elearn Threat Hunting

vynxvynx Posts: 153Member ■■□□□□□□□□
Hi All,

someone know about Threat hunting pro by elearn ?
«1

Comments

  • the_Grinchthe_Grinch Posts: 4,162Member ■■■■■■■■■■
    Looks like they haven't launched as of yet. But I would suspect it will very much be like SANS 511 course.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • ottucsakottucsak Posts: 146Member ■■■■□□□□□□
    Too soon after the PTX. I would jump on this but the time limited labs mean that I would not have enough time to finish it.
  • the_Grinchthe_Grinch Posts: 4,162Member ■■■■■■■■■■
    For the person who gave me negative rep for stating that the course would appear to be like the SEC511 course I have a number of points. First, grow up. The comparison was not one in respect to the quality of offerings from either merely speaking to what it might possibly relate to. Second, have some courage and list who you are after giving rep (as I do after every rep positive or negative I give). Third, my suggest would be for you to delete your account (as you so tactfully told me to do) as you are most likely not a valued member of this community.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • jonenojoneno Posts: 257Member ■■■■□□□□□□
    the_grinch - it's probably one of their marketing staff with a fake ID here. I won't be surprised I get one too lol.
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,902Member ■■■■■■■■□□
    the_Grinch wrote: »
    For the person who gave me negative rep for stating that the course would appear to be like the SEC511 course I have a number of points. First, grow up. The comparison was not one in respect to the quality of offerings from either merely speaking to what it might possibly relate to. Second, have some courage and list who you are after giving rep (as I do after every rep positive or negative I give). Third, my suggest would be for you to delete your account (as you so tactfully told me to do) as you are most likely not a valued member of this community.

    dude I got a bad rep for my 2016 goals lol like seriously I had no idea my certification goals had that affect on people lol

    You are right, that type of stuff brings no value to our community.
    2020 Goals:
    Courses: TBD
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • vynxvynx Posts: 153Member ■■□□□□□□□□
    so its more likely SOC operations / monitoring ?
  • EnderWigginEnderWiggin Posts: 551Member ■■■■□□□□□□
    vynx wrote: »
    so its more likely SOC operations / monitoring ?
    It's more likely to deal with threat hunting
  • the_Grinchthe_Grinch Posts: 4,162Member ■■■■■■■■■■
    Ender is correct, it appears they are targeting threat hunting specifically. You'll most likely use data from your monitoring tools in order to hunt so I suspect you'll see the use of monitoring tools.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • bootboot Posts: 22Member ■□□□□□□□□□
    ottucsak wrote: »
    Too soon after the PTX. I would jump on this but the time limited labs mean that I would not have enough time to finish it.

    From the name as well as the visuals, this seems blue-team focused. PTX is very red-team focused. While most organizations in practice have some overlap between those areas, it's fair to say the two courses have different target audiences. It's not yet another addition to their linear penetration testing lineup (PTS/PTP/PTX).
  • vynxvynx Posts: 153Member ■■□□□□□□□□
    from els blog :
    "Nobody wants to have their security teams merely reacting to a threat or attack—if you can spot an attack happening, it’s probably too late. Blue teamers have to seek out enemies around the perimeter in order to secure their positions.With THP, security professionals will be instilled with a ‘hunter mindset,’ and be taught the skills to proactively hunt threats in the network or endpoint. Based on the latest attacker TTPs, and using Threat Intelligence and IOCs, the course will help defenders keep their organizations several steps ahead of potential adversaries."

