elearn Threat Hunting

vynx · December 2017

Hi All,

someone know about Threat hunting pro by elearn ?

the_Grinch · December 2017

Looks like they haven't launched as of yet. But I would suspect it will very much be like SANS 511 course.

ottucsak · December 2017

Too soon after the PTX. I would jump on this but the time limited labs mean that I would not have enough time to finish it.

the_Grinch · December 2017

For the person who gave me negative rep for stating that the course would appear to be like the SEC511 course I have a number of points. First, grow up. The comparison was not one in respect to the quality of offerings from either merely speaking to what it might possibly relate to. Second, have some courage and list who you are after giving rep (as I do after every rep positive or negative I give). Third, my suggest would be for you to delete your account (as you so tactfully told me to do) as you are most likely not a valued member of this community.

joneno · December 2017

the_grinch - it's probably one of their marketing staff with a fake ID here. I won't be surprised I get one too lol.

chrisone · December 2017

the_Grinch wrote: »

For the person who gave me negative rep for stating that the course would appear to be like the SEC511 course I have a number of points. First, grow up. The comparison was not one in respect to the quality of offerings from either merely speaking to what it might possibly relate to. Second, have some courage and list who you are after giving rep (as I do after every rep positive or negative I give). Third, my suggest would be for you to delete your account (as you so tactfully told me to do) as you are most likely not a valued member of this community.

dude I got a bad rep for my 2016 goals lol like seriously I had no idea my certification goals had that affect on people lol

You are right, that type of stuff brings no value to our community.

vynx · December 2017

so its more likely SOC operations / monitoring ?

EnderWiggin · December 2017

vynx wrote: »

so its more likely SOC operations / monitoring ?

It's more likely to deal with threat hunting

the_Grinch · December 2017

Ender is correct, it appears they are targeting threat hunting specifically. You'll most likely use data from your monitoring tools in order to hunt so I suspect you'll see the use of monitoring tools.

boot · December 2017

ottucsak wrote: »

Too soon after the PTX. I would jump on this but the time limited labs mean that I would not have enough time to finish it.

From the name as well as the visuals, this seems blue-team focused. PTX is very red-team focused. While most organizations in practice have some overlap between those areas, it's fair to say the two courses have different target audiences. It's not yet another addition to their linear penetration testing lineup (PTS/PTP/PTX).

vynx · December 2017

from els blog :
"Nobody wants to have their security teams merely reacting to a threat or attack—if you can spot an attack happening, it’s probably too late. Blue teamers have to seek out enemies around the perimeter in order to secure their positions.With THP, security professionals will be instilled with a ‘hunter mindset,’ and be taught the skills to proactively hunt threats in the network or endpoint. Based on the latest attacker TTPs, and using Threat Intelligence and IOCs, the course will help defenders keep their organizations several steps ahead of potential adversaries."

so its more to blue team course i guess ...

cyberguypr · December 2017

Threat hunting IS a blue team endeavor. For those unfamiliar with the concept head here for a quick read: https://sqrrl.com/media/Framework-for-Threat-Hunting-Whitepaper.pdf

vynx · December 2017

cyberguypr wrote: »

Threat hunting IS a blue team endeavor. For those unfamiliar with the concept head here for a quick read: https://sqrrl.com/media/Framework-for-Threat-Hunting-Whitepaper.pdf

any other whitepaper maybe? that vendor neutral ...

chrisone · December 2017

I honestly think this is a good move for elearnsecurity. Introducing a blue team and a red team focused courses targets the needs of many companies.

JensBada · December 2017

joneno wrote: »

the_grinch - it's probably one of their marketing staff with a fake ID here. I won't be surprised I get one too lol.

Jens here from eLS - No we didn't

You should know by now that we are happy about all honest and real comments and suggestions from you guys, whatever direction they go

THP will be revealed soon enough btw, only 1 week to go...

the_Grinch · December 2017

JensBada wrote: »

Jens here from eLS - No we didn't
You should know by now that we are happy about all honest and real comments and suggestions from you guys, whatever direction they go
THP will be revealed soon enough btw, only 1 week to go...

Pretty sure he was referring to the other company and not yours

JensBada · December 2017

the_Grinch wrote: »

Pretty sure he was referring to the other company and not yours

Makes sense - Glad that was cleared up

vynx · December 2017

someone join webinar? any recommendation for this course?

monkykap · December 2017

Wanted to really

like this course since this is a super relevant skill and involves my day to day work (logging pipeline/threat hunting). But unfortunately i've already dug into some of these topics that concern threat hunting at scale such and Windows Events, ELK, sysmon, looking for PTH etc. But i'm afraid it probably only covers these topics at a surface level which would not help me that much. The course also looks really short, only 3 sections with one section full intro on things such as what is incident response, threat hunting, IOC, STIX. Basically introduction into what could be several courses (Threat Intelligence, Incident Response/Forensics, SIEM, Threat-hunting). Therefore it only covers surface level of these topics (like using redline). If it had just focused on threat-hunting and specific use cases i think it would have warranted the purchase. Only conceivable way would be 4 in a box promotion if i could get it covered in next year's training budget. On it's own i can't justify taking this course...

