Advanced Endpoint Investigations with Alissa Torres
Overview
- Course Length: 16 hours
- Support from expert instructors
- Includes a certificate of completion
- 12 months access to Cyber Range
This course allows students to gain fundamental knowledge of modern Windows and Linux host artifacts along with understanding the use cases for incident response host pivots and root cause analysis.
For most security teams, high operational tempo (measured in dumpster fire lumens) incentivizes analysts to stick to well-tailored playbooks that prioritize remediation at the expense of proper incident scoping and root cause analysis. Though modern endpoint security products have significantly improved host visibility, most critical incidents will require the acquisition and analysis of additional endpoint data.
This course focuses on four core investigative competencies: endpoint data collection, investigative triage, incident response pivots, and root cause analysis.
Wild West Hackin’ Fest (Oct 8th – Oct 9th, 2024) – Deadwood, SD
- October 8th – 8:30 AM to 5:00 PM MDT
- October 9th – 8:30 AM to 5:00 PM MDT
Wild West Hackin’ Fest at Mile High (Feb 4th – Feb 5th, 2025) – Denver, CO
- February 4th – 8:30 AM to 5:00 PM MDT
- February 5th – 8:30 AM to 5:00 PM MDT
Key Takeaways
Learning Objectives:
- Gain fundamental knowledge of modern Windows and Linux host artifacts
- Explain logical investigative workflows for host pivoting, data collection, and analysis
- Develop an understanding of use cases for incident response host pivots and root cause analysis
Performance Objectives:
- Develop host triage collection and analysis skills for effective investigations of Windows and Linux systems
- Properly identify file system, OS, and memory artifacts to support timeline creation and attack path reconstruction
- Build deductive reasoning and investigative prowess through hands-on exercises built around real-world scenarios
Who Should Take This Course
- Security Operations/Incident Response Analysts
- Threat Hunters
- Tactical Threat Intel Analysts
- Digital Forensics Investigators
- Red teamers who want to perfect their operational discipline
Audience Skill Level
- Basic understanding of Windows and/or Linux OS fundamentals
- Familiarity with attack path models, threat actor frameworks, and hunt methodologies
- 1-2 years of experience in security operations, incident response, or threat hunting
- Stable Internet access
- x86 architecture CPU clocked at 2 GHz or higher that is capable of nested virtualization
(Apple Silicon is currently not supported) - A computer with at least 8 GB of RAM. 16 GB is recommended
- VMWare Workstation or VMWare Fusion
(VirtualBox and other VM software is not supported) - Windows 10/11, MacOSX+, or a currently supported Linux Distribution
- Full Administrator/root access to your computer or laptop
- System must also have at least 80GB of available disk space, 2 vCPUs, and be able to connect to a wireless network for Internet access
This class is available for training at both WWHF Deadwood 2024 and
WWHF Mile High 2025. For more information about our conferences, visit
Wild West Hackin’ Fest!
On Demand Training
-
Train at your own pace with no set course schedule
-
Access to all course resources, including slides and VMs
-
Subject Matter Expert support through Discord
- Tips, tools, and techniques that can be applied immediately upon returning to work
- Strengthen your skills by solving challenges within the Antisyphon Cyber Range
- Become part of a community driven to educate and share knowledge