    so its more to blue team course i guess ...
  • cyberguyprcyberguypr Senior Member Posts: 6,847Mod Mod
    Threat hunting IS a blue team endeavor. For those unfamiliar with the concept head here for a quick read: https://sqrrl.com/media/Framework-for-Threat-Hunting-Whitepaper.pdf
  • vynxvynx Posts: 153Member ■■□□□□□□□□
    cyberguypr wrote: »
    Threat hunting IS a blue team endeavor. For those unfamiliar with the concept head here for a quick read: https://sqrrl.com/media/Framework-for-Threat-Hunting-Whitepaper.pdf

    any other whitepaper maybe? that vendor neutral ...
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,902Member ■■■■■■■■□□
    I honestly think this is a good move for elearnsecurity. Introducing a blue team and a red team focused courses targets the needs of many companies.
    2020 Goals:
    Courses: TBD
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • JensBadaJensBada Posts: 14Member ■□□□□□□□□□
    joneno wrote: »
    the_grinch - it's probably one of their marketing staff with a fake ID here. I won't be surprised I get one too lol.


    Jens here from eLS - No we didn't icon_rolleyes.gif
    You should know by now that we are happy about all honest and real comments and suggestions from you guys, whatever direction they go icon_cheers.gif
    THP will be revealed soon enough btw, only 1 week to go...
  • the_Grinchthe_Grinch Posts: 4,162Member ■■■■■■■■■■
    JensBada wrote: »
    Jens here from eLS - No we didn't icon_rolleyes.gif
    You should know by now that we are happy about all honest and real comments and suggestions from you guys, whatever direction they go icon_cheers.gif
    THP will be revealed soon enough btw, only 1 week to go...

    Pretty sure he was referring to the other company and not yours ;)
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JensBadaJensBada Posts: 14Member ■□□□□□□□□□
    the_Grinch wrote: »
    Pretty sure he was referring to the other company and not yours ;)

    Makes sense - Glad that was cleared up bowing.gifbowing.gif
  • vynxvynx Posts: 153Member ■■□□□□□□□□
    someone join webinar? any recommendation for this course?
  • monkykapmonkykap Posts: 24Member ■□□□□□□□□□
    Wanted to reallyicon_cheers.gif like this course since this is a super relevant skill and involves my day to day work (logging pipeline/threat hunting). But unfortunately i've already dug into some of these topics that concern threat hunting at scale such and Windows Events, ELK, sysmon, looking for PTH etc. But i'm afraid it probably only covers these topics at a surface level which would not help me that much. The course also looks really short, only 3 sections with one section full intro on things such as what is incident response, threat hunting, IOC, STIX. Basically introduction into what could be several courses (Threat Intelligence, Incident Response/Forensics, SIEM, Threat-hunting). Therefore it only covers surface level of these topics (like using redline). If it had just focused on threat-hunting and specific use cases i think it would have warranted the purchase. Only conceivable way would be 4 in a box promotion if i could get it covered in next year's training budget. On it's own i can't justify taking this course...
  • monkykapmonkykap Posts: 24Member ■□□□□□□□□□
    Here's a good resource to understand the Windows Event/SYSMON -> ELK stuff https://www.root9b.com/sites/default/files/whitepapers/R9B_blog_005_whitepaper_01.pdf

