Curriculum
- 7 Sections
- 65 Lessons
- 12 Weeks
Expand all sectionsCollapse all sections
- Module 1: Threat Landscape and Incident Readiness5
- Module 2: Remote Triage and Its Tools6
- Module 3: Acquiring Memory and Disk Imaging8
- Module 4: Network Security Monitoring2
- Module 5: Event Log, Memory, and Malware Analysis18
- 5.1Understanding Event Logs
- 5.2Account‐Related Events
- 5.3Object Access
- 5.4Auditing System Configuration Changes
- 5.5Process Auditing
- 5.6Auditing PowerShell Use
- 5.7Using PowerShell to Query Event Logs
- 5.8Importance of Baselines
- 5.9Sources of Memory Data
- 5.10Using Volatility and Rekall
- 5.11Examining Processes
- 5.12Examining Processes
- 5.13Examining Network Activity
- 5.14Detecting Anomalies
- 5.15Online Analysis Services
- 5.16Static Analysis
- 5.17Dynamic Analysis
- 5.18Reverse Engineering
- Module 6: Disk Forensics and Lateral Movement Analysis21
- 6.1Forensics Tools
- 6.2Time Stamp Analysis
- 6.3Link Files and Jump Lists
- 6.4Prefetch
- 6.5System Resource Usage Monitor
- 6.6Registry Analysis
- 6.7Browser Activity
- 6.8USN Journal
- 6.9Volume Shadow Copies
- 6.10Automated Triage
- 6.11Linux/UNIX System Artefacts
- 6.12Server Message Block
- 6.13Kerberos Attacks
- 6.14PsExec
- 6.15Scheduled Tasks
- 6.16Service Controller
- 6.17Remote Desktop Protocol
- 6.18Windows Management Instrumentation
- 6.19Windows Remote Management
- 6.20PowerShell Remoting
- 6.21SSH Tunnels and Other Pivots
- Module 7: Continuous Improvement and Proactive Activities5
Threat Hunting
Prev