We may earn an affiliate commission when you visit our partners.
Ian Hellen

This course will focus on using MSTICPy in notebooks to detect adversary logons, decode obfuscated scripting attacks, and attempts to establish persistence.

MSTICPy is a Python library of CyberSec tools designed for hunting and investigations using Jupyter notebooks. Jupyter notebooks are an ideal tool for CyberSec/SOC work. You can ingest data from multiple sources, analyze, reshape, and visualize the data and add your own commentary.

Read more

This course will focus on using MSTICPy in notebooks to detect adversary logons, decode obfuscated scripting attacks, and attempts to establish persistence.

MSTICPy is a Python library of CyberSec tools designed for hunting and investigations using Jupyter notebooks. Jupyter notebooks are an ideal tool for CyberSec/SOC work. You can ingest data from multiple sources, analyze, reshape, and visualize the data and add your own commentary.

In this course, Threat Intelligence with MSTICPy, you’ll cover how to utilize MSTICPy to detect against adversary intrusions in an enterprise or cloud environment. First, you’ll learn how to query and analyze network and endpoint logs to identify adversary activity. Next, you’ll analyze logon sessions on a compromised host and identify and decode a scripted attack. Finally, we will pinpoint the way that attacker has enabled a persistent foothold on the host. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: T1078.002 - Valid Accounts/Domain Accounts; T1059.001 - Command and Scripting Interpreter: PowerShell; and T1053.005 - Scheduled Task/Job: Scheduled Task, using MSTICPy and Jupyter Notebooks.

Enroll now

What's inside

Syllabus

Course Overview
Threat Intelligence with MSTICPy
Resources

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Develops skills and knowledge in detecting adversary intrusions in enterprise or cloud environments, which is highly relevant in industry
Taught by Ian Hellen, who is recognized for their work in cybersecurity
Begins with the basics of querying and analyzing network and endpoint logs, making it beginner-friendly
Focuses on practical skills, such as detecting adversary logons, decoding obfuscated scripting attacks, and identifying persistence attempts
Uses Jupyter notebooks, which are an ideal tool for CyberSec/SOC work and allow for easy data ingestion, analysis, reshaping, and visualization
Provides hands-on experience with MSTICPy, a Python library of CyberSec tools designed for hunting and investigations

Save this course

Save Threat Intelligence with MSTICPy to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Threat Intelligence with MSTICPy with these activities:
Set up a coding environment
Setting up your coding environment will help you minimize disruptions and focus on your learning journey.
Show steps
  • Gather necessary resources on MSTICPy.
  • Get guidance on how to set up Jupyter Notebooks.
  • Create a Python Virtual Environment on Jupyter Notebook.
Practice logging into a compromised host
Practice logging into a compromised host and analyzing log files to identify adversary activity.
Show steps
  • Set up a compromised host environment for practice.
  • Use MSTICPy to connect to the compromised host and collect log files.
  • Analyze log files to identify suspicious activity, such as unauthorized access attempts or command execution.
  • Attempt to log into the compromised host using the identified suspicious credentials.
Follow a tutorial on decoding obfuscated scripting attacks
Follow a tutorial that provides step-by-step instructions on how to decode obfuscated scripting attacks using MSTICPy.
Show steps
  • Find a tutorial that covers the decoding of obfuscated scripting attacks in MSTICPy.
  • Follow the tutorial to learn how to use MSTICPy to decode obfuscated PowerShell scripts.
  • Practice decoding obfuscated scripting attacks on your own.
Three other activities
Expand to see all activities and additional details
Show all six activities
Participate in a peer session to discuss threat hunting techniques
Engage in discussions with peers to share knowledge and experiences, and to learn from each other's approaches to threat hunting with MSTICPy.
Show steps
  • Find a peer group or online community that focuses on threat hunting with MSTICPy.
  • Participate in discussions, ask questions, and share your own insights and experiences.
  • Collaborate with others to develop and refine your threat hunting techniques.
Participate in a hackathon or CTF focused on threat hunting
Challenge yourself and test your skills by participating in a hackathon or CTF that focuses on threat hunting with MSTICPy.
Show steps
  • Find a hackathon or CTF that is relevant to threat hunting with MSTICPy.
  • Form a team or participate individually.
  • Solve challenges and demonstrate your threat hunting skills.
  • Learn from the experience and improve your threat hunting capabilities.
Create a threat hunting playbook for a specific industry or scenario
Develop a comprehensive threat hunting playbook that outlines specific steps and procedures for detecting and responding to threats in a particular industry or scenario.
Show steps
  • Identify the specific industry or scenario that the playbook will address.
  • Research common threats and attack techniques relevant to the chosen industry or scenario.
  • Develop a step-by-step guide for threat hunting, including data sources, analysis techniques, and response procedures.
  • Test and refine the playbook through simulations or exercises.

