A Beginner's Guide To Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs

This course is designed to provide the students with hands-on experience in behavioral threat hunting. This includes covering common models and how they relate to threat hunting, how to operationalize an intel report focusing on tactics, techniques, and procedures (TTPs), how to leverage intelligence to initiate and conduct a hunt, data pivoting from initial query to results, proper documentation techniques to compile and organize findings in a repeatable manner. The culmination of this process will be a series of simulated attack chains using real world adversary TTPs, broken down into two phases: crawling and walking.


The crawl phase will provide students with the opportunity to go hands-on with the data in a step-by-step hunting tutorial. This practical session will allow students to experience threat hunting in a structured and controlled manner, and allow them to practice the topics that were covered.


The walk phase will see students break off into small SOC teams for an activity that will put all of their practical knowledge to the test.