Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD) - Lab Topology
Lab Topology
- Categorize Threats with MITRE ATTACK Tactics and Techniques
- Compare Techniques Used by Different APTs with MITRE ATTACK Navigator
- Model Threats Using MITRE ATTACK and D3FEND
- Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain
- Determine the Priority Level of Attacks Using MITRE CAPEC
- Explore the TaHiTI Methodology
- Perform Threat Analysis Searches Using OSINT
- Attribute Threats to Adversary Groups and Software with MITRE ATTACK
- Emulate Adversaries with MITRE Caldera
- Find Evidence of Compromise Using Native Windows Tools
- Hunt for Suspicious Activities Using Open-Source Tools and SIEM
- Capturing of Network Traffic
- Extraction of IOC from Network Packets
- Usage of ELK Stack for Hunting Large Volumes of Network Data
- Analyzing Windows Event Logs and Mapping Them with MITRE Matrix
- Endpoint Data Acquisition
- Inspect Endpoints with PowerShell
- Perform Memory Forensics with Velociraptor
- Detect Malicious Processes on Endpoints
- Identify Suspicious Files Using Threat Analysis
- Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk
- Conduct Threat Hunt Using Cisco XDR Control Center and Investigate
- Initiate, Conduct, and Conclude a Threat Hunt