About:
In this module of the training, the participants will learn how to conduct a full investigation
and how to define sets of rules and alarms to identify potential attacks. The participants will
face real-life scenarios based on top-notch case studies of national-level attacks.
Subjects covered:
• Splunk (as a SIEM system)
• Powershell fundamentals
• Powershell IR
• Eventlog analysis
• Sysmon
• IR Storytelling
• MFT analysis
• Memory Forensics
• IR Report
• Sandboxes
• Malware network footprint analysis
• Intro to dynamic malware analysis
• Combined analysis
• Yara rule