Threat Hunting: Endpoint Hunting from Pluralsight

Being responsible to go find the anomalies within an environment can be a daunting task. This course will teach you how to hunt through endpoint artifacts to find malicious behavior.

Finding anomalies or malicious artifacts without the help of alerts or defensive mechanisms can be very challenging. In this course, Threat Hunting: Endpoint Hunting, you’ll learn to hunt for specific APT techniques found in endpoint data. First, you’ll explore the various endpoint data sets and how to take advantage of correlation. Next, you’ll discover how to find artifacts related to initial access, implants, and persistence. Finally, you’ll learn how to detect behaviors related to privilege escalation and credential stealing. When you’re finished with this course, you’ll have the skills and knowledge of endpoint hunting needed to provide the proactive approach to security analytics.

What's inside

Syllabus

Course Overview

Endpoint Data Sets

Access and Implants

Persistence

Traffic lights

Read about what's good

what should give you pause

and possible dealbreakers

Teaches threat hunting techniques for endpoint data, which is valuable for IT professionals in cybersecurity

Covers initial access, implants, persistence, privilege escalation, and credential stealing, which are key areas in endpoint hunting

Explores correlation between various endpoint data sets, which is essential for effective threat hunting

Taught by Brandon DeVault, an experienced instructor in endpoint hunting

May require prior knowledge or experience in endpoint hunting or security analysis

Reviews summary

Practical endpoint threat hunting foundations

According to learners, this course provides a solid foundation in endpoint threat hunting, particularly for those looking to develop proactive security analytics skills. Many found the content on endpoint data sets, correlation, and detecting malicious behavior highly valuable and immediately applicable. Students often praised the instructor's clarity and expertise, and the hands-on labs for topics like initial access, implants, and persistence were frequently highlighted as particularly effective. While some older feedback mentioned a potential lack of depth or outdated content, more recent reviews indicate a largely positive experience, suggesting the course either targets its audience more effectively now or has been updated.

Opinions differ on the course's level of detailed coverage.

"The course covers interesting topics, but I found it lacked depth. It felt more like an introduction than a deep dive into threat hunting."

"Some parts felt a bit rushed, especially the privilege escalation section. Could use more practical examples."

"I found the course sufficient for a foundational understanding, but it could expand on advanced topics."

Offers a strong introduction to endpoint hunting principles.

"Solid overview. I appreciated the focus on APT techniques and the breakdown of different attack phases."

"This course demystifies threat hunting. It covers critical areas like initial access and persistence in a very structured way."

"I gained a solid foundation in endpoint threat hunting from this course."

Instructor effectively explains complex threat hunting concepts.

"The instructor's explanations were clear..."

"The instructor is very knowledgeable and explains complex concepts clearly."

"I found the instructor to be knowledgeable and very good at breaking down difficult topics."

Focuses on real-world scenarios and immediate applicability.

"The instructor's explanations were clear, and the hands-on labs for detecting initial access and persistence were extremely practical. I immediately applied some techniques at work."

"The practical approach to finding malicious artifacts without relying on alerts is exactly what I needed. Loved the real-world scenarios."

"I learned how to use practical tools and strategies that I could apply immediately to my work."

Earlier reviews raised concerns about outdated material.

"While the topics are relevant, the course felt dated. Some tools and techniques demonstrated weren't the most current."

"I felt some of the content could benefit from an update to reflect current industry practices."

"I noticed a few tools demonstrated were not the latest versions available, which was a minor drawback."

Some learners noted a need for prior technical understanding.

"Prerequisites weren't clearly stated, and a strong understanding of Windows internals is definitely needed beforehand."

"If you're a complete beginner, it might be overwhelming due to assumed knowledge."

"I wished the course had outlined necessary prior knowledge more explicitly."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Threat Hunting: Endpoint Hunting with these activities:

Connect with Cybersecurity Professionals

Show steps

Expand your professional network and learn from experienced cybersecurity professionals by attending industry events and joining online communities.

Browse courses on Networking

Show steps

Attend industry conferences and meetups to connect with other cybersecurity professionals.
Join online forums and discussion groups related to threat hunting and endpoint security.

Review computer forensics and incident response concepts

Show steps

Review key concepts and techniques in computer forensics and incident response to strengthen your foundational knowledge for this course.

Browse courses on Computer Forensics

Show steps

Revisit textbooks and course materials from previous courses or certifications in computer forensics and incident response.
Go through online resources and articles to refresh your understanding of key concepts and industry best practices.

Explore Threat Hunting Techniques and Tools

Show steps

Enhance your understanding of threat hunting techniques and tools to proactively identify and neutralize potential threats.

Browse courses on Threat Hunting

Show steps

Follow online tutorials or courses on threat hunting methodologies and best practices.
Experiment with open-source threat hunting tools and platforms to gain hands-on experience.

Four other activities

Expand to see all activities and additional details

Show all seven activities

Practice Endpoint Analysis with Wireshark

Show steps

Develop your skills in analyzing endpoint traffic using Wireshark to enhance your ability to detect and investigate threats effectively.

Browse courses on Wireshark

Show steps

Set up a lab environment with Wireshark and capture network traffic from an endpoint.
Analyze captured traffic to identify malicious patterns, suspicious connections, and potential threats.
Use Wireshark filters and plugins to enhance your analysis and detection capabilities.

Attend a Threat Hunting Workshop

Show steps

Gain practical experience and expand your knowledge by attending a workshop specifically focused on threat hunting.

Show steps

Research and identify reputable threat hunting workshops or conferences.
Register for a workshop that aligns with your learning goals and interests.

Develop a Threat Hunting Playbook

Show steps

Solidify your understanding of threat hunting principles and processes by creating a comprehensive playbook that outlines your approach to proactive threat detection and response.

