Just picked up ELS's Threat Hunting Course!

Good day everyone!

I've been curious about what threat hunting really is; and I've been waiting for reviews on ELS's Threat Hunting course.

Looks like it isn't a popular course, but hey, I was inspired by supasecuritybro's thread so I took the dive and paid for the Full version.

Time to dig in, and hopefully I can complete this by Feb, as I'm scheduled to attend the SANS GCIH course in March 18.

If you're looking for mini reviews on this course, I'll (hopefully) be regularly posting my updates in this thread

Find more posts tagged with

Comments

supasecuritybro

Awesome sauce. I am excited to see what you thought of it as well.

chrisone

Awesome Nebula! Looking forward to reading your progress! eLearnSecurity has good content! They are a fast up and coming company!

nebula105

Just breezed through Slides Modules 1 to 3, and these are my thoughts.

1) First 2 deck of slides really talk a lot about Threat Hunting. They're a pretty alright introduction to threat hunting!

2) 3rd module contains mentions of several reports from security vendors that "I should have read, but didn't". These reports either talk about recent attacker trends, or recent malware investigations. I've read some as they are in my news feeds, but I've missed out some. Could be very useful.

I'm so tempted to skip reading the slides and dive straight into the tools but eh, I'll take it slow and steady to absorb all the information I can get

Next up, module 4 (Threat Hunting Methodology) tonight, then some videos!

YuckTheFankees

Looking forward to your full review!

nebula105

Hey guys, just another update! I went through the first 3 videos of the Threat Hunting course and I've happy to say I've gained more knowledge again.

I've seen YARA mentioned here and there, and have been tossed several IOCs (IPs, URLs, hashes) and YARA rules to "look out for and block them on our IPS/Firewall", but I've honestly never had the time to look up more about YARA rules; so I usually toss the YARA files aside.

After going through the first 3 videos, I am ashamed, but happy to say that:

1) I finally understand how YARA rules are created,
2) Understand the purpose of YARA rules.

I'm now moving on to the fourth video; using YARA Rules in Redline.

To be fair, this can all be Google'd online or you can experiment it on your own. But it sure helps when you have an instructor to quickly walk you through!

nebula105

Yet another update!

So, Network Miner, Mandiant Redline, RSA Netwitness Investigator and some options in Wireshark that I never explored.

A few days after I went through the videos, an incident occurred at my organization and I had the opportunity to use the above tools.

Needless to say, it really, really helped me out in the incident; and it's been resolved

.

Slowly moving on to the Sysmon and ELK next!

Khohezion

Keep up the updates! I bought the course too but not gonna work on it until later this year probably.

vynx

someone have experience install elk stack on ubuntu 16.04 ?
i try but got error logstash on port 5044 not running because error like cipher TLS not found ... any advise ?

_nessie_

nebula105 wrote: »

Good day everyone!

I've been curious about what threat hunting really is; and I've been waiting for reviews on ELS's Threat Hunting course.

Looks like it isn't a popular course ...

TBH, you really couldn't expect a lot at the time of writing since it was released December 12th

I'm doing this one as well ATM ..

renzoncruz

What's the update now? I'm very tempted to buy the course now.

Is it good? I am now working as a threat hunter and this would be beneficial for me for sure.

SaSkiller

nebula105 wrote: »

Yet another update!

So, Network Miner, Mandiant Redline, RSA Netwitness Investigator and some options in Wireshark that I never explored.

A few days after I went through the videos, an incident occurred at my organization and I had the opportunity to use the above tools.

Needless to say, it really, really helped me out in the incident; and it's been resolved .

Slowly moving on to the Sysmon and ELK next!

That is very interesting, something to consider. I am interested in updates, I want to know if this data can really be effectively be used to build a threat hunting capability within an organization, and importantly detect threats prior to a known incident.

renzoncruz

Hi there. Any update on your progress? I wanted to buy this course too so I'm looking for a good review if this is worth the price? Thank you.

nebula105

Good day everyone!

I've had to put this on pause, as I'm typing this from the SANS GCIH course!

I will likely only be continuing this from the end of May onwards

renzoncruz

No problem. GCIH is also a nice course specially if John Strand would be your live instructor. Let me know if you need any tips but I believe you can ace the exam even without any guidance from me. I am now working with CFR course and will take the exam next next week and will start my eJPT. After this, I'm planning to buy THP. Goodluck!