We may earn an affiliate commission when you visit our partners.
Threat Intelligence with MSTICPy
Ian Hellen
Ian Hellen
This course will focus on using MSTICPy in notebooks to detect adversary logons, decode obfuscated scripting attacks, and attempts to establish persistence.
Read more
This course will focus on using MSTICPy in notebooks to detect adversary logons, decode obfuscated scripting attacks, and attempts to establish persistence.
Read more
This course will focus on using MSTICPy in notebooks to detect adversary logons, decode obfuscated scripting attacks, and attempts to establish persistence.
MSTICPy is a Python library of CyberSec tools designed for hunting and investigations using Jupyter notebooks. Jupyter notebooks are an ideal tool for CyberSec/SOC work. You can ingest data from multiple sources, analyze, reshape, and visualize the data and add your own commentary.
In this course, Threat Intelligence with MSTICPy, you’ll cover how to utilize MSTICPy to detect against adversary intrusions in an enterprise or cloud environment. First, you’ll learn how to query and analyze network and endpoint logs to identify adversary activity. Next, you’ll analyze logon sessions on a compromised host and identify and decode a scripted attack. Finally, we will pinpoint the way that attacker has enabled a persistent foothold on the host. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: T1078.002 - Valid Accounts/Domain Accounts; T1059.001 - Command and Scripting Interpreter: PowerShell; and T1053.005 - Scheduled Task/Job: Scheduled Task, using MSTICPy and Jupyter Notebooks.
Register for this course and see more details by visiting:
OpenCourser.com/course/imx7os/threat
What's inside
Syllabus
Course Overview
Threat Intelligence with MSTICPy
Resources
Good to know
Good to know
Know what's good ,
what to watch for , and
possible dealbreakers
Develops skills and knowledge in detecting adversary intrusions in enterprise or cloud environments, which is highly relevant in industry
Taught by Ian Hellen, who is recognized for their work in cybersecurity
Begins with the basics of querying and analyzing network and endpoint logs, making it beginner-friendly
Focuses on practical skills, such as detecting adversary logons, decoding obfuscated scripting attacks, and identifying persistence attempts
Uses Jupyter notebooks, which are an ideal tool for CyberSec/SOC work and allow for easy data ingestion, analysis, reshaping, and visualization
Provides hands-on experience with MSTICPy, a Python library of CyberSec tools designed for hunting and investigations
Save this course
Save Threat Intelligence with MSTICPy to your list so you can find it easily later:
Save
Save
Activities
Be better prepared
before
your course. Deepen your understanding
during
and
after
it. Supplement your coursework and achieve mastery of the topics covered
in Threat Intelligence with MSTICPy with these
activities:
Set up a coding environment
Show steps
Setting up your coding environment will help you minimize disruptions and focus on your learning journey.
Show steps
-
Gather necessary resources on MSTICPy.
-
Get guidance on how to set up Jupyter Notebooks.
-
Create a Python Virtual Environment on Jupyter Notebook.
Practice logging into a compromised host
Show steps
Practice logging into a compromised host and analyzing log files to identify adversary activity.
Show steps
-
Set up a compromised host environment for practice.
-
Use MSTICPy to connect to the compromised host and collect log files.
-
Analyze log files to identify suspicious activity, such as unauthorized access attempts or command execution.
-
Attempt to log into the compromised host using the identified suspicious credentials.
Follow a tutorial on decoding obfuscated scripting attacks
Show steps
Follow a tutorial that provides step-by-step instructions on how to decode obfuscated scripting attacks using MSTICPy.
Show steps
-
Find a tutorial that covers the decoding of obfuscated scripting attacks in MSTICPy.
-
Follow the tutorial to learn how to use MSTICPy to decode obfuscated PowerShell scripts.
-
Practice decoding obfuscated scripting attacks on your own.
Three other activities
Expand to see all activities and additional details
Show all six activities
Participate in a peer session to discuss threat hunting techniques
Show steps
Engage in discussions with peers to share knowledge and experiences, and to learn from each other's approaches to threat hunting with MSTICPy.
