Practical Threat Hunting


Practical Threat Hunting is a foundational course that will teach you how to approach threat hunting using a proven, structured, repeatable framework. I created this course to help people figure out what to hunt for, where to find it, and how to look for it.

Practical Threat Hunting is the course that will teach you to hunt in a way that will never leave you at a shortage of places to start or techniques to manipulate data to spot anomalies. You’ll build skills through a series of expert-led lectures, scenario-based demonstrations, and hands-on lab exercises. Through a combination of theory and application, you’ll learn the basics of threat hunting and apply them to your network immediately.

Practical Threat Hunting is for you if

  • You’ve ever sat at a screen feeling paralyzed by not knowing what to look for next.
  • You’ve always wanted to be able to find evil on your network without alerts, but don’t know how to approach it.
  • You struggle to dissect attacks and derive hunting strategies from them.
  • You have a mountain of data at your disposal but don’t know which techniques are best suited for gaining the necessary perspective over it to spot anomalies.
  • You want to add threat hunting capabilities to your security team but don’t know how to get buy-in from management or prove just how valuable it can be.
  • You’re tired of being told hunting is as simple as “knowing what’s normal so you can spot evil” — there’s more to it than that!




Original Price: $647
Our Price: $10


Size: 5.42 GB

Practical Threat Hunting includes:

  • Over 15 hours of demonstration videos. These videos will break down the concepts and skills you need to become an effective threat hunter.
  • Hands-on labs to help you develop and test your skills. You’ll complete hunting labs using an ELK-based virtual machine we’ve loaded with log data representing several real-world scenarios. Not familiar with ELK? Don’t worry, I’ve provided a short primer video to get you started and you can also watch videos of me working through the labs. I’ve also provided all the raw log data so you can work with it on the command line, or import it into your analysis tool of choice.
  • Access to My Hunting Vault. I’ve compiled all the hunting expeditions mentioned in the course (along with several others) into PDF files you can use to reference as you’re hunting in your network. I’ve also included a wealth of additional information in PDF form, including a curated list of my favorite threat hunting tools and Twitter follows for hunting inspiration.
  • Membership in our exclusive students-only learning community. In our discourse-powered forum, you can ask questions, share hunting strategies, view community investigation playbooks, participate in our virtual reading group, learn about upcoming courses, network with other students, and communicate directly with AND course authors. I also post short blog entries here that don’t appear on my public blog.
  • Participation in our student charitable profit sharing program. A few times a year we designate a portion of our proceeds for charitable causes. AND students get to take part in nominating charities that are important to them to receive these donations.

You’ll learn:

  • Two hunting frameworks: Attack-Based Hunting (ABH) and Data-Based Hunting (DBH)
  • Techniques for leveraging threat intelligence and the MITRE ATT&CK framework for hunting input
  • The 9 most common types of anomalies you’ll encounter when reviewing evidence.
  • The 4 ways threat hunters most commonly transform data to spot anomalies
  • Typical staffing models for hunting capabilities in organizations of all sizes along with pros/cons
  • 5 metrics that support and enable threat hunting operations
  • My two-step system for effective note taking while hunting (and how to transition those notes to longer-term storage for easy searching)
  • An ideal design for a hunter’s wiki/knowledgebase
  • A 5-step framework for dissecting and simulating attacks to prepare for hunting expeditions

You’ll also receive:

  • A list of my favorite hunting data sources and tools
  • A curated list of hunting expeditions to get you started
  • A list of my favorite Twitter follows for daily threat hunting input

Practical Threat Hunting will teach you how to become an effective threat hunter regardless of the toolset by focusing on the habits and techniques used by experts.