Train On-Demand
Choose the training you want from 18,000+ videos of instructor-led content. Watch anywhere.
Learn MoreThreat Hunting: Hunting the Endpoint & Endpoint Analysis
What about this course?
In this course, you will dive into the workstation. You will be introduced to the Windows OS where you will learn how to detect what’s in plain sight, and whether it is normal or potentially malicious. Also introduced are techniques on how to track malicious behavior on the endpoint/s through lateral movement and how to use certain tools to assist you with this task across thousands of endpoints. You will learn to detect Mimikatz, malicious macros, code injection, Kerberos attacks and more, using various detection methods. Finally, you will also get familiar with how malware operates and how you can detect their operations in memory. During endpoint hunting, you will leverage numerous endpoint detection solutions as well as popular SIEM such as Splunk and the ELK stack. This course is part of the Threat Hunting Professional Learning path which prepares you for the eCTHPv2 exam and certification.
Duration
14 hours
Difficulty
professional
INE's world-class IT trainingInstructor for this course
Slavi Parpulev
eCTHP, eCPTX, OSCE, OSCP, GCFA, AZ-500, Microsoft INF260x
This course is composed by the following modules
INE's world-class IT training
Module 1
Introduction to Endpoint Hunting1 iframe
Introduction to Endpoint Hunting - Study Guide
Module 2
Malware Overview1 iframe
Malware Overview - Study Guide
Module 3
Hunting Malware1 iframe, 4 videos, 7 labs
Hunting Malware - Study Guide
Redline: Create Standard Collector
Redline: Basic Usage
Redline: Create Analysis File
Redline: Detecting Code Injection
Hunting in Memory Lab 1
Hunting in Memory Lab 2
Hunting for Process Injection & Proactive API Monitoring
Advanced Endpoint Hunting Lab 1
Advanced Endpoint Hunting Lab 2
Hunting Malware Part 1
Hunting Malware Part 2
Module 4
Event IDs, Logging, & SIEMs1 iframe, 11 videos, 12 labs
Event IDs, Logging, & SIEMs - Study Guide
Introduction to Sysmon
Hunting Code Injections with Sysmon
Hunting Mimikatz with Sysmon
Hunting Macros with Sysmon
Introduction to ELK
Creating Visualizations in ELK
ELK Hunting: Keylogger and Remote Threads
ELK Hunting: Macros
ELK Hunting: Mimikatz
ELK Hunting: Invoke Mimikatz
Threat Hunting with ELK
Hunting Responder
Hunting .Net Malware Lab 1
Hunting .Net Malware Lab 2
Hunting for WMI Abuse, Parent Process Spoofing & Access Token Theft
Hunting with ELK Lab 1
Hunting with ELK Lab 2
Hunting with ELK Lab 3
Hunting with Splunk Lab 1
Hunting with Splunk Lab 2
Hunting with Splunk Lab 3
Hunting with Splunk Lab 4
Hunting with Splunk Lab 5
Module 5
Hunting with PowerShell1 iframe, 1 lab
Hunting with PowerShell - Study Guide
Hunting at Scale with Osquery
Nail Your Next Project
Take your technical training into your own hands and stay engaged with our learn-by-doing platform where you can put your skills to the test with hands-on exercises, quizzes, and labs.
Get Hands-On
INE quizzes, labs, projects, and exercises help reinforce your knowledge.
Learn MoreLearning Paths
Organized training helps guide you through the most relevant subjects for certification prep.
Learn MoreAccess to All Courses & Updates
We add new courses and learning materials to the platform weekly so you're always up-to-date.
Learn MoreCommon Course Questions
If you have a question you don’t see on this list, please visit our Frequently Asked Questions page by clicking the button below.
If you’d prefer getting in touch with one of our experts, we encourage you to call one of the numbers above or fill out our contact form.
Do you offer training for all student levels?
