DE&TH: Windows

Course Description

Acquire the essential skills to become a valuable asset in a detection engineering program. Our aim is not to teach you the basics of Cybersecurity, but rather to delve deeper into those concepts. From mastering regular expressions and analyzing log files to creating powerful detections, we will guide you every step of the way.

Building upon the foundations laid in the first half, you will become an indispensable member of a detection engineering program. From research, to threat emulation, detection and response. We've got you covered!

Discover why these skills are crucial for a seasoned detection engineer and learn how to seamlessly integrate them into a Detection-as-Code pipeline.

Learning Modules

Develop the skills for cybersecurity threat detection and analysis over 9 modules, learning how to create sophisticated detection strategies for a wide range of cyber threats, both in network traffic and endpoint security. 

• Detection as Code

  • Master the use of Git and Github to manage, maintain, and curate a custom repository of detection content.

• Regular Expressions (Regex)

  • Learn how to use Regular Expressions to identify threats or suspicious activity

  • Access large datasets utilizing complex matching requirements.

• Snort Network Detection

  • Utilize Snort to craft targeted detections against network-based attacks. Uncover the power of a layered detection strategy which includes network, file, process and log data.

• YARA File Detection

  • “Yara is to files what Snort is to network traffic.”

  • Learn Yara  to create detection logic for both endpoint from basic to advanced concepts.

  • You’ll discover tools such as: Strings, FLOSS, HxD, Ghidra and more.

• Sigma Detection

  • Gain knowledge of the creation and implementation of “universal” Sigma detection rules.

  • Learn how to convert rules and write your own conversion backend for customized datasets.

  • You’ll discover tools such as: Visual Studio Code, pySigma, and Sigma CLI.

• Tuning and Optimization

  • Familiarize yourself with industry frameworks and learn the difference between detection logic utilizing indicators of compromise or behaviors.

  • Begin creating detections based on a sound methodology and guidelines - starting simple and moving to advanced.

  • Learn how to document the “metadata” for your logic, including investigation and incident response steps.

  • You’ll discover frameworks such as: Pyramid of Pain, Cyber Kill Chain, and MITRE ATT&CK.

• Proactive Detection Engineering

  • Learn how to move beyond reacting to intrusions and how to get ahead of the curve. 
    
  • Utilize intelligence and threat hunting techniques to research and define strategies to detect a wide array of threats.
    
  • Learn core concepts around sound detection and hunt strategies to empower your detection skills and program effectiveness.

• Continuous Integration and Development

  • Configure and deploy a scalable CI/CD pipeline to test, validate, and deploy your detection content to a live SIEM.

   

• Adversary Research and Emulation

  • Research, hunt, and detect a myriad of threats through various challenges. 

  • Fuse intelligence into your hunt strategy to identify and detect malicious TTPs in your environment.
  • Conduct proactive adversary emulation tests to evaluate your visibility and detection gaps to prepare for a possible intrusion.