+ Reply to Thread
Results 1 to 15 of 15
  1. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    60

    Certifications
    Network+, SSCP, CHFI, eJPT, GCIH
    #1

    Talking Just picked up ELS's Threat Hunting Course!

    Good day everyone!

    I've been curious about what threat hunting really is; and I've been waiting for reviews on ELS's Threat Hunting course.


    Looks like it isn't a popular course, but hey, I was inspired by supasecuritybro's thread so I took the dive and paid for the Full version.


    Time to dig in, and hopefully I can complete this by Feb, as I'm scheduled to attend the SANS GCIH course in March 18.

    If you're looking for mini reviews on this course, I'll (hopefully) be regularly posting my updates in this thread
    Reply With Quote Quote  

  2. SS
  3. Senior Member supasecuritybro's Avatar
    Join Date
    Jul 2015
    Location
    Miami, FL
    Posts
    201

    Certifications
    CISSP, GPEN, GWAPT, eJPT, CySA+
    #2
    Awesome sauce. I am excited to see what you thought of it as well.
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: AWS Solutions Architect - Associate
    Five Year Plan:​ eCTHP (paused again), eCPPT (paused), RHCSA, CISM, OSCP, more SANS as they come
    Book/CBT/Study Material:​ AWS Material
    Reply With Quote Quote  

  4. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,726

    Certifications
    eCPPT, CISSP, CCDP, CCNP R/S, CCNP Security (Secure,FW), LFCS, CEH, PA ACE
    #3
    Awesome Nebula! Looking forward to reading your progress! eLearnSecurity has good content! They are a fast up and coming company!
    2018 Goals: SANS Advanced Security Essentials - Enterprise Defender (complete, not going for cert), SpecterOps: Adversary Tactics Red Team OPS (complete), eCPPT (obtained), OSCP PWK (2nd Attempt), Demystifying Regular Expressions (in progress), SLAE (October Start), OSCE CTP (DEC Start)
    Reply With Quote Quote  

  5. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    60

    Certifications
    Network+, SSCP, CHFI, eJPT, GCIH
    #4

    Wink Death by Slides!

    Just breezed through Slides Modules 1 to 3, and these are my thoughts.

    1) First 2 deck of slides really talk a lot about Threat Hunting. They're a pretty alright introduction to threat hunting!

    2) 3rd module contains mentions of several reports from security vendors that "I should have read, but didn't". These reports either talk about recent attacker trends, or recent malware investigations. I've read some as they are in my news feeds, but I've missed out some. Could be very useful.


    I'm so tempted to skip reading the slides and dive straight into the tools but eh, I'll take it slow and steady to absorb all the information I can get


    Next up, module 4 (Threat Hunting Methodology) tonight, then some videos!
    Reply With Quote Quote  

  6. Senior Member YuckTheFankees's Avatar
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,255

    Certifications
    A few..
    #5
    Looking forward to your full review!
    Reply With Quote Quote  

  7. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    60

    Certifications
    Network+, SSCP, CHFI, eJPT, GCIH
    #6

    Default Yara and YaraGen

    Hey guys, just another update! I went through the first 3 videos of the Threat Hunting course and I've happy to say I've gained more knowledge again.

    I've seen YARA mentioned here and there, and have been tossed several IOCs (IPs, URLs, hashes) and YARA rules to "look out for and block them on our IPS/Firewall", but I've honestly never had the time to look up more about YARA rules; so I usually toss the YARA files aside.

    After going through the first 3 videos, I am ashamed, but happy to say that:

    1) I finally understand how YARA rules are created,
    2) Understand the purpose of YARA rules.

    I'm now moving on to the fourth video; using YARA Rules in Redline.


    To be fair, this can all be Google'd online or you can experiment it on your own. But it sure helps when you have an instructor to quickly walk you through!
    Reply With Quote Quote  

  8. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    60

    Certifications
    Network+, SSCP, CHFI, eJPT, GCIH
    #7
    Yet another update!

    So, Network Miner, Mandiant Redline, RSA Netwitness Investigator and some options in Wireshark that I never explored.

    A few days after I went through the videos, an incident occurred at my organization and I had the opportunity to use the above tools.

    Needless to say, it really, really helped me out in the incident; and it's been resolved .


    Slowly moving on to the Sysmon and ELK next!
    Reply With Quote Quote  

  9. Member
    Join Date
    Jun 2015
    Posts
    55

    Certifications
    Security+ eJPT
    #8
    Keep up the updates! I bought the course too but not gonna work on it until later this year probably.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    May 2017
    Posts
    146
    #9
    someone have experience install elk stack on ubuntu 16.04 ?
    i try but got error logstash on port 5044 not running because error like cipher TLS not found ... any advise ?
    Reply With Quote Quote  

  11. Member
    Join Date
    Jan 2014
    Posts
    39

    Certifications
    CISSP, eJPT, OSWP, GCIH, eNDP, GICSP, GPEN, GCTI, eCPPT, GCFA, eCTHP, GRID, GCFE, GCWN
    #10
    Quote Originally Posted by nebula105 View Post
    Good day everyone!

    I've been curious about what threat hunting really is; and I've been waiting for reviews on ELS's Threat Hunting course.


    Looks like it isn't a popular course ...
    TBH, you really couldn't expect a lot at the time of writing since it was released December 12th
    I'm doing this one as well ATM ..
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Feb 2017
    Location
    Doha, Qatar
    Posts
    14

    Certifications
    GCIH | CFR | eJPT | MCP | MCS | ITILv3 | ECDFP(pending)
    #11
    What's the update now? I'm very tempted to buy the course now.

    Is it good? I am now working as a threat hunter and this would be beneficial for me for sure.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Feb 2015
    Location
    Tampa, FL
    Posts
    314

    Certifications
    GPEN/GCIH/OSWP
    #12
    Quote Originally Posted by nebula105 View Post
    Yet another update!

    So, Network Miner, Mandiant Redline, RSA Netwitness Investigator and some options in Wireshark that I never explored.

    A few days after I went through the videos, an incident occurred at my organization and I had the opportunity to use the above tools.

    Needless to say, it really, really helped me out in the incident; and it's been resolved .


    Slowly moving on to the Sysmon and ELK next!
    That is very interesting, something to consider. I am interested in updates, I want to know if this data can really be effectively be used to build a threat hunting capability within an organization, and importantly detect threats prior to a known incident.
    Reply With Quote Quote  

  14. Junior Member
    Join Date
    Feb 2017
    Location
    Doha, Qatar
    Posts
    14

    Certifications
    GCIH | CFR | eJPT | MCP | MCS | ITILv3 | ECDFP(pending)
    #13
    Hi there. Any update on your progress? I wanted to buy this course too so I'm looking for a good review if this is worth the price? Thank you.
    Reply With Quote Quote  

  15. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    60

    Certifications
    Network+, SSCP, CHFI, eJPT, GCIH
    #14
    Good day everyone!

    I've had to put this on pause, as I'm typing this from the SANS GCIH course!

    I will likely only be continuing this from the end of May onwards :/
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Feb 2017
    Location
    Doha, Qatar
    Posts
    14

    Certifications
    GCIH | CFR | eJPT | MCP | MCS | ITILv3 | ECDFP(pending)
    #15
    No problem. GCIH is also a nice course specially if John Strand would be your live instructor. Let me know if you need any tips but I believe you can ace the exam even without any guidance from me. I am now working with CFR course and will take the exam next next week and will start my eJPT. After this, I'm planning to buy THP. Goodluck!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks