Threat Intelligence with MSTICPy
Offered By: Pluralsight
Course Description
Overview
This course will focus on using MSTICPy in notebooks to detect adversary logons, decode obfuscated scripting attacks, and attempts to establish persistence.
MSTICPy is a Python library of CyberSec tools designed for hunting and investigations using Jupyter notebooks. Jupyter notebooks are an ideal tool for CyberSec/SOC work. You can ingest data from multiple sources, analyze, reshape, and visualize the data and add your own commentary. In this course, Threat Intelligence with MSTICPy, you’ll cover how to utilize MSTICPy to detect against adversary intrusions in an enterprise or cloud environment. First, you’ll learn how to query and analyze network and endpoint logs to identify adversary activity. Next, you’ll analyze logon sessions on a compromised host and identify and decode a scripted attack. Finally, we will pinpoint the way that attacker has enabled a persistent foothold on the host. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: T1078.002 - Valid Accounts/Domain Accounts; T1059.001 - Command and Scripting Interpreter: PowerShell; and T1053.005 - Scheduled Task/Job: Scheduled Task, using MSTICPy and Jupyter Notebooks.
MSTICPy is a Python library of CyberSec tools designed for hunting and investigations using Jupyter notebooks. Jupyter notebooks are an ideal tool for CyberSec/SOC work. You can ingest data from multiple sources, analyze, reshape, and visualize the data and add your own commentary. In this course, Threat Intelligence with MSTICPy, you’ll cover how to utilize MSTICPy to detect against adversary intrusions in an enterprise or cloud environment. First, you’ll learn how to query and analyze network and endpoint logs to identify adversary activity. Next, you’ll analyze logon sessions on a compromised host and identify and decode a scripted attack. Finally, we will pinpoint the way that attacker has enabled a persistent foothold on the host. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: T1078.002 - Valid Accounts/Domain Accounts; T1059.001 - Command and Scripting Interpreter: PowerShell; and T1053.005 - Scheduled Task/Job: Scheduled Task, using MSTICPy and Jupyter Notebooks.
Syllabus
- Course Overview 1min
- Threat Intelligence with MSTICPy 30mins
- Resources 1min
Taught by
Ian Hellen
Related Courses
An Introduction to Computer NetworksStanford University via Independent Introduction to Systems Biology
Icahn School of Medicine at Mount Sinai via Coursera Network Analysis in Systems Biology
Icahn School of Medicine at Mount Sinai via Coursera Networks, Crowds and Markets
Cornell University via edX Networking Leadership 101: Building Your Core Professional Network
Center for Creative Leadership via Acumen Academy