Day 1 begins with an instructor-led introduction to basic threat hunting tools and methodologies. Students will gain experience detecting and scoping intrusions by gathering intelligence and classifying attacker activities leveraging the MITRE ATT&CK framework. The Day 1 intrusion scenario will focus on the most common attacker goals such as initial access, execution, persistence, and lateral movement. An instructor is present to guide students throughout the scenario and an end-of-day debrief will provide students an attacker and defender perspective of the intrusion.
Day 2 will focus on detection of combined, advanced adversary tactics such as those backed by nation-states, financially-motivated (FIN & Spiders), and disruptive/destructive groups. Students will gain experience with advanced post-compromise techniques for credential theft, data tampering/staging/exfiltration, custom malware, and more. An instructor is present to guide students throughout the scenario and an end-of-day debrief will provide students an attacker and defender perspective of the intrusion.
By the end of the NDR Essentials, students will have practiced detection capabilities, tools for incident tracking, collaboration and enrichment, and a new approach to hunt evil in their networks.
Range Days give students hands-on experience with significant threat groups and attacker techniques in an open, more autonomous format. Our live enterprise network enables students to hunt within a complex multi-user environment, coordinate as a team, and systematically assess efforts.
The day starts with a threat intelligence brief and/or a SOC alert to provide a starting point for students to begin hunting and responding to incidents throughout the environment. The rest of the day is a blend of adversary hunting, investigative build-out, and personal dissections of observed activity.
Instructors are available for support and provide detailed after actions and assessment at the end of the day. This course is intended to be an "open play" style event, where students have an opportunity to gain individual experience hunting and exploring specific scenarios, in a self-directed format.
By the end of a NDR Range Day, students will have gained additional experience in specific components of threat hunting and incident response. They will leave the course with practiced detection capabilities, tools for incident tracking, collaboration and enrichment, and new approaches to hunt evil in their networks.
Range days are provided for students who have previously participated in an Essentials, Operations, or Core course. If you have previously attended, or are attending one of these courses, and would like register for a range day, please contact us and we will provide you a registration link.