logo
Courses Blogs Webinars Login

Attack & Defense Using Splunk, Kali, and Other Tools

πŸ”Ή Duration: 60 Hours (Hands-on Labs, Simulated Attacks, Blue vs. Red Team Exercises)
πŸ”Ή Level: Intermediate to Advanced
πŸ”Ή Focus: Offensive and Defensive Security, Detection & Threat Hunting Using Splunk, MITRE ATT&CK Framework, Incident Response
πŸ”Ή Tools Covered: Kali Linux, Metasploit, Cobalt Strike, Empire, Atomic Red Team,Splunk, Sigma Rules, OSQuery, Sysmon, Zeek, Suricata, PowerShell, Python

πŸ”₯ Key Takeaways

βœ… Master Cyber Attack Techniques (Recon, Exploitation, C2, Persistence, Exfiltration)
βœ… Develop Advanced SIEM Rules & Threat Detections in Splunk
βœ… Perform Threat Hunting & Incident Response Using MITRE ATT&CK
βœ… Analyze Red Team Tactics & Enhance Blue Team Defenses
βœ… Gain Hands-On Experience with Splunk, Kali, and SOC Tools
βœ… Automate Security Operations Using SIEM & SOAR

πŸ“Œ Table of Contents:
πŸ›‘οΈ Module 1: Introduction to Adversarial Tactics & Cyber Kill Chain (6 Hours)
πŸ”Ή Understanding SOC Operations & Security Monitoring
πŸ”Ή Introduction to Splunk: Architecture & Components
πŸ”Ή How Splunk Helps in Incident Detection & Response
πŸ”Ή Hands-on Lab: Setting Up Splunk in a SOC Environment

πŸ” Module 2: Reconnaissance & Initial Access (8 Hours)
πŸ”Ή Onboarding Log Sources (Windows, Linux, Firewalls, Cloud, Proxy, DNS)
πŸ”Ή Splunk Data Normalization & Field Extraction
πŸ”Ή Indexing & Storage Concepts in Splunk
πŸ”Ή Hands-on Lab: Parsing & Searching Logs in Splunk

βš™οΈ Module 3: Log Analysis & Detecting Early-Stage Attacks in Splunk (7 Hours)
πŸ”Ή Basic to Advanced SPL Queries (Filtering, Field Extraction, Regex)
πŸ”Ή Using Splunk Search for Incident Investigation
πŸ”Ή Data Visualization & Dashboard Creation in Splunk
πŸ”Ή Hands-on Lab: Writing SPL Queries for Security Use Cases

πŸ“œ Module 4: Privilege Escalation & Lateral Movement (8 Hours)
πŸ”Ή MITRE ATT&CK Framework & Threat Detection in Splunk
πŸ”Ή Writing Detection Rules (Correlation Searches, Adaptive Response)
πŸ”Ή Alerting & Automated Actions in Splunk
πŸ”Ή Hands-on Lab: Creating & Tuning Security Alerts in Splunk

πŸ€– Module 5: Persistence & Defense Evasion Techniques (8 Hours)
πŸ”Ή Splunk Enterprise Security (ES) Overview
πŸ”Ή Notable Events, Risk-Based Alerting (RBA), & Incident Review
πŸ”Ή Case Management & Workflow Automation in Splunk ES
πŸ”Ή Hands-on Lab: Investigating a Security Incident in Splunk ES

🎭 Module 6: Command & Control (C2) & Exfiltration (8 Hours)
πŸ”Ή Proactive Threat Hunting Using Splunk Datasets
πŸ”Ή Hunting for Ransomware, Phishing, & Insider Threats
πŸ”Ή Using Machine Learning & Splunk Security Essentials (SSE) for Anomaly Detection
πŸ”Ή Hands-on Lab: Running Threat Hunting Queries in Splunk

πŸš€ Module 7: Threat Hunting & Incident Response (8 Hours)
πŸ”Ή Introduction to Security Automation & Playbooks
πŸ”Ή Writing Automated Response Workflows in Splunk SOAR
πŸ”Ή Integrating Splunk with External Threat Intelligence Feeds
πŸ”Ή Hands-on Lab: Creating a SOAR Playbook for Automated Threat Response

πŸ› οΈ Module 8: SIEM Rule Writing & Automated Defense (13 Hours)
πŸ”Ή Simulated SOC Challenge: Investigate & Respond to a Cyber Attack
πŸ”Ή Hands-on Practical Assessment: Detecting & Containing an Incident Using Splunk
πŸ”Ή Final Project Submission & Certification.
πŸ”Ή Career Guidance for SOC Analysts, Incident Handlers, & Threat Hunters.
πŸ”ΉSimulated Attack & Defense Scenarios (Live Cyber Range).
πŸ”ΉReal-Time SOC Response to a Targeted Attack.
πŸ”ΉFinal Practical Assessment & Certification.
πŸ”ΉCareer Guidance for Red & Blue Team Professionals.

πŸ“Œ Who Can Join?
🎯 SOC Analysts (L1/L2) – Looking to advance in detection engineering & automation.
🎯 Incident Responders & Threat Hunters – Seeking expertise in SIEM rule writing & automation .
🎯 Security Engineers & Blue Teamers – Focused on improving security detection & scripting.
🎯 Developers & Scripting Enthusiasts – Transitioning into cybersecurity automation.
🎯 Developers & Scripting Enthusiasts – Transitioning into cybersecurity automation.

πŸ“Œ Prerequisites:

πŸ’» Technical Knowledge:
βœ… Basic knowledge of Networking & Operating Systems (Windows/Linux).
βœ… Familiarity with SOC workflows (log analysis, alert triage, incident response).
βœ… Basic understanding of cybersecurity threats & attack techniques.
βœ… No prior experience with Splunk is required, but basic scripting skills (Python, PowerShell) are helpful.

πŸ’»Hardware Requirements:
βœ… Processor: Minimum Intel i5 / Ryzen 5 (Recommended i7 / Ryzen 7 or higher).
βœ… RAM: Minimum 8GB (Recommended 16GB+ for better virtualization).
βœ… Storage: At least 100GB free space (Recommended SSD for faster performance).

🌐 Internet & Network Requirements:
βœ… Stable Internet Connection: Minimum 10 Mbps (Recommended 25 Mbps+).
βœ… Virtualization Support: Must support. VMware / VirtualBox / Hyper-V.
βœ… Firewall Permissions: Ability to download install security & forensic tools.

πŸ› οΈ Software & Tools Required:
βœ… Operating System (At-least one of these): Windows 10/11 (Preferred), Linux, (Kali/Ubuntu), or macOS.
βœ… Must Support Virtualization Software: VMware Workstation / VirtualBox.