search menu icon-carat-right cmu-wordmark

Hands-on Threat Detection and Hunt

This four day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Cybersecurity topics such as network monitoring, intrusion detection and response, digital forensics, and threat hunting will offer a comprehensive defense-in-depth experience. Each participant will have direct administrative access to a wide variety of networked systems which will be leveraged throughout the course. Instruction will consist of cybersecurity tool demonstrations, individual labs, and team-based exercises modeled from real-world threat scenarios.

As part of an internal security team, you will use a set of already deployed cybersecurity tools to detect and respond to malicious activity on your network. A series of quizzes and automated checks will be used to prompt your investigation and evaluate your understanding of the ongoing events. Three team-based scenarios will be used along with several individual hands-on exercises to build critical cyber skills. This course also provides hands-on experience with some latest developments in cybersecurity to include threat hunting and remote live forensics.

Audience

Technical staff members who manage or support networked information systems and have

  • two years of practical experience with networked systems or equivalent training/education
  • some degree of familiarity with the ISO/OSI 7-layered reference model as well as TCP/IP, and major network operating systems such as Windows and Linux

Objectives

This course will help participants to

  • Identify and react to real-world cybersecurity threats in a controlled, safe learning environment
  • Analyze real-time network activities using Intrusion Detection Systems, Network Packet Captures, Connection Logs, and other monitoring tools
  • Adapt knowledge and skills to a diverse set of cybersecurity tools
  • Collaborate with immediate and extended Incident Response team members
  • Proactively hunt for threats in a network
  • Interrogate systems for Indicators of Compromise (IOCs)
  • Perform Volatile and Persistent System Data Analysis, and remote live forensics/li>

Topics

  • Network and System Monitoring
  • Event Collection, Analysis, and Correlation
  • Incident detection and response
  • Digital Investigation (aka Forensics) Best Practices
  • Volatile and Persistent System Data Analysis
  • Common Cyber Attacks and Preventive Measures
  • Threat Hunting
  • Remote live forensics

Materials

Participants will receive course handouts with lectures and lab manuals.

Prerequisites

This course has no prerequisites.

Dates Offered

Schedule

This four-day course meets at the following times:

Days 1-4, 8:30 a.m.-4:30 p.m.

This course may be offered by special arrangement at customer sites. For details, please email course-info@sei.cmu.edu or telephone at +1 412-268-1817.

Course Questions?

Email: course-info@sei.cmu.edu
Phone: 412-268-7388
FAX: 412-268-7401

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.