Overview
The course aims to teach learners how to use the ArTHIR framework for remote threat hunting, incident response, and other activities on Windows systems. By utilizing built-in PowerShell and Windows Remote Management, participants will be able to push and execute binaries remotely and analyze the output. The main goal is to map threat hunting and incident response modules to the MITRE ATT&CK Framework, identifying capabilities and areas for improvement. Participants will learn how to contribute to the open-source project on GitHub, build modules, and collaborate with others. The course is designed for individuals interested in cybersecurity, threat hunting, incident response, and Windows system administration.
Syllabus
ARTHIR: ATT&CK Remote Threat Hunting Incident Response Windows Tool by Michael Gough [OSDFCon 2021]
Taught by
BasisTech