Show steps
-
Find a peer group or online community that focuses on threat hunting with MSTICPy.
-
Participate in discussions, ask questions, and share your own insights and experiences.
-
Collaborate with others to develop and refine your threat hunting techniques.
Participate in a hackathon or CTF focused on threat hunting
Show steps
Challenge yourself and test your skills by participating in a hackathon or CTF that focuses on threat hunting with MSTICPy.
Show steps
-
Find a hackathon or CTF that is relevant to threat hunting with MSTICPy.
-
Form a team or participate individually.
-
Solve challenges and demonstrate your threat hunting skills.
-
Learn from the experience and improve your threat hunting capabilities.
Create a threat hunting playbook for a specific industry or scenario
Show steps
Develop a comprehensive threat hunting playbook that outlines specific steps and procedures for detecting and responding to threats in a particular industry or scenario.
Browse courses on
Cybersecurity Best Practices
Show steps
-
Identify the specific industry or scenario that the playbook will address.
-
Research common threats and attack techniques relevant to the chosen industry or scenario.
-
Develop a step-by-step guide for threat hunting, including data sources, analysis techniques, and response procedures.
-
Test and refine the playbook through simulations or exercises.
Set up a coding environment
Show steps
Setting up your coding environment will help you minimize disruptions and focus on your learning journey.
Show steps
Show steps
Show steps
- Gather necessary resources on MSTICPy.
- Get guidance on how to set up Jupyter Notebooks.
- Create a Python Virtual Environment on Jupyter Notebook.
Practice logging into a compromised host
Show steps
Practice logging into a compromised host and analyzing log files to identify adversary activity.
Show steps
Show steps
Show steps
- Set up a compromised host environment for practice.
- Use MSTICPy to connect to the compromised host and collect log files.
- Analyze log files to identify suspicious activity, such as unauthorized access attempts or command execution.
- Attempt to log into the compromised host using the identified suspicious credentials.
Follow a tutorial on decoding obfuscated scripting attacks
Show steps
Follow a tutorial that provides step-by-step instructions on how to decode obfuscated scripting attacks using MSTICPy.
Show steps
Show steps
Show steps
- Find a tutorial that covers the decoding of obfuscated scripting attacks in MSTICPy.
- Follow the tutorial to learn how to use MSTICPy to decode obfuscated PowerShell scripts.
- Practice decoding obfuscated scripting attacks on your own.
Three other activities
Expand to see all activities and additional details
Show all six activities
Participate in a peer session to discuss threat hunting techniques
Show steps
Engage in discussions with peers to share knowledge and experiences, and to learn from each other's approaches to threat hunting with MSTICPy.
Show steps
Show steps
Show steps
- Find a peer group or online community that focuses on threat hunting with MSTICPy.
- Participate in discussions, ask questions, and share your own insights and experiences.
- Collaborate with others to develop and refine your threat hunting techniques.
Participate in a hackathon or CTF focused on threat hunting
Show steps
Challenge yourself and test your skills by participating in a hackathon or CTF that focuses on threat hunting with MSTICPy.
Show steps
Show steps
Show steps
- Find a hackathon or CTF that is relevant to threat hunting with MSTICPy.
- Form a team or participate individually.
- Solve challenges and demonstrate your threat hunting skills.
- Learn from the experience and improve your threat hunting capabilities.
Create a threat hunting playbook for a specific industry or scenario
Show steps
Develop a comprehensive threat hunting playbook that outlines specific steps and procedures for detecting and responding to threats in a particular industry or scenario.
Browse courses on
Cybersecurity Best Practices
Show steps
Show steps
Show steps
- Identify the specific industry or scenario that the playbook will address.
- Research common threats and attack techniques relevant to the chosen industry or scenario.
- Develop a step-by-step guide for threat hunting, including data sources, analysis techniques, and response procedures.
- Test and refine the playbook through simulations or exercises.