Career center

Learners who complete Threat Intelligence with MSTICPy will develop knowledge and skills that may be useful to these careers:
Threat Intelligence Analyst
Threat Intelligence Analysts collect and analyze information about cyber threats to provide organizations with insights into the latest threats and trends. This course can help build a foundation in threat intelligence, which is essential for Threat Intelligence Analysts to identify and track cyber threats. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and providing organizations with the information they need to make informed decisions about cybersecurity.
Cybersecurity Analyst
Cybersecurity Analysts monitor and analyze computer systems and networks for security breaches. This course can help build a foundation in threat intelligence, which is essential for Cybersecurity Analysts to detect and respond to cyber threats. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity, analyze logon sessions on compromised hosts, and pinpoint how an attacker has enabled a persistent foothold on the host. These skills are essential to understanding the techniques used by adversaries and taking steps to prevent and mitigate cyberattacks.
Forensic Investigator
Forensic Investigators investigate cyber crimes and collect evidence to support legal proceedings. This course can help build a foundation in threat intelligence, which is essential for Forensic Investigators to identify and track cyber threats. Specifically, this course covers how to analyze logon sessions on compromised hosts and pinpoint how an attacker has enabled a persistent foothold on the host. These skills are essential to understanding the techniques used by adversaries and collecting evidence to support legal proceedings.
Information Security Analyst
Information Security Analysts design, implement, and maintain security measures to protect an organization's information systems. This course can help build a foundation in threat intelligence, which is essential for Information Security Analysts to detect and respond to cyber threats. Specifically, this course covers how to identify adversary activity, analyze logon sessions on compromised hosts, and pinpoint how an attacker has enabled a persistent foothold on the host. These skills are essential to understanding the techniques used by adversaries and implementing effective security measures to protect against them.
Incident Responder
Incident Responders investigate and respond to security breaches. This course can help build a foundation in threat intelligence, which is essential for Incident Responders to detect and respond to cyber threats. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and taking steps to prevent and mitigate cyberattacks.
Cloud Security Engineer
Cloud Security Engineers design and implement security measures to protect cloud computing environments. This course can help build a foundation in threat intelligence, which is essential for Cloud Security Engineers to detect and respond to cyber threats. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and implementing effective security measures to protect cloud environments.
Security Architect
Security Architects design and implement security measures to protect an organization's computer systems and networks. This course can help build a foundation in threat intelligence, which is essential for Security Architects to detect and respond to cyber threats. Specifically, this course covers how to identify adversary activity, analyze logon sessions on compromised hosts, and pinpoint how an attacker has enabled a persistent foothold on the host. These skills are essential to understanding the techniques used by adversaries and implementing effective security measures to protect against them.
Penetration Tester
Penetration Testers identify vulnerabilities in computer systems and networks. This course can help build a foundation in threat intelligence, which is essential for Penetration Testers to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and developing effective penetration testing strategies.
Risk Analyst
Risk Analysts assess the risks to an organization's information systems and develop strategies to mitigate those risks. This course can help build a foundation in threat intelligence, which is essential for Risk Analysts to identify and track cyber threats. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and developing effective risk management strategies.
Security Consultant
Security Consultants provide advice and guidance to organizations on how to improve their cybersecurity posture. This course can help build a foundation in threat intelligence, which is essential for Security Consultants to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and providing organizations with the information they need to make informed decisions about cybersecurity.
Malware Analyst
Malware Analysts analyze malware to identify its capabilities and how it can be used to attack computer systems. This course can help build a foundation in threat intelligence, which is essential for Malware Analysts to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and developing effective strategies to detect and prevent malware attacks.
Security Researcher
Security Researchers identify and analyze new vulnerabilities in computer systems and networks. This course can help build a foundation in threat intelligence, which is essential for Security Researchers to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and developing effective security measures to protect against them.
Information Security Manager
Information Security Managers oversee the security of an organization's computer systems and networks. This course can help build a foundation in threat intelligence, which is essential for Information Security Managers to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and developing effective security strategies to protect an organization's computer systems and networks.
Compliance Analyst
Compliance Analysts ensure that an organization's computer systems and networks comply with applicable laws and regulations. This course can help build a foundation in threat intelligence, which is essential for Compliance Analysts to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and ensuring that an organization's computer systems and networks comply with applicable laws and regulations.
Security Auditor
Security Auditors assess the effectiveness of an organization's cybersecurity program. This course can help build a foundation in threat intelligence, which is essential for Security Auditors to understand the techniques used by adversaries. Specifically, this course covers how to query and analyze network and endpoint logs to identify adversary activity. These skills are essential to understanding the techniques used by adversaries and assessing the effectiveness of an organization's cybersecurity program.

Reading list

We've selected seven books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Threat Intelligence with MSTICPy.
Is an excellent resource for anyone involved in malware analysis. Provides a comprehensive and practical approach to the analysis of malware, from basic techniques to advanced analysis.
Delivers an extensive overview of the incident response and computer forensics process. It covers topics such as incident detection, investigation, and remediation.
Provides a structured approach to threat modeling. It helps you to identify and mitigate threats to your systems and applications.
Comprehensive reference for cryptography. It provides a detailed overview of cryptographic algorithms, protocols, and applications.
Provides insights into the psychological and social aspects of cyber attacks. By delivering hands-on tools and techniques, this book helps you to improve your organization's overall security posture.
Provides a comprehensive overview of data breaches. It covers topics such as data breach prevention, detection, and response.

Share

Help others find this course page by sharing it with your friends and followers:
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser