Sign Up for our Free One-Day SOC Summit Event March 25, 2026 Register Here

Intro to Network Threat Hunting

Course Authored by .

Intro to Network Threat Hunting

In this course John Strand introduces you to core networking fundamentals that are needed to understand packet capture and decoding using tcpdump and Wireshark, and understand packet crafting and analysis with Scapy.

On-Demand $575.00

Course Length: 16 Hours

Includes a Certificate of Completion



Description

In this course John Strand introduces you to core networking fundamentals that are needed to understand packet capture and decoding using tcpdump and Wireshark, and understand packet crafting and analysis with Scapy.

The course also covers Firewall log reviews, and explores the tools Zeek and RITA. You will explore connection times, beacons and even develop a Signal-to-Noise Ratio and then dive into Egress Capture, User Agent Strings and explore long tail anaysis. You’ll wrap up with unique and effective strategies to keep up with all the logging needed for effective Network Threat Hunting.

  • System Requirements
    • A system with a browser and solid internet connection

FAQ

Who Should Take This Course

  • Those who need deeper network-based detection and hunting skills.

  • Analysts who want to move from reactive response to proactive threat hunting.

  • Admins who understand networking basics and want to detect malicious behavior across their environment.

  • Anyone responsible for building detections, tuning SIEM/IDS/IPS, or analyzing logs.

  • Learners who want hands-on packet analysis, logging, and threat detection experience.

Key Takeaways

After taking this course, students will:

  • Understand core network fundamentals, including IP/TCP/UDP headers, top ports, and the TCP handshake, to support effective threat hunting.

  • Learn to capture and analyze traffic using tools like tcpdump, Wireshark, and Zeek for deep packet and protocol inspection.

  • Identify suspicious behaviors such as long connections, beacons, denylisted communication, and other network anomalies.

  • Develop strong log analysis skills across firewall logs, Windows Event Logs, Active Directory logs, PowerShell logs, and Sysmon.

  • Use powerful open-source tools such as RITA, Security Onion, Zeek, Sysmon, and Velociraptor to perform practical, cost-effective threat hunting.

  • Strengthen email threat detection by recognizing spoofing, malicious URLs, dangerous attachment types, BEC scams, and other phishing tactics.

Audience Skill Level

Intermediate

About the Instructor

Pixel splash background
"Managing Intern for all things Black Hills Information Security"
Bio

John Strand has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much-loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.

On-Demand

Antisyphon's On-Demand classes give you flexible, self-paced access to the same high-quality training our live events are known for. Whether you're diving into forensics, cloud security, or offensive tooling, each course includes:

  • Full access to video recordings, slides, and downloadable resources
  • Hands-on labs and virtual machines to reinforce real-world skills
  • Cyber Range access for immersive practice (select courses)
  • Dedicated Discord support from instructors and peers
  • Certificates of participation upon completion

Start learning when it works for you!
No deadlines, no pressure. Just real, practical cybersecurity training on your schedule.

Purchase:
Content is loading, please wait.

Related products

Shopping Cart

No products in the cart.