Malicious execution is getting harder to detect. As adversaries work to blend in with legitimate activity, threat hunters need sharper techniques and a stronger understanding of behavior to uncover what traditional detection misses. This Level 2 workshop is designed for those ready to go beyond the basics and take on more complex hunting challenges.
Building on Intel 471’s Level 1 Execution workshop, this session focuses on deeper behavioral understanding and more advanced hunting techniques. You’ll examine how adversaries disguise malicious execution across PowerShell, LOLBins, macro payloads, and scheduled tasks, and apply structured methods to find them. Backed by threat intelligence and real-world telemetry, this interactive session will challenge your process, sharpen your approach, and help you uncover what others miss.
What to Expect:
- Live, interactive training: Investigate execution behaviors using realistic data and scenarios based on real attacker activity.
- Refined methodology: Apply advanced techniques for identifying subtle patterns and mapping behaviors to adversary goals.
- Intelligence in context: Use threat intel to support hypothesis-driven hunting and validate behaviors in context.
- Certification and tools: Complete the Execution challenge to earn your “Threat Hunting – Execution (Level 2)” badge, plus access resources to support your future hunts.
While this workshop builds on the foundation established in our Level 1 Execution workshop, completing that session is not required. However, you can revisit the Level 1 version of this workshop here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-execution
Meet Your Instructors
Lee Archinal
Senior Threat Hunt Analyst, Intel 471
Lee is a U.S. Army veteran. While enlisted, he worked as a network administrator in diverse conditions. Since leaving the military, he has specialized in threat hunting and incident response. At Intel 471, Lee is responsible for developing cutting-edge hunting and detection content for the HUNTER platform.
Jorge Rodriguez
Director of Malware, Intel 471
As the director of the malware research team within the Intel 471 Malware Intelligence team, Jorge dissects malware internals and communication protocols to automate malware tracking. This approach enables real-time detection and tracking capabilities by uncovering full malware configurations, plugins, and commands as they unfold.
Attend the Workshop