Career center
Learners who complete Threat Intelligence with MSTICPy will develop knowledge and skills
that may be useful to these careers:
Threat Intelligence Analyst
Threat Intelligence Analyst
Threat Intelligence Analysts collect and analyze information about cyber threats to provide organizations with insights into the latest threats and trends. This course can help build a foundation in threat intelligence, which is essential for Threat Intelligence Analysts to identify and track cyber threats. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and providing organizations with the information they need to make informed decisions about cybersecurity.
Cybersecurity Analyst
Cybersecurity Analyst
Cybersecurity Analysts monitor and analyze computer systems and networks for security breaches. This course can help build a foundation in threat intelligence, which is essential for Cybersecurity Analysts to detect and respond to cyber threats. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity, analyze logon sessions on compromised hosts, and pinpoint how an attacker has enabled a persistent foothold on the host. These skills are essential to understanding the techniques used by adversaries and taking steps to prevent and mitigate cyberattacks.
Forensic Investigator
Forensic Investigator
Forensic Investigators investigate cyber crimes and collect evidence to support legal proceedings. This course can help build a foundation in threat intelligence, which is essential for Forensic Investigators to identify and track cyber threats. Specifically, this course covers how to analyze logon sessions on compromised hosts and pinpoint how an attacker has enabled a persistent foothold on the host. These skills are essential to understanding the techniques used by adversaries and collecting evidence to support legal proceedings.
Information Security Analyst
Information Security Analyst
Information Security Analysts design, implement, and maintain security measures to protect an organization's information systems. This course can help build a foundation in threat intelligence, which is essential for Information Security Analysts to detect and respond to cyber threats. Specifically, this course covers how to identify adversary activity, analyze logon sessions on compromised hosts, and pinpoint how an attacker has enabled a persistent foothold on the host. These skills are essential to understanding the techniques used by adversaries and implementing effective security measures to protect against them.
Incident Responder
Incident Responder
Incident Responders investigate and respond to security breaches. This course can help build a foundation in threat intelligence, which is essential for Incident Responders to detect and respond to cyber threats. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and taking steps to prevent and mitigate cyberattacks.
Cloud Security Engineer
Cloud Security Engineer
Cloud Security Engineers design and implement security measures to protect cloud computing environments. This course can help build a foundation in threat intelligence, which is essential for Cloud Security Engineers to detect and respond to cyber threats. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and implementing effective security measures to protect cloud environments.
Security Architect
Security Architect
Security Architects design and implement security measures to protect an organization's computer systems and networks. This course can help build a foundation in threat intelligence, which is essential for Security Architects to detect and respond to cyber threats. Specifically, this course covers how to identify adversary activity, analyze logon sessions on compromised hosts, and pinpoint how an attacker has enabled a persistent foothold on the host. These skills are essential to understanding the techniques used by adversaries and implementing effective security measures to protect against them.
Penetration Tester
Penetration Tester
Penetration Testers identify vulnerabilities in computer systems and networks. This course can help build a foundation in threat intelligence, which is essential for Penetration Testers to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and developing effective penetration testing strategies.
Risk Analyst
Risk Analyst
Risk Analysts assess the risks to an organization's information systems and develop strategies to mitigate those risks. This course can help build a foundation in threat intelligence, which is essential for Risk Analysts to identify and track cyber threats. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and developing effective risk management strategies.
Security Consultant
Security Consultant
Security Consultants provide advice and guidance to organizations on how to improve their cybersecurity posture. This course can help build a foundation in threat intelligence, which is essential for Security Consultants to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and providing organizations with the information they need to make informed decisions about cybersecurity.
Malware Analyst
Malware Analyst
Malware Analysts analyze malware to identify its capabilities and how it can be used to attack computer systems. This course can help build a foundation in threat intelligence, which is essential for Malware Analysts to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and developing effective strategies to detect and prevent malware attacks.
Security Researcher
Security Researcher
Security Researchers identify and analyze new vulnerabilities in computer systems and networks. This course can help build a foundation in threat intelligence, which is essential for Security Researchers to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and developing effective security measures to protect against them.
