SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics (PDF-VID-LAB)


Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems. The key is to constantly look for attacks that get past security systems, and to catch intrusions in progress, rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is known as “threat hunting” . FOR508 teaches advanced skills to hunt, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivists.




Original Price: $7,020
Our Price: $50


    Size: 174 GB

    What You Will Learn


    FOR508: Advanced Incident Response and Threat Hunting Course will help you to:

    • Detect how and when a breach occurred
    • Identify compromised and affected systems
    • Perform damage assessments and determine what was stolen or changed
    • Contain and remediate incidents
    • Develop key sources of threat intelligence
    • Hunt down additional breaches using knowledge of the adversary

    Who Should Attend

    • Incident Response Team Members who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across endpoints in the enterprise.
    • Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and counter their tradecraft.
    • SOC Analysts looking to better understand alerts, build the skills necessary to triage events, and fully leverage advanced endpoint detection and response (EDR) capabilities.
    • Experienced Digital Forensic Analysts who want to consolidate and expand their understanding of memory and timeline forensics, investigation of technically advanced individuals, incident response tactics, and advanced intrusion investigations.
    • Information Security Professionals who directly support and aid in responding to data breach incidents and intrusions.
    • Federal Agents and Law Enforcement Professionals who want to master advanced intrusion investigations and incident response, and expand their investigative skills beyond traditional host-based digital forensics.
    • Red Team Members, Penetration Testers, and Exploit Developers who want to learn how their opponents can identify their actions, how common mistakes can compromise operations on remote systems, and how to avoid those mistakes. This course covers remote system forensics and data collection techniques that can be easily integrated into post-exploit operating procedures and exploit- testing batteries.