Browse courses on Incident Response Plan

Show steps

Gather information and research best practices for threat hunting.
Define the scope, objectives, and methodologies of your threat hunting program.
Document step-by-step procedures for threat detection, investigation, and response.

Contribute to Open-Source Threat Hunting Projects

Show steps

Deepen your understanding of threat hunting tools and contribute to the cybersecurity community by participating in open-source projects.

Browse courses on Open Source

Show steps

Identify open-source threat hunting tools and projects that align with your interests.
Join the project's community and contribute your skills and expertise.

Career center

Learners who complete Threat Hunting: Endpoint Hunting will develop knowledge and skills that may be useful to these careers:

Systems Administrator

Systems Administrators are responsible for managing and maintaining an organization's computer systems and networks. The course Threat Hunting: Endpoint Hunting can provide Systems Administrators with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for Systems Administrators who need to be able to quickly identify and respond to security threats.

See salaries and explore the career path for Systems Administrator

Security Analyst

Security Analysts are responsible for monitoring and analyzing an organization's security systems and data to identify and respond to security threats. The course Threat Hunting: Endpoint Hunting can provide Security Analysts with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for Security Analysts who need to be able to quickly identify and respond to security threats.

See salaries and explore the career path for Security Analyst

Incident Responder

Incident Responders are responsible for responding to security incidents and breaches. The course Threat Hunting: Endpoint Hunting can provide Incident Responders with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for Incident Responders who need to be able to quickly identify and respond to security incidents.

See salaries and explore the career path for Incident Responder

Forensic Analyst

Forensic Analysts are responsible for investigating security breaches and incidents. The course Threat Hunting: Endpoint Hunting can provide Forensic Analysts with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for Forensic Analysts who need to be able to quickly identify and investigate security breaches and incidents.

See salaries and explore the career path for Forensic Analyst

Malware Analyst

Malware Analysts are responsible for analyzing malware to identify its capabilities and behavior. The course Threat Hunting: Endpoint Hunting can provide Malware Analysts with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for Malware Analysts who need to be able to quickly identify and analyze malware.

See salaries and explore the career path for Malware Analyst

Security Engineer

Security Engineers are responsible for designing, implementing, and maintaining an organization's security systems. The course Threat Hunting: Endpoint Hunting can provide Security Engineers with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for Security Engineers who need to be able to quickly identify and respond to security threats.

See salaries and explore the career path for Security Engineer

Penetration Tester

Penetration Testers are responsible for testing an organization's security systems and infrastructure to identify vulnerabilities. The course Threat Hunting: Endpoint Hunting can provide Penetration Testers with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for Penetration Testers who need to be able to quickly identify and exploit vulnerabilities.

See salaries and explore the career path for Penetration Tester

Network Security Engineer

Network Security Engineers are responsible for designing, implementing, and maintaining an organization's network security systems. The course Threat Hunting: Endpoint Hunting can provide Network Security Engineers with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for Network Security Engineers who need to be able to quickly identify and respond to security threats.

See salaries and explore the career path for Network Security Engineer

Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) is responsible for overseeing an organization's information security program. The course Threat Hunting: Endpoint Hunting can provide CISOs with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for CISOs who need to be able to quickly identify and respond to security threats.

See salaries and explore the career path for Chief Information Security Officer (CISO)

Information Security Manager

Information Security Managers are responsible for managing an organization's information security program. The course Threat Hunting: Endpoint Hunting can provide Information Security Managers with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for Information Security Managers who need to be able to quickly identify and respond to security threats.

See salaries and explore the career path for Information Security Manager

Computer Scientist

Computer Scientists are responsible for designing, developing, and implementing computer systems and applications. The course Threat Hunting: Endpoint Hunting may be useful for Computer Scientists who want to specialize in cybersecurity. The course provides hands-on experience in hunting for malicious behavior using endpoint data, which is a critical skill for Computer Scientists who want to develop secure systems and applications.

See salaries and explore the career path for Computer Scientist

Data Scientist

Data Scientists are responsible for analyzing data to identify patterns and trends. The course Threat Hunting: Endpoint Hunting may be useful for Data Scientists who want to specialize in cybersecurity. The course provides hands-on experience in hunting for malicious behavior using endpoint data, which is a critical skill for Data Scientists who want to develop models and algorithms to detect and prevent security threats.

See salaries and explore the career path for Data Scientist

Cryptographer

Cryptographers are responsible for developing and using encryption algorithms to protect data. The course Threat Hunting: Endpoint Hunting may be useful for Cryptographers who want to specialize in cybersecurity. The course provides hands-on experience in hunting for malicious behavior using endpoint data, which is a critical skill for Cryptographers who want to develop and use encryption algorithms to protect data from security threats.

See salaries and explore the career path for Cryptographer

Cybersecurity Consultant

Cybersecurity Consultants provide advice and guidance to organizations on how to improve their security posture. The course Threat Hunting: Endpoint Hunting can provide Cybersecurity Consultants with the skills and knowledge they need to be successful in their role. The course teaches how to hunt for malicious behavior using endpoint data, which is a critical skill for Cybersecurity Consultants who need to be able to quickly identify and assess threats to an organization's network.

See salaries and explore the career path for Cybersecurity Consultant

Threat Intelligence Analyst

An organization's security landscape is constantly evolving. The Threat Intelligence Analyst plays a vital role in identifying and assessing threats to an organization's information assets. The course Threat Hunting: Endpoint Hunting may be useful for those who want to enter the field of Threat Intelligence. The course provides hands-on experience in hunting for malicious behavior using endpoint data. This experience can be helpful for Threat Intelligence Analysts who need to be able to quickly identify and assess threats to their organization's network.

See salaries and explore the career path for Threat Intelligence Analyst