monkykap · December 2017

Here's a good resource to understand the Windows Event/SYSMON -> ELK stuff https://www.root9b.com/sites/default/files/whitepapers/R9B_blog_005_whitepaper_01.pdf

Theres plenty of papers, posts on detecting the stuff listed in section 3.4. Section 2 is a bit vague but most everything else you can find.

vynx · December 2017

do you will take ptx also ?

monkykap wrote: »

Wanted to really like this course since this is a super relevant skill and involves my day to day work (logging pipeline/threat hunting). But unfortunately i've already dug into some of these topics that concern threat hunting at scale such and Windows Events, ELK, sysmon, looking for PTH etc. But i'm afraid it probably only covers these topics at a surface level which would not help me that much. The course also looks really short, only 3 sections with one section full intro on things such as what is incident response, threat hunting, IOC, STIX. Basically introduction into what could be several courses (Threat Intelligence, Incident Response/Forensics, SIEM, Threat-hunting). Therefore it only covers surface level of these topics (like using redline). If it had just focused on threat-hunting and specific use cases i think it would have warranted the purchase. Only conceivable way would be 4 in a box promotion if i could get it covered in next year's training budget. On it's own i can't justify taking this course...

monkykap · December 2017

i have not taken either... these are just my opinion based on the syllabus and demo. While PTX sounds fun, no real value to me occupationally. the threat hunting course could provide some value to my daily work and goals so i am on the fence on taking it.

chopsticks · December 2017

To be back at this thread.

jamesleecoleman · December 2017

Gosh if only I had the smarts, money and time to do this one. Looks really interesting but just a little too expensive.

the_Grinch · December 2017

I'd say, based off of the syllabus, it is a very good introduction to threat hunting (maybe slightly more than an intro). Having worked with ELK I can tell you that having some sort of training on it for this work in particular is a Godsend. When we deployed it not very many were using it for such a purpose (even the company behind ELK were at a bit of the loss when we described our use case at their training). I'd say if you're looking to get into the threat hunting space (industry seems to be moving towards in for several years now) this would be a great start (especially with the open source focus).

McxRisley · December 2017

I can't help but notice they are gradually increasing their prices with every course they roll out. Also, they have been putting a lot of content lately as well. Just my 2 cents but I wont be buying any of their material anytime soon. Especially since a lot of what their courses have to offer can easily be found online for free. Now I realize this is the case for a lot of things BUT there are some courses that you cant learn everything they have to offer by using google and I feel that a lot of their courses are able to be learned by googling.

cyberguypr · December 2017

McxRisley wrote: »

...lot of what their courses have to offer can easily be found online for free...

Well, this applies to virtually everything that is not vendor-specific. SANS has made millions with this model so it definitely works and it's obvious there's tangible value with structured learning for many.

EnderWiggin · December 2017

This course and PTX feel like they're both half courses... They don't really have enough content to stand on their own separately. If the two were combined together, then it would be a solid course, but alone? Neither is worth it... Especially not at a price that's higher than the rest of eLS courses.

vynx · December 2017

i also thinking similar with you, better become one course than two. unless they have plan to revise it/add more content in the future.

EnderWiggin wrote: »

This course and PTX feel like they're both half courses... They don't really have enough content to stand on their own separately. If the two were combined together, then it would be a solid course, but alone? Neither is worth it... Especially not at a price that's higher than the rest of eLS courses.

McxRisley · December 2017

cyberguypr wrote: »

Well, this applies to virtually everything that is not vendor-specific. SANS has made millions with this model so it definitely works and it's obvious there's tangible value with structured learning for many.

If you read the rest of what I said, "Now I realize this is the case for a lot of things BUT there are some courses that you can't learn everything they have to offer by using google", I don't disagree with you. People take SANS training for the experience with the instructors and the unique stories and methods of learning things. eLS offers NONE OF THOSE THINGS and carries no weight in the industry as of right now either.

EDIT: Apparently somebody doesn't like my opinions on eLS either. Thanks for the negative rep! (as if I care)

jamesleecoleman · December 2017

McxRisley wrote: »

If you read the rest of what I said, "Now I realize this is the case for a lot of things BUT there are some courses that you can't learn everything they have to offer by using google", I don't disagree with you. People take SANS training for the experience with the instructors and the unique stories and methods of learning things. eLS offers NONE OF THOSE THINGS and carries no weight in the industry as of right now either.

EDIT: Apparently somebody doesn't like my opinions on eLS either. Thanks for the negative rep! (as if I care)

What weight would you be talking about?

There are some positions asking for the eCPPT but not a lot.
There is some over lapping knowledge between what eLS provides along with other vendors.

I'm a little confused as to where the 'no weight' came in from.

elearn Threat Hunting

Comments