Cyber Threat Investigator Course

COURSE TIME  8:00 AM (MST) **  10:00 AM (EST)  ** 11:00 AM (AST)

HYBRID LEARNING ENVIROMENT 

• Learning will be delivered via MS-Teams and Virtual desktops for practicals

COURSE OVERVIEW

This immersive course expands upon the skills and fundamentals taught in introductory cyber courses. The course will provide attendees with a more in-depth understanding of the online criminal ecosystem. We will focus on the existing cyber threats markets, forums and other criminality occuring there. OSINT techniques and other methods to investigate criminal activity on multiple layers of the web.  Students will assume different identities and communicate with others in the ecosystem via encrypted communications, utilizing PGP and peer to peer application.  The training will be mostly hands-on, with students walking through the steps, explanations of the programs and demonstrations of the browser add-ons while building a research machine. Additionally, attendees will be familiarized with open source and commercial tools and learn to leverage the tools for thier investigations. 

• Find and navigate the 'dark web' forums/marketplaces using the TOR network
• Conduct online research to identify threats to your organization
• Create a target profile report through the use of various research techniques/tools
• Learn fundamentals in interacting online through NCFTA-guided hands-on exercises
• Create and maintain research accounts, employ encryption techniques in order to communicate online
• Limit your footprint while conducting research.
• Understanding VPN, VM and info bleeds while using such environments
• Make purchases using crypto currencies
• Develop intelligence reporting based on information gathered
• Interact online using various P2P chat platforms
• Focus on dark web, deep web, Malware and Ransomware

The course will also focus on incident response to compromises and will provide attendees with an understanding of ransomware and best practices/tools for first response to ransomware incidents:

• What is Ransomware?
• Types of Ransomware
• How does it work?
• Responding to an attack
• Stop the spread
• Investigative strategies
• Finding available unlock keys
• Prevention

**This is an advanced cyber investigation course. We strongly recommend students have previous cyber investigative training or have completed the Cryptocurrency Investigators Course hosted by Ai6.

INSTRUCTORS BIOGRAPHY

Ms. Stephanie M. Corvese - Manager: Risk & Forensics - Grant Thornton LLP

Stephanie started with Grant Thornton in 2017 and has been involved in performing forensic acquisitions and analysis of electronic data from a range of digital media including, computers, tablets, smartphones, and removable media such as USB keys SD cards, and other consumer electronic devices including cloud storage. She is also an active member of the cyber breach response investigations team and the OSINT investigations team.

Ms. Corvese will be presenting a case study involving the Lockbit variant.  Ms. Corvese will walk through students on using open source tools when first responding to ransomware investigations.  

NOTE:  Each student will have their on sandboxed working enviroment for the course.  In person students will be equipped with laptops.  Online students will log into virtual desktops.