Shifting the Focus: From Static IOCs to Dynamic Adversary Behaviors
This four-hour workshop equips veteran threat hunters, SOC analysts, and cybersecurity professionals with the skills to move beyond traditional indicators of compromise (IOCs) and focus on behaviors and tactics, techniques, and procedures (TTPs). Through a combination of foundational instruction and hands-on exercises, attendees will gain a structured approach to identifying, investigating, and responding to threats.
The workshop begins with a lecture covering key cybersecurity models, including the Pyramid of Pain, Lockheed Martin Cyber Kill Chain, Unified Kill Chain, and MITRE ATT&CK Framework. Participants will explore common threat-hunting tools and methodologies before breaking down the six-phase threat-hunting process, with a focus on practical application.
In the hands-on lab, attendees will apply these concepts by operationalizing an intelligence report, forming hypotheses, and conducting a structured hunt. They will execute queries, pivot through data to build context, and identify relationships between events. The session concludes with guidance on documenting and presenting findings effectively.
Key Takeaways:
- Understand core cybersecurity models and their role in threat hunting.
- Learn how to operationalize threat intelligence and develop hypotheses.
- Gain hands-on experience executing and refining hunt queries.
- Identify and analyze adversary behaviors through structured methodologies.
- Improve documentation and reporting techniques for threat-hunting investigations.
This interactive workshop provides both the theoretical foundation and technical skills necessary to improve threat-hunting capabilities and uncover adversary behaviors more effectively.
Earn Your Threat Hunting – Foundational Badge
After the workshop, attendees can complete a final challenge to earn the Threat Hunting – Foundational Badge, recognizing their ability to apply core threat-hunting concepts. The challenge reinforces key skills, including hypothesis-driven hunting, executing queries, analyzing adversary behaviors, and documenting findings. Successfully completing it demonstrates proficiency in behavioral analysis and structured threat detection.
Threat Hunting Foundations Workshop: Moving Beyond IOCs to Behaviors and TTPs
