Just picked up ELS's Threat Hunting Course!

nebula105nebula105 Posts: 60Member ■■■□□□□□□□
Good day everyone!

I've been curious about what threat hunting really is; and I've been waiting for reviews on ELS's Threat Hunting course.


Looks like it isn't a popular course, but hey, I was inspired by supasecuritybro's thread so I took the dive and paid for the Full version.


Time to dig in, and hopefully I can complete this by Feb, as I'm scheduled to attend the SANS GCIH course in March 18.

If you're looking for mini reviews on this course, I'll (hopefully) be regularly posting my updates in this thread :D

Comments

  • supasecuritybrosupasecuritybro Posts: 206Member ■■■■□□□□□□
    Awesome sauce. I am excited to see what you thought of it as well.
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: eCPPT
    Continuous Education Plan:​ eCTHP (paused), CISM, OSCP, AWS
    Book/CBT/Study Material:​ CCSA R80.10
  • chrisonechrisone CISSP, eCPPT, CCNP RS, CCDP, CCNA SEC, LFCS Posts: 1,822Member ■■■■■■■■□□
    Awesome Nebula! Looking forward to reading your progress! eLearnSecurity has good content! They are a fast up and coming company!
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat,
    Certs: SLAE, Certified Red Team Professional - Pentester Academy (in progress), Certified Red Team Expert - Pentester Academy
  • nebula105nebula105 Posts: 60Member ■■■□□□□□□□
    Just breezed through Slides Modules 1 to 3, and these are my thoughts.

    1) First 2 deck of slides really talk a lot about Threat Hunting. They're a pretty alright introduction to threat hunting!

    2) 3rd module contains mentions of several reports from security vendors that "I should have read, but didn't". These reports either talk about recent attacker trends, or recent malware investigations. I've read some as they are in my news feeds, but I've missed out some. Could be very useful.


    I'm so tempted to skip reading the slides and dive straight into the tools but eh, I'll take it slow and steady to absorb all the information I can get icon_lol.gif


    Next up, module 4 (Threat Hunting Methodology) tonight, then some videos!
  • YuckTheFankeesYuckTheFankees Posts: 1,281Member ■■■■■□□□□□
    Looking forward to your full review!
  • nebula105nebula105 Posts: 60Member ■■■□□□□□□□
    Hey guys, just another update! I went through the first 3 videos of the Threat Hunting course and I've happy to say I've gained more knowledge again.

    I've seen YARA mentioned here and there, and have been tossed several IOCs (IPs, URLs, hashes) and YARA rules to "look out for and block them on our IPS/Firewall", but I've honestly never had the time to look up more about YARA rules; so I usually toss the YARA files aside.

    After going through the first 3 videos, I am ashamed, but happy to say that:

    1) I finally understand how YARA rules are created,
    2) Understand the purpose of YARA rules.

    I'm now moving on to the fourth video; using YARA Rules in Redline.


    To be fair, this can all be Google'd online or you can experiment it on your own. But it sure helps when you have an instructor to quickly walk you through!
  • nebula105nebula105 Posts: 60Member ■■■□□□□□□□
    Yet another update!

    So, Network Miner, Mandiant Redline, RSA Netwitness Investigator and some options in Wireshark that I never explored.

    A few days after I went through the videos, an incident occurred at my organization and I had the opportunity to use the above tools.

    Needless to say, it really, really helped me out in the incident; and it's been resolved :D.


    Slowly moving on to the Sysmon and ELK next!
  • KhohezionKhohezion Posts: 57Member ■■■□□□□□□□
    Keep up the updates! I bought the course too but not gonna work on it until later this year probably.
  • vynxvynx Posts: 153Member ■■□□□□□□□□
    someone have experience install elk stack on ubuntu 16.04 ?
    i try but got error logstash on port 5044 not running because error like cipher TLS not found ... any advise ?
  • _nessie__nessie_ Posts: 39Member ■■□□□□□□□□
    nebula105 wrote: »
    Good day everyone!

    I've been curious about what threat hunting really is; and I've been waiting for reviews on ELS's Threat Hunting course.


    Looks like it isn't a popular course ...

    TBH, you really couldn't expect a lot at the time of writing since it was released December 12th ;)
    I'm doing this one as well ATM ..
  • renzoncruzrenzoncruz Posts: 14Member ■□□□□□□□□□
    What's the update now? I'm very tempted to buy the course now.

    Is it good? I am now working as a threat hunter and this would be beneficial for me for sure.
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Posts: 331Member ■■■□□□□□□□
    nebula105 wrote: »
    Yet another update!

    So, Network Miner, Mandiant Redline, RSA Netwitness Investigator and some options in Wireshark that I never explored.

    A few days after I went through the videos, an incident occurred at my organization and I had the opportunity to use the above tools.

    Needless to say, it really, really helped me out in the incident; and it's been resolved :D.


    Slowly moving on to the Sysmon and ELK next!

    That is very interesting, something to consider. I am interested in updates, I want to know if this data can really be effectively be used to build a threat hunting capability within an organization, and importantly detect threats prior to a known incident.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • renzoncruzrenzoncruz Posts: 14Member ■□□□□□□□□□
    Hi there. Any update on your progress? I wanted to buy this course too so I'm looking for a good review if this is worth the price? Thank you.
  • nebula105nebula105 Posts: 60Member ■■■□□□□□□□
    Good day everyone!

    I've had to put this on pause, as I'm typing this from the SANS GCIH course!

    I will likely only be continuing this from the end of May onwards :/
  • renzoncruzrenzoncruz Posts: 14Member ■□□□□□□□□□
    No problem. GCIH is also a nice course specially if John Strand would be your live instructor. Let me know if you need any tips but I believe you can ace the exam even without any guidance from me. I am now working with CFR course and will take the exam next next week and will start my eJPT. After this, I'm planning to buy THP. Goodluck! :)
Sign In or Register to comment.