$1,799.99 – $2,000

Intrusion Analysis and Threat Hunting with Suricata - Washington, DC

Event Information

Share this event

Date and Time

Location

Location

MicroTek

1110 Vermont Avenue Northwest

#700

Washington, DC 20005

View Map

Refund Policy

Refund Policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Event description
Learn how to dig deep into network traffic to identify evidence of a compromise, deal with new attacks, and search for undetected breaches.

About this Event

Closing the gap between when an infection occurs and when it is detected is a key goal of an effective threat hunting program. While many security solutions focus on detecting adversarial activity in real time, skilled threat actors have demonstrated the ability to bypass these security tools. This can leave an organization vulnerable to further compromise and data breaches. Having the right data available during an incident or when performing proactive threat hunting activities is crucial for success. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this course, attendees will learn the skills required to identify, respond and protect against threats in their network day to day as well as identify new threats through structured data aggregation and analysis. Adversary tactics and techniques from delivery mechanisms to post-infection traffic and data exfiltration will be explored in-depth to gain comprehensive analysis experience. Hands-on labs consisting of real-world malware and network traffic will reinforce course concepts while utilizing the latest Suricata features. By the end of this course, you will have the knowledge and skills to seek out indicators of anomalous or malicious activity in your network traffic and discover threats you have been missing!

This course will cover the fundamental aspects of Suricata such as rule comprehension, managing rule sets, validating alerts, working through false positive/negatives and customizing rules to provide more visibility into your traffic. In-depth analysis of network traffic and the development of threat hunting strategies to detect anomalous or malicious activity will be accomplished with tools such as Moloch, Kibana and CyberChef. Hands-on real-world exercises will be used to reinforce the detection techniques and tactics explained throughout the course. Threat intelligence feeds and other online resources will also be explored to learn how to pivot between data sources while performing proactive threat hunting activities. This is an ideal course for security analysts, blue teams and malware researchers to get hands-on diving deep into malicious traffic.

Course Agenda

Day 1

  • Introduction to Threat Hunting and Training Resources
  • Understanding Malware Phases of Operation
  • Delivery Mechanisms
  • Malicious office documents
  • Identify common tactics for command and control activity, such as the use of PowerShell and other living off the land techniques
  • Analyze network traffic to build effective detection and hunt strategies
  • Data Visualizations

Day 2

  • Understanding Rules and Rulesets
  • Post-Infection Analysis
  • Understanding command and control, check-ins and beaconing activity
  • TLS traffic and utilizing JA3
  • Analyzing lateral movement
  • Data Exfiltration and Further Compromise

Who should attend:

  • Security administrators
  • Enterprise defenders
  • Incident responders
  • Security operations specialist
  • Security analysts
  • Malware analysts

Pre-Requisites:

  • Be able to import and run a VM with a minimum of 2 vCPUs and 6 GB RAM
  • Basic understanding of IDS/IPS/NSM principles
  • Networking
  • Linux familiarity
Share with friends

Date and Time

Location

MicroTek

1110 Vermont Avenue Northwest

#700

Washington, DC 20005

View Map

Refund Policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved