Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks

(CYATTK-CLOUD.AE1)/ISBN:978-1-64459-379-0

This course includes
Lessons
TestPrep
Hands-On Labs
AI Tutor (Add-on)

Threat hunting is a critical focus area to increase the cybersecurity posture of any organization. The contents of the course are prepared to serve business decision-makers like board members, CXOs, and CISOs, as well as a technical audience. Business users will find the technology-agnostic cloud threat-hunting methodology framework valuable to manage their cybersecurity risks. This course addresses Microsoft Azure and AWS side by side. It contains assessment questions, interactive lessons with knowledge checks and quizzes, and hands-on labs to understand the threat-hunting framework in cybersecurity.

Lessons

17+ Lessons | 151+ Exercises | 88+ Quizzes | 82+ Flashcards | 82+ Glossary of terms

TestPrep

50+ Pre Assessment Questions | 50+ Post Assessment Questions |

Hands-On Labs

15+ LiveLab | 15+ Video tutorials | 43+ Minutes

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • What Does This Course Cover?
  • Additional Resources

Lessons 2: Introduction to Threat Hunting

  • The Rise of Cybercrime
  • What Is Threat Hunting?
  • The Key Cyberthreats and Threat Actors
  • The Necessity of Threat Hunting
  • Threat Modeling
  • Threat-Hunting Maturity Model
  • Human Elements of Threat Hunting
  • Summary

Lessons 3: Modern Approach to Multi-Cloud Threat Hunting

  • Multi-Cloud Threat Hunting
  • Building Blocks for the Security Operations Center
  • Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC
  • Cyber Resiliency and Organizational Culture
  • Skillsets Required for Threat Hunting
  • Threat-Hunting Process and Procedures
  • Metrics for Assessing the Effectiveness of Threat Hunting
  • Threat-Hunting Program Effectiveness
  • Summary

Lessons 4: Exploration of MITRE Key Attack Vectors

  • Understanding MITRE ATT&CK
  • Threat Hunting Using Five Common Tactics
  • Other Methodologies and Key Threat-Hunting Tools to Combat Attack Vectors
  • Analysis Tools
  • Summary

Lessons 5: Microsoft Azure Cloud Threat Prevention Framework

  • Introduction to Microsoft Security
  • Understanding the Shared Responsibility Model
  • Microsoft Services for Cloud Security Posture Management and Logging/Monitoring
  • Using Microsoft Secure and Protect Features
  • Microsoft Detect Services
  • Detecting  “Privilege Escalation”  TTPs
  • Detecting Credential Access
  • Detecting Lateral Movement
  • Detecting Command and Control
  • Detecting Data Exfiltration
  • Microsoft Investigate, Response, and Recover Features
  • Using Machine Learning and Artificial Intelligence in Threat Response
  • Summary

Lessons 6: Microsoft Cybersecurity Reference Architecture and Capability Map

  • Introduction
  • Microsoft Security Architecture versus the NIST Cybersecurity Framework (CSF)
  • Microsoft Security Architecture
  • Using the Microsoft Reference Architecture
  • Understanding the Security Operations Solutions
  • Understanding the People Security Solutions
  • Summary

Lessons 7: AWS Cloud Threat Prevention Framework

  • Introduction to AWS Well-Architected Framework
  • AWS Services for Monitoring, Logging, and Alerting
  • AWS Protect Features
  • AWS Detection Features
  • How Do You Detect Privilege Escalation?
  • How Do You Detect Credential Access?
  • How Do You Detect Lateral Movement?
  • How Do You Detect Command and Control?
  • How Do You Detect Data Exfiltration?
  • How Do You Handle Response and Recover?
  • Summary
  • References

Lessons 8: AWS Reference Architecture

  • AWS Security Framework Overview
  • AWS Reference Architecture
  • Summary

Lessons 9: Threat Hunting in Other Cloud Providers

  • The Google Cloud Platform
  • The IBM Cloud
  • Oracle Cloud Infrastructure Security
  • The Alibaba Cloud
  • Summary
  • References

Lessons 10: The Future of Threat Hunting

  • Artificial Intelligence and Machine Learning
  • Advances in Quantum Computing
  • Advances in IoT and Their Impact
  • Operational Technology (OT)
  • Blockchain
  • Threat Hunting as a Service
  • The Evolution of the Threat-Hunting Tool
  • Potential Regulatory Guidance
  • Summary
  • References

Lessons 11: APPENDIX A: MITRE ATT&CK Tactics

Lessons 12: APPENDIX B: Privilege Escalation

Lessons 13: APPENDIX C: Credential Access

Lessons 14: APPENDIX D: Lateral Movement

Lessons 15: APPENDIX E: Command and Control

Lessons 16: APPENDIX F: Data Exfiltration

Lessons 17: APPENDIX G: MITRE Cloud Matrix

  • Initial Access
  • Persistence
  • Privilege Escalation
  • Defense Evasion
  • Credential Access
  • Discovery
  • Lateral Movement
  • Collection
  • Data Exfiltration
  • Impact

Hands-on LAB Activities

Introduction to Threat Hunting

  • Performing a Phishing Attack

Exploration of MITRE Key Attack Vectors

  • Performing Local Privilege Escalation
  • Enabling and Disabling GuardDuty
  • Creating a CloudWatch Dashboard

Microsoft Azure Cloud Threat Prevention Framework

  • Creating a Service Bus
  • Deploying an Azure Firewall
  • Creating an Azure Front Door

AWS Cloud Threat Prevention Framework

  • Creating VPC Flow Logs
  • Creating CloudTrail
  • Examining Macie
  • Creating a Rule in Amazon EventBridge
  • Creating a Lambda Function
  • Creating an Amazon SNS Topic

AWS Reference Architecture

  • Creating a VPC

Threat Hunting in Other Cloud Providers

  • Creating a VPC Network