+ Reply to Thread
Results 1 to 7 of 7
  1. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    42

    Certifications
    Network+, MTA 98-349, MTA 98-365, SSCP, CHFI, eJPT
    #1

    Talking Just picked up ELS's Threat Hunting Course!

    Good day everyone!

    I've been curious about what threat hunting really is; and I've been waiting for reviews on ELS's Threat Hunting course.


    Looks like it isn't a popular course, but hey, I was inspired by supasecuritybro's thread so I took the dive and paid for the Full version.


    Time to dig in, and hopefully I can complete this by Feb, as I'm scheduled to attend the SANS GCIH course in March 18.

    If you're looking for mini reviews on this course, I'll (hopefully) be regularly posting my updates in this thread
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member supasecuritybro's Avatar
    Join Date
    Jul 2015
    Location
    Miami, FL
    Posts
    178

    Certifications
    CISSP, GPEN, eJPT, CSA+
    #2
    Awesome sauce. I am excited to see what you thought of it as well.
    Completed: CISSP, GPEN, eJPT, CSA+, M.S. Information Security
    Current Goal: eCPPT (paused), eCTHP
    Five Year Plan:​ RHCSA, CISM, OSCP, more SANS as they come
    Book/CBT/Study Material:​ Python for Security Professional (Cybrary)
    Reply With Quote Quote  

  4. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,613

    Certifications
    SpecterOps: Powershell Adversary Tactics, SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , LFCS, C|EH , PA ACE
    #3
    Awesome Nebula! Looking forward to reading your progress! eLearnSecurity has good content! They are a fast up and coming company!
    2018 Goals: eCPPT (2nd attempt), OSCP, Dark Side OPS 2: Adversary Simulation
    Reply With Quote Quote  

  5. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    42

    Certifications
    Network+, MTA 98-349, MTA 98-365, SSCP, CHFI, eJPT
    #4

    Wink Death by Slides!

    Just breezed through Slides Modules 1 to 3, and these are my thoughts.

    1) First 2 deck of slides really talk a lot about Threat Hunting. They're a pretty alright introduction to threat hunting!

    2) 3rd module contains mentions of several reports from security vendors that "I should have read, but didn't". These reports either talk about recent attacker trends, or recent malware investigations. I've read some as they are in my news feeds, but I've missed out some. Could be very useful.


    I'm so tempted to skip reading the slides and dive straight into the tools but eh, I'll take it slow and steady to absorb all the information I can get


    Next up, module 4 (Threat Hunting Methodology) tonight, then some videos!
    Reply With Quote Quote  

  6. Senior Member YuckTheFankees's Avatar
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,235

    Certifications
    A few..
    #5
    Looking forward to your full review!
    Reply With Quote Quote  

  7. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    42

    Certifications
    Network+, MTA 98-349, MTA 98-365, SSCP, CHFI, eJPT
    #6

    Default Yara and YaraGen

    Hey guys, just another update! I went through the first 3 videos of the Threat Hunting course and I've happy to say I've gained more knowledge again.

    I've seen YARA mentioned here and there, and have been tossed several IOCs (IPs, URLs, hashes) and YARA rules to "look out for and block them on our IPS/Firewall", but I've honestly never had the time to look up more about YARA rules; so I usually toss the YARA files aside.

    After going through the first 3 videos, I am ashamed, but happy to say that:

    1) I finally understand how YARA rules are created,
    2) Understand the purpose of YARA rules.

    I'm now moving on to the fourth video; using YARA Rules in Redline.


    To be fair, this can all be Google'd online or you can experiment it on your own. But it sure helps when you have an instructor to quickly walk you through!
    Reply With Quote Quote  

  8. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    42

    Certifications
    Network+, MTA 98-349, MTA 98-365, SSCP, CHFI, eJPT
    #7
    Yet another update!

    So, Network Miner, Mandiant Redline, RSA Netwitness Investigator and some options in Wireshark that I never explored.

    A few days after I went through the videos, an incident occurred at my organization and I had the opportunity to use the above tools.

    Needless to say, it really, really helped me out in the incident; and it's been resolved .


    Slowly moving on to the Sysmon and ELK next!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks