Threat Hunting Academy

Enterprises are facing more and more breaches and it’s clear that a pure prevention-based approach is simply not enough.

In this two-day training, we will teach students how to add early detection and response capabilities to their current “defence in depth” security infrastructure.

Not only will students learn what to look for in their environment, but we will also go in-depth into TTP’s (Mitre) and do a deep dive into how these common attack techniques work, to build accurate detections.

Kesto: 2 päivää

Ajankohta: 12.-13.4.2022 ONLINE (GMT +1) !

Hinta: 1700 €


Koulutuksen tarkemmat tiedot



The course is aimed at individuals that want to gain a better understanding in how to design, build, and operate their hunting platform to quickly identify threats. The course is accessible to persons that are part of a SOC, Incident Response or Threat Hunting team, but also to General security practitioners, system administrators and security architects. Companies looking to build their own SOC, or that are looking to make vendor choices for SIEM/EDR solutions will get a clear understanding of how these technologies work, what they can and cannot do, and how they work together.


Familiarity with Linux and Windows is mandatory.

Baseline Hardware Requirements:

Students need to bring their own laptops with the following minimum system requirements:

  • Windows 10 Pro or recent macOS
  • A recent web-browser (Chrome would be preferred)
  • As we are running everything in the cloud, nothing needs to be installed on the student machines

Koulutusmateriaalit ja koulutus ovat englanniksi. Koulutus järjestetään yhteistyössä Exclusive Networksin kanssa.


DAY ONE of this vendor agnostic training will cover how to build your own SOC. The hunting platform, running on an Azure deployed lab environment, will teach students how to collect endpoint telemetry using Windows event logs and sysmon (EDR). We will provide light introductions into using Git, Docker, Elasticsearch, Logstash and Kibana. We will have a look at Microsoft group policies (GPO’s), Windows Eventlog Collection, forwarding and Winlogbeat configuration. Students will get to build their own data lake, log collection and alerting system.

On DAY TWO students will get their own Kali Linux and Windows 10 client, perform Red Team exercises within their environment, and then learn how these common TTP’s (attack techniques – MITRE ATT&CK) work and the underlying methodology to detect them, as performed by a Blue Team:

  • Recon
  • Persistence
  • Privilege Escalation
  • Kerberoasting
  • Code execution and payload delivery
  • Process spawning and Macro weaponization
  • Lateral Movement (Pass the hash)
  • Hacking Fundamentals

    Tällä kurssilla osallistuja pääsee tutustumaan tietoturvaan hyökkääjän näkökulmasta hands-on-tyylisesti. Kurssilla testataan useita erilaisia työkaluja turvallisessa ympäristössä.

  • Hacking Wireless Networks

    Kurssilla tutustutaan langattomien verkkojen haavoittuvuuksiin hakkeroinnin kautta. Osallistuja pääsee kokeilemaan hyökkäystyökaluja, toimintatapoja ja käyttämään niitä nykyaikaisia verkkoja vastaan.

  • Tuotantoverkkojen kyberturvallisuuden perusteet

    Tämä koulutus keskittyy tuotannon tietoturvaan. Koulutusmateriaalit on rakennettu todellisten asiakastilanteiden ja parhaiden käytäntöjen ympärille. Tietoturva kuuluu vahvasti koko organisaatioon, mutta tuotannossa sitä pitää tehdä eri tavalla kuin IT-ympäristöissä.