Information Security Manager
Information Security Manager
Information Security Managers oversee the security of an organization's computer systems and networks. This course can help build a foundation in threat intelligence, which is essential for Information Security Managers to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and developing effective security strategies to protect an organization's computer systems and networks.
Compliance Analyst
Compliance Analyst
Compliance Analysts ensure that an organization's computer systems and networks comply with applicable laws and regulations. This course can help build a foundation in threat intelligence, which is essential for Compliance Analysts to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and ensuring that an organization's computer systems and networks comply with applicable laws and regulations.
Security Auditor
Security Auditor
Security Auditors assess the effectiveness of an organization's cybersecurity program. This course can help build a foundation in threat intelligence, which is essential for Security Auditors to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and assessing the effectiveness of an organization's cybersecurity program.
For more career information including salaries, visit:
OpenCourser.com/course/imx7os/threat
Reading list
We've selected seven books
that we think will supplement your
learning. Use these to
develop background knowledge, enrich your coursework, and gain a
deeper understanding of the topics covered in
Threat Intelligence with MSTICPy.
Is an excellent resource for anyone involved in malware analysis. Provides a comprehensive and practical approach to the analysis of malware, from basic techniques to advanced analysis.
Delivers an extensive overview of the incident response and computer forensics process. It covers topics such as incident detection, investigation, and remediation.
Save
Provides a structured approach to threat modeling. It helps you to identify and mitigate threats to your systems and applications.
Comprehensive reference for cryptography. It provides a detailed overview of cryptographic algorithms, protocols, and applications.
Save
Provides insights into the psychological and social aspects of cyber attacks. By delivering hands-on tools and techniques, this book helps you to improve your organization's overall security posture.
Is an excellent reference for digital forensics. It provides detailed guidance on the collection, preservation, and analysis of digital evidence.
Provides a comprehensive overview of data breaches. It covers topics such as data breach prevention, detection, and response.
For more information about how these books relate to this course, visit:
OpenCourser.com/course/imx7os/threat
Share
Similar courses
Here are nine courses similar to
Threat Intelligence with MSTICPy.
OS Analysis with RegRipper
OpenCourser.com/course/ci55la/os
OS Analysis with RegRipper
Most relevant
OS Analysis with OSSEC 3
OpenCourser.com/course/4t7fiu/os
OS Analysis with OSSEC 3
Most relevant
Network Analysis with pfSense
OpenCourser.com/course/0c92yc/network
Network Analysis with pfSense
Most relevant
OS Analysis with HELK
OpenCourser.com/course/eug9gw/os
OS Analysis with HELK
Most relevant
OS Analysis with osquery
OpenCourser.com/course/hguxuq/os
OS Analysis with osquery
Build a Video Indexer with Microsoft Azure Cognitive Service
OpenCourser.com/course/8o4qgr/build
Build a Video Indexer with Microsoft Azure Cognitive...
Reconnaissance with Spiderfoot
OpenCourser.com/course/6hdy6d/reconnaissance
Reconnaissance with Spiderfoot
Using SAS Viya REST APIs with Python and R
OpenCourser.com/course/v667to/using
Using SAS Viya REST APIs with Python and R
Execution with Unicorn
OpenCourser.com/course/tb6tqw/execution
Execution with Unicorn
Time
1980 hours
Level
Intermediate
Via
Pluralsight
Instructor
Ian Hellen
Language
English
Good to know
Develops skills and knowledge in detecting adversary intrusions in enterprise or cloud environments, which is highly relevant in industry
Taught by Ian Hellen, who is recognized for their work in cybersecurity
Begins with the basics of querying and analyzing network and endpoint logs, making it beginner-friendly
Focuses on practical skills, such as detecting adversary logons, decoding obfuscated scripting attacks, and identifying persistence attempts
Uses Jupyter notebooks, which are an ideal tool for CyberSec/SOC work and allow for easy data ingestion, analysis, reshaping, and visualization
Provides hands-on experience with MSTICPy, a Python library of CyberSec tools designed for hunting and investigations
Our mission
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
Affiliate disclosure
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.
© 2016 - 2024 OpenCourser