1. Lab Setup
-
1. Download VMWare Workstation Pro (2:53)
-
1.1 VMWare Workstation Pro Trial
-
2. Install VMWare Workstation Pro (2:34)
-
3. Download Kali Linux VM (1:52)
-
4. Install Kali Linux VM (5:32)
-
5. Configure Kali Linux VM pimpmykali.sh (5:52)
-
6. Configure Kali Linux VM TMUX (7:32)
-
7. Configure Kali Linux VM Odds and Ends (7:09)
2. Malicious PCAP Acquisition
3. Tools and resources
4. Threat Hunting Concepts
5. The Methodical Guide to Effective Threat Hunting
-
1. Finding Beacons Long and Cumulative Connections (20:00)
-
2. Finding Beacons Business Need Analysis (Part 1) (9:37)
-
3. Finding Beacons Business Need Analysis (Part 2) (10:01)
-
4. Finding Beacons Business Need Analysis (Part 3) (10:14)
-
5. Finding Beacons Business Need Analysis (Part 4) (15:43)
-
6. Finding Beacons Unexpected app on Standard Port (11:23)
-
7. Finding Beacons Unexpected Protocol Behavior (2:28)
-
8. Finding Beacons Destination IP Reputation Check (2:36)
-
9. Finding Beacons Internal Endpoint Investigation (4:47)
6. Proofs Detecting False Negatives
7. The Ultimate Learning Environment Detection Lab
-
1. How to setup the Detection Lab in Windows (2:09)
-
10. Domain Controller Setup (6:42)
-
11. Windows Event Forwarder Setup (7:04)
-
12. Windows 10 Endpoint Setup (1:31)
-
2. What you will build! (6:40)
-
3. Installing Vagrant Desktop (1:40)
-
4. Installing the Vagrant VMWare Plugin (1:35)
-
5. Installing the Vagrant VMWare Utility (2:00)
-
6. Downloading the DetectionLab (2:29)
-
7. Prepping the DetectionLab (7:24)
-
8. Setting up the VMWare Network (2:50)
-
9. Logger Setup (4:34)
8. Threat Hunting Hands on Practice
-
1. Threat Hunting with Splunk + Zeek (28:00)
-
2. Threat Hunting with Splunk + Sysmon (14:03)
-
3. Threat Hunting with OS Query + Fleet (9:52)
-
4. Threat Hunting with Velociraptor (10:53)
-
5. Purple Team Scenario Mimikatz (11:33)
-
6. Purple Team Scenario Meterpreter + MSFVenom + Process Injection + Velociraptor! (17:53)
-
7. Adversary Emulation Atomic Red Team + MITRE ATT&CK (19:23)
-
8. Adversary Emulation Purple Sharp (5:33)
-
9. Adversary Emulation Sysmon Simulator (5:51)
-
10. Adversary Emulation Caldera (32:51)
-
11. Adversary Emulation Prelude Operator (10:28)
-
12. Enhanced Lab Realism Bad Blood + Microsoft ATA + Bloodhound! (29:10)
-
13. Splunk Boss of the SOC (BOTS) (4:24)
-
14. Bonus! Adversary Tooling The C2 Matrix! (5:53)
