Training
In collaboration with Wijin Academy training organization, we proposed a Threat Investigation class, Qualiopi certified.
In today’s rapidly evolving cyber landscape, the ability to effectively investigate threats is paramount. This training program is designed to equip participants with the necessary skills and methodologies to conduct comprehensive threat investigations.
What they say
L2 Analyst
"The training on the Defants vSIRT Platform was great! The hands-on experience was invaluable, and the simulated scenarios made learning practical and engaging."
Incident Response Team Member
"The platform's automation features were impressive, and the collaborative environment encouraged active participation."
Incident Response Lead
"Training made by professionals, for professionals, and immediately operational"
Threat Investigation Training Overview
Data Collection
Participants are introduced to diverse strategies for data collection, with emphasis on key terms such as artifacts and collections. We identify artifacts of interest and explore tools like Kape through practical demonstrations to gather these artifacts effectively.
Artifact Analysis
Central to threat investigation is the analysis of artifacts. We delve into the chronological and semantic aspects of artifacts, examining technical and chronological elements. Practical exercises include analyzing event logs from Windows systems to extract meaningful insights.
Threat Investigation Methodology
This section covers different strategies for threat investigation, documentation methods, and timeline creation techniques, including super timeline and meta timeline concepts. We explore prominent frameworks such as MITRE ATT&CK, Unified Cyber Kill Chain, and practical exercises to apply these strategies effectively.
Report Writing Methodology
Effective communication of findings is essential. We present the fundamental components of a comprehensive report and share best practices for clear and concise reporting.
Practical Case Study
Participants apply their knowledge and skills to a practical case study involving a dataset. Through hands-on investigation, they propose and refine solutions, culminating in the presentation of results and a discussion on refining investigative techniques.
This training provides a holistic understanding of threat investigation, empowering participants to navigate the complexities of cyber threats with confidence and proficiency.
Training on the Defants AIR
Hands-on Experience
Participants can gain practical experience by conducting threat investigations directly within the Defants AIR. This hands-on approach allows them to familiarize themselves with the platform’s interface, tools, and functionalities in a controlled environment.
Integration with Real-world Data
The training can utilize real-world threat data or simulated scenarios within the Defants AIR, providing participants with authentic learning experiences. This integration enables them to apply their knowledge and skills to realistic situations, enhancing their understanding of threat investigation processes.
Efficiency and Automation
The Defants AIR streamlines and automates various aspects of threat investigation, such as data collection, analysis, and reporting. Training on the platform familiarizes participants with these automated processes, enabling them to leverage technology to enhance the efficiency and effectiveness of their investigations.
Collaboration and Communication
The platform facilitates collaboration and communication among participants and instructors during training sessions. Features such as real-time chat, collaborative analysis tools, and shared dashboards allow for seamless interaction and knowledge sharing, fostering a collaborative learning environment.