Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD) - Lab Topology

 

Lab Topology

  • Categorize Threats with MITRE ATTACK Tactics and Techniques
  • Compare Techniques Used by Different APTs with MITRE ATTACK Navigator
  • Model Threats Using MITRE ATTACK and D3FEND
  • Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain
  • Determine the Priority Level of Attacks Using MITRE CAPEC
  • Explore the TaHiTI Methodology
  • Perform Threat Analysis Searches Using OSINT
  • Attribute Threats to Adversary Groups and Software with MITRE ATTACK
  • Emulate Adversaries with MITRE Caldera
  • Find Evidence of Compromise Using Native Windows Tools
  • Hunt for Suspicious Activities Using Open-Source Tools and SIEM
  • Capturing of Network Traffic
  • Extraction of IOC from Network Packets
  • Usage of ELK Stack for Hunting Large Volumes of Network Data
  • Analyzing Windows Event Logs and Mapping Them with MITRE Matrix
  • Endpoint Data Acquisition
  • Inspect Endpoints with PowerShell
  • Perform Memory Forensics with Velociraptor
  • Detect Malicious Processes on Endpoints
  • Identify Suspicious Files Using Threat Analysis
  • Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk
  • Conduct Threat Hunt Using Cisco XDR Control Center and Investigate
  • Initiate, Conduct, and Conclude a Threat Hunt