c-Watch 2020: Cyber Threat Hunting and Analysis Training

A three-week intensive on cyber threat analysis and cyber threat intelligence formulation.  Students will gain foundational knowledge, tradecraft knowledge and hands-on experience with important leading edge tools for cyber threat hunting and analysis. The intensive is followed up with a one-week Capstone where students are given the opportunity to engage in a daily intelligence collection and analysis operation.  Students that meet the participation and engagement requirements are then given the opportunity to join the CrowdWatch, a cadre’ of trained cyber threat analysts performing contract services to ISACs, ISAOs, government agencies and private companies. 

Course Information

Estimated Time: Three weeks, plus a one-week capstone.

Difficulty: Intermediate

Categories:

Tags:

Course Instructors

Jane Ginn Jane Ginn Author
Nick Sturgeon Nick Sturgeon Author
Stephen Campbell Stephen Campbell Author
Doug DePeppe Doug DePeppe Author
Kyle Kweder Kyle Kweder Author
Ben Baran Ben Baran Author
Christopher Robinson Christopher Robinson Author

Fundamentals of Cyber Threat Hunting

Protected: W1-D1: Course Overview
Protected: W1-D2: Introduction to Cyber Threat Hunting
Protected: W1-D3: Collaborative Workshop 1
Protected: W1-D4: Tools Training: MX Toolbox & URLscan.io
Protected: W1-D5: Tools Training: Kali Linux & GTI Overview

The Cyber Threat Analysis Ecosystem

Protected: W2-D1: Digital Forensics & Passive DNS Panel Discussion 
Protected: W2-D2: Intelligence Analysis Frameworks

Today’s lesson is aimed at introducing the student to several concepts that have evolved to tell the story of how to hunt, what to look for, how to classify your findings, and finally how to communicate these findings to your stakeholders. 
Protected: W2-D3: Collaborative Workshop 2
Protected: W2-D4: Tools Training: TRUSTAR
Protected: W2-D5: Tools Training: Hybrid Analysis

Forming Cyber Threat Intelligence

Protected: W3-D1: Social Media Threat Hunting
Protected: W3-D2: Network Traffic Analysis & ATT&CK Framework  
Protected: W3-D3: Collaborative Workshop 3
Protected: W3-D4: Tools Training: Spiderfoot, Gephi, Social Bearing & TweetDeck  
Protected: W3-D5: Tools Training: ATT&CK Exercise & Security Onion, GTI Deep Dive 

Capstone

Protected: W4-D1: Legal Dimensions / Lawfare
Protected: W4-D2: Operations Day 1
Protected: W4-D3: Operations Day 2
Protected: W4-D4: Operations Day 3
Protected: W4-D5: Hot Wash