Hunt the Hacker

Periood: 2.0 päeva
Koolituse hinnastus


Training duration: 2 days of instruction, predominantly in the form of hands-on hunting labs.

Group size10 participants maximum

Target audience: Everybody who needs to know more about what threat hunting is, why it is necessary, what is required to start doing it, and how it should be done. Appropriate roles include: CISOs, Security Managers, SOC staffers, Incident Responders, Forensic Analysts and System Administrators.

Pre-requisites:To maximize value to the attendee, prior HOHE participation is highly recommended, but not mandatory.

Price: 2 days, 700 EUR +VAT

Next public training courses

Contents of the training

During the 2 days hands-on training experience the participants learn how to hunt hackers within our Windows 10 lab network, using a range of highly effective threat hunting technologies and techniques. Technologies used: Sysmon, the Elastic stack (formerly “ELK”), WinRM, PowerShell, YARA.


Trainers are James DoddTaavi Sonets.

James Dodd


Taavi Sonets


Training methods

The trainers engage participants with lectures, live demonstrations and Q&A sessions. Each participant spends the majority of their time performing a wide variety of hands-on hunts.

Intended outcome

Participants will understand what threat hunting is, be utterly convinced of the need for it, know what infrastructure is required to facilitate it, and be able to start doing it with confidence within their own organizations.

Training environment

The training environment is a remotely accessed lab that can be used by participants anywhere in the world as long as VPN connection via decent Internet connectivity is viable. The hunting lab is hosted on Clarified Security's own virtualized infrastructure. Each student has their own account on the shared environment, made up of a Windows domain plus threat hunting infrastructure.

Technical requirements for the training

  1. Good Internet connection - at least 10Mbps download speed via a network cable (RJ45 connector) for connecting the classroom to the training server in Tallinn, via our VPN device. The VPN device just needs to get an IP address via DHCP and have outgoing IPSEC traffic enabled to our training environment IP addresses. The participants will be using a web browser and an RDP client to connect to computers and services within the training environment via this VPN connection.

  2. Participants' computers - any computer or laptop with any Operating System will do, as long as a Windows RDP compatible client is installed. The customer is expected to provide the LAN (switch + cables + power jacks) that can be connected to our VPN device that supplies IP addresses via DHCP. In case of laptops, we can provide our own WiFi Access Point for creating a LAN. Minimum 1024x768 monitor resolution is recommended.

  3. Video projector and large screen - so that command line activity is also easy to follow from the back row.

Soovite lisada enda koolituse või sündmuse keskkonda?

Võta ühendust!