    Theres plenty of papers, posts on detecting the stuff listed in section 3.4. Section 2 is a bit vague but most everything else you can find.
  • vynxvynx Posts: 153Member ■■□□□□□□□□
    do you will take ptx also ?
    monkykap wrote: »
    Wanted to reallyicon_cheers.gif like this course since this is a super relevant skill and involves my day to day work (logging pipeline/threat hunting). But unfortunately i've already dug into some of these topics that concern threat hunting at scale such and Windows Events, ELK, sysmon, looking for PTH etc. But i'm afraid it probably only covers these topics at a surface level which would not help me that much. The course also looks really short, only 3 sections with one section full intro on things such as what is incident response, threat hunting, IOC, STIX. Basically introduction into what could be several courses (Threat Intelligence, Incident Response/Forensics, SIEM, Threat-hunting). Therefore it only covers surface level of these topics (like using redline). If it had just focused on threat-hunting and specific use cases i think it would have warranted the purchase. Only conceivable way would be 4 in a box promotion if i could get it covered in next year's training budget. On it's own i can't justify taking this course...
  • monkykapmonkykap Posts: 24Member ■□□□□□□□□□
    i have not taken either... these are just my opinion based on the syllabus and demo. While PTX sounds fun, no real value to me occupationally. the threat hunting course could provide some value to my daily work and goals so i am on the fence on taking it.
  • chopstickschopsticks Posts: 389Member
    To be back at this thread.
  • jamesleecolemanjamesleecoleman Posts: 1,899Member ■■■■■□□□□□
    Gosh if only I had the smarts, money and time to do this one. Looks really interesting but just a little too expensive.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • the_Grinchthe_Grinch Posts: 4,162Member ■■■■■■■■■■
    I'd say, based off of the syllabus, it is a very good introduction to threat hunting (maybe slightly more than an intro). Having worked with ELK I can tell you that having some sort of training on it for this work in particular is a Godsend. When we deployed it not very many were using it for such a purpose (even the company behind ELK were at a bit of the loss when we described our use case at their training). I'd say if you're looking to get into the threat hunting space (industry seems to be moving towards in for several years now) this would be a great start (especially with the open source focus).
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Posts: 485Member ■■■■■□□□□□
    I can't help but notice they are gradually increasing their prices with every course they roll out. Also, they have been putting a lot of content lately as well. Just my 2 cents but I wont be buying any of their material anytime soon. Especially since a lot of what their courses have to offer can easily be found online for free. Now I realize this is the case for a lot of things BUT there are some courses that you cant learn everything they have to offer by using google and I feel that a lot of their courses are able to be learned by googling.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • cyberguyprcyberguypr Senior Member Posts: 6,847Mod Mod
    McxRisley wrote: »
    ...lot of what their courses have to offer can easily be found online for free...

    Well, this applies to virtually everything that is not vendor-specific. SANS has made millions with this model so it definitely works and it's obvious there's tangible value with structured learning for many.
  • EnderWigginEnderWiggin Posts: 551Member ■■■■□□□□□□
    This course and PTX feel like they're both half courses... They don't really have enough content to stand on their own separately. If the two were combined together, then it would be a solid course, but alone? Neither is worth it... Especially not at a price that's higher than the rest of eLS courses.
  • vynxvynx Posts: 153Member ■■□□□□□□□□
    i also thinking similar with you, better become one course than two. unless they have plan to revise it/add more content in the future.
    This course and PTX feel like they're both half courses... They don't really have enough content to stand on their own separately. If the two were combined together, then it would be a solid course, but alone? Neither is worth it... Especially not at a price that's higher than the rest of eLS courses.
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Posts: 485Member ■■■■■□□□□□
    cyberguypr wrote: »
    Well, this applies to virtually everything that is not vendor-specific. SANS has made millions with this model so it definitely works and it's obvious there's tangible value with structured learning for many.

    If you read the rest of what I said, "Now I realize this is the case for a lot of things BUT there are some courses that you can't learn everything they have to offer by using google", I don't disagree with you. People take SANS training for the experience with the instructors and the unique stories and methods of learning things. eLS offers NONE OF THOSE THINGS and carries no weight in the industry as of right now either.

    EDIT: Apparently somebody doesn't like my opinions on eLS either. Thanks for the negative rep! (as if I care)
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • jamesleecolemanjamesleecoleman Posts: 1,899Member ■■■■■□□□□□
    McxRisley wrote: »
    If you read the rest of what I said, "Now I realize this is the case for a lot of things BUT there are some courses that you can't learn everything they have to offer by using google", I don't disagree with you. People take SANS training for the experience with the instructors and the unique stories and methods of learning things. eLS offers NONE OF THOSE THINGS and carries no weight in the industry as of right now either.

    EDIT: Apparently somebody doesn't like my opinions on eLS either. Thanks for the negative rep! (as if I care)

    What weight would you be talking about?

    There are some positions asking for the eCPPT but not a lot.
    There is some over lapping knowledge between what eLS provides along with other vendors.

    I'm a little confused as to where the 'no weight' came in from.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
Sign In or Register to comment.