Threat Hunting – Free & Affordable DFIR, OSINT, & Cybersecurity Training

Foundations of Threat Hunting (Picus Purple Academy)

DFIR Diva — Fri, 02 Aug 2024 02:46:57 +0000

Name & Direct Link: Foundations of Threat Hunting

Platform: Picus Purple Academy

Cost: Free

Topics:

Threat Hunting Fundamentals
Threat Hunting Loop
Create Hypothesis
Investigate via Tools & Techniques
Uncover New Patterns & TTPs
Inform & Enrich Analytics

Insider Threat Hunting: Detecting and Responding to Internal Security Risks (LinkedIn Learning)

DFIR Diva — Thu, 25 Jul 2024 02:51:45 +0000

Name & Direct Link: Insider Threat Hunting: Detecting and Responding to Internal Security Risks

Platform: LinkedIn Learning

Instructor: Mike Wylie

Cost: $39.99/month (includes all LinkedIn Learning courses)

Topics:

Insider Threat Hunting Framework
PRECEED Framework for Hunting Insider Threats
Hunting for Insider Threat Reconnaissance
Hunting for Insider Threat Pre-Exfiltration Evasion
Hunting for Insider Threat Data Collection
Hunting for Insider Threat Data Exfiltration
Hunting for Insider Threat Post-Exfiltration Evasion
Hunting Insider Threats in Email
Hunting Insider Threats in Cloud File Storage
User and Entity Behavior Analytics (UEBA)
Using AI to Hunt for Insider Threats

Threat Hunting Learning Path (Pluralsight)

DFIR Diva — Sun, 07 Apr 2024 05:33:09 +0000

Name & Affiliate Link*: Threat Hunting Learning Path

Platform: Pluralsight

Cost: $29/Month up to $499/Year

Proof of Completion: Yes – Badge and Certificate

Topics:

Threat Hunting: Hypothesize and Plan
Threat Hunting: Network Hunting
Threat Hunting: Endpoint Hunting
Threat Hunting: Review, Automate, and Improve
Specialized Hunts: Threat Hunting within Active Directory
Specialized Hunts: Threat Hunting within Mail Servers
Specialized Hunts: Threat Hunting withing Virtual Machines

Hands-On KQL Courses (Blu Raven)

DFIR Diva — Sat, 09 Mar 2024 04:10:19 +0000

Name & Direct Link: Hands-On KQL Courses

Platform: Blu Raven

Cost: Free – $546

Hands-On: Yes (uses a hyper-realistic lab environment)

Proof of Completion: Yes – Certificate of Completion

Courses and Topics:

Introduction to KQL for Security Analysis (Free – 50 seats are made available every week)

Introduction to Databases and Logging
KQL Fundamentals and Exploring Data
Searching and Filtering Data
Joining and Combining Datasets

Hands-On Kusto Query Language (KQL) for Security Analysts ($327)

Introduction to Databases and Logging
KQL Fundamentals and Exploring Data
Searching and Filtering Data
Creating and Manipulating Fields
Joining and Combining Datasets
Time Traveling within the Logs
Aggregating Data
Visualizing Data
Time Series Analysis
Using KQL for Triage and Investigations

Hands-On KQL for Threat Hunting and Detection Engineering ($546)

Introduction to Databases and Logging
KQL Fundamentals and Exploring Data
Searching and Filtering Data
Creating and Manipulating Fields
Joining and Combining Datasets
Time Traveling within the Logs
Aggregating Data
Anomaly Detection using KQL
Time Series Analysis
Visualizing Data

Cyber Threat Hunt 101 Series (Nothing Cyber)

DFIR Diva — Sat, 28 Oct 2023 03:24:28 +0000

Name & Direct Link: Cyber Threat Hunt 101 Series

Platform: YouTube

Cost: Free

Good for Beginners: Yes

Topics:

How Even the Best Defenses Sometimes Fail?
Cyber Attacks are Coming, Be Proactive
Threat Hunt vs. Detection – A Deep Dive!
Success Factors and Key Enablers
Core Skills for Hunters and Tips for Beginners!
70+ Tools, Techniques, and Resources

Threat Hunting for Beginners: Hunting Standard DLL-Injected C2 Implants (Faan Ross)

DFIR Diva — Wed, 18 Oct 2023 22:41:38 +0000

Name & Direct Link: Threat Hunting for Beginners: Hunting Standard DLL-Injected C2 Implants

Platform: Faan Ross

Cost: Free

Hands-On: Yes

Topics:

Setting Up Our Virtual Environment
Performing the Attack
Live Analysis – Native Windows Tools
Live Analysis – Process Hacker
Post-Mortem Forensics – Memory
Post-Mortem Forensics – Log Analysis
Post-Mortem Forensics – Traffic Analysis

Threat Hunting Professional Learning Path (INE)

DFIR Diva — Mon, 18 Oct 2021 05:34:38 +0000

Name & Partner Link*: Threat Hunting Professional Learning Path

Platform: INE

Cost: Premium – $749/Year (Includes access to all other learning paths)

Hands-On: There are hands-on labs with the Premium subscription.

Topics: Memory Forensics Using Redline, Volatility, and Other Tools, Network Traffic Analysis, Using Threat Intelligence to Hunt for Threats, Detecting Advanced Hacking Techniques, Using Tools Such as Powershell, ELK and Splunk to Analyze Windows Events and Detect Attacks

Community: There are INE Community Forums

Additional Information: The Threat Hunting Professional learning path prepares you for the eCTHPv2 certification. All plans include access to all courses on INE (Incident Response, Malware Analysis, Reverse Engineering, etc)

*DFIR Diva is a partner of INE and receives a small percentage of sales made through partner links that go toward keeping the site running.

The ThreatHunting Project

DFIR Diva — Thu, 07 Oct 2021 16:27:51 +0000

Name & Direct Link: The ThreatHunting Project

Topics: Threat Hunting Reading List, Threat Hunting Procedures

Threat Hunting with YARA (Pluralsight)

DFIR Diva — Sun, 03 Oct 2021 02:13:09 +0000

Name & Affiliate Link*: Threat Hunting with YARA

Platform: Pluralsight

Price: $29/Month, $299/Year or $499/Year

Topics: How Signature Detection Works, YARA Rules, Defining Patterns, Installing YARA, Setting up an Analysis Environment, Generating Rules with Yargen, Writing Detection Rules, Analyzing Memory Artifacts with YARA, Detecting Threats Across the Network

Practical Threat Hunting (Applied Network Defense)

DFIR Diva — Sat, 02 Oct 2021 04:35:24 +0000

Name & Direct Link: Practical Threat Hunting

Platform: Applied Network Defense

Price: $647

Hands-On: Yes

Topics: Hunting Frameworks, MITRE ATT&CK, Common Types of Anomalies, Effective Note Taking, ELK, Hands-On Threat Hunting Labs