This course specifically states in the course description that it can help you become a "Boss of the SOC".
Cybersecurity Manager
Cybersecurity managers oversee the security of an organization's computer systems and networks. They develop and implement security policies, procedures, and guidelines. They also manage a team of cybersecurity professionals. The knowledge learned in this course are the fundamentals required to succeed in this role. You will learn industry standard security tools, including Suricata and Velociraptor. These are commonly found in enterprise security engineer's tool belt.
IT Security Specialist
IT security specialists provide technical support to users and organizations on security issues. They also develop and implement security measures to protect computer systems and networks. The tools and techniques learned in this course are commonly used by IT security specialists. By learning these tools and techniques, you will advance your ability to excel in this role.
Network Security Engineer
Network security engineers design, implement, and maintain security systems for computer networks. They also develop and implement security policies, procedures, and guidelines. The knowledge learned in this course are the fundamentals required to succeed in this role. You will learn industry standard security tools, including Suricata and Velociraptor. These are commonly found in enterprise security engineer's tool belt.
Security Consultant
Security consultants provide advice and guidance to organizations on security issues. They also help organizations develop and implement security measures to protect their systems and networks. The knowledge learned in this course will provide you the foundational knowledge to become a security consultant. By learning threat-detection and threat-hunting techniques, you can help organizations understand the current threat landscape, as well as how to protect against it.
Software Security Engineer
Software security engineers develop and implement security features in software applications. They also review code for security vulnerabilities. The tools and techniques learned in this course will help provide a better understanding of the tools and techniques that software security engineers use to secure software. threat hunting will help you to find and fix zero-day network threats and malware in modern enterprise networks, helping to find vulnerabilities that can be exploited by threat actors.
Cybersecurity Researcher
Cybersecurity researchers develop new methods for protecting computer systems and networks from threats. They also study the latest threats and trends in cybersecurity. The tools and techniques learned in this course are the fundamentals required to succeed in this role. By learning about threat-detection and threat-hunting, you will gain a greater understanding of the current threat landscape and how to protect against it.
Malware Analyst
Malware analysts analyze malware to understand how it works and how to protect against it. They also develop and implement tools and techniques to detect and remove malware. The tools and techniques learned in this course will provide you the foundational knowledge to become a malware analyst. By learning threat-detection and threat-hunting techniques, you can help organizations understand the current threat landscape, as well as how to protect against it.
Incident Responder
Incident responders investigate and respond to security breaches. They also develop and implement plans to prevent future breaches. The tools and techniques learned in this course will provide you the foundational knowledge to become an incident responder. Threat-hunting and threat-detection skills are a big part of an incident responders' daily work. By learning these skills, you can help organizations to minimize adversarial dwell time and quickly respond to security incidents.
Ethical Hacker
Ethical hackers use their skills to identify and exploit vulnerabilities in computer systems and networks. They do this to help organizations improve their security. The tools and techniques learned in this course are commonly used by ethical hackers. By learning these tools and techniques, you will advance your ability to excel in this role.

Reading list

We've selected eight books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Cybersecurity Threat Hunting for SOC Analysts.
Provides supplemental information on various topics students will encounter in the course, exploring concepts like intrusion detection and advanced encryption standard protocols
Is commonly used as a textbook for cybersecurity courses, providing a thorough grounding in network security concepts and protocols which can supplement and add depth to the course
Useful supplemental resource for students wanting to learn more about memory forensics, especially with regards to detecting threats and malware in different operating systems
Can help students develop a deeper understanding of exploitation techniques and the tools and methods used by attackers
Useful reference for students seeking to learn more about malware and malware analysis, especially in the context of reverse engineering
Provides supplemental material for a number of topics in the course, including operating system security, network security and cryptography

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Cybersecurity Threat Hunting for SOC Analysts.
Specialized Hunts: Threat Hunting within Virtual Machines
Threat Hunt with IBM Security QRadar
Cyber Threat Hunting
Container Infrastructure Analysis with kube-hunter
Specialized Attacks: Wireless
Configuring Threat Intelligence in Splunk Enterprise...
Threat Intelligence with MISP
How To Begin Your Career As a SQL Server DBA
Configuring Firepower Threat Defense (FTD) Integrations
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser