The course aims to teach learners how to use the ArTHIR framework for remote threat hunting, incident response, and other activities on Windows systems. By utilizing built-in PowerShell and Windows Remote Management, participants will be able to push and execute binaries remotely and analyze the output. The main goal is to map threat hunting and incident response modules to the MITRE ATT&CK Framework, identifying capabilities and areas for improvement. Participants will learn how to contribute to the open-source project on GitHub, build modules, and collaborate with others. The course is designed for individuals interested in cybersecurity, threat hunting, incident response, and Windows system administration.
ARTHIR - ATT&CK Remote Threat Hunting Incident Response Windows Tool
Overview
Syllabus
ARTHIR: ATT&CK Remote Threat Hunting Incident Response Windows Tool by Michael Gough [OSDFCon 2021]
Taught by
BasisTech
Related Courses
-
Advanced Threat Hunting and Incident Response
-
Threat Hunting with Windows Event Forwarding
-
Threat Hunting - Using MITRE ATT&CK Against Carbanak Malware
-
Don't Boil the Ocean - Using MITRE ATT&CK to Guide Hunting Activity
3.0 -
Introduction to ATT&CK Framework for Risk Managers and Threat Analysts
-
The Marriage of Threat Intelligence and Incident Response or Threat Hunting for the Rest of Us
