Join the Hunt: A Hands-on Approach to Cyber Threat Hunting (Separate Registration is Required)

Monday, May 01 | 8:00AM–11:30AM PT | Grand Ballroom A, Second Floor
Session Type: Industry Led
Delivery Format: Preconference Workshop

For Institutional Attendees Only

Have you ever wondered what cyber threat hunting is actually like and how it’s done? It's safe to assume that some security controls implemented in your institution have failed at least once, opening the door of your environment to a threat actor or group. Come learn what hypothesis-based, proactive threat hunting is all about and how eye-opening it can be. You'll experience a series of live demos and hands-on exercises of notoriously hard-to-detect adversarial behaviors like memory-only malware and living-off-the-land techniques. And you'll walk away with the essential skills and tools used to detect and mitigate adversarial behaviors. We look forward to active participant engagement in the workshop. This will be a fun hunt!

Who Should Attend

Any IT professional, developer, cybersecurity professional or technology professional interested in taking a test drive behind the wheel of tracking a threat/hacker in a live environment should attend. This session will spend the first 10 minutes with an overview of what threat hunting is and what it is not. The rest of the time will be 100 percent hands-on, detailed walkthroughs of tracking a threat. We will go from intro- to intermediate-level threat hunting, so cybersecurity practitioners who already have some knowledge but want to add some additional real-world, hands-on skills are encouraged to attend.


Attendees should be familiar with Windows and Linux command line at a basic level (e.g., open command prompt and ping If you can do this or figure it out quickly, you meet the prerequisites. There will be a lab environment provided with already configured online virtual machines with incident response, forensics and threat-hunting tools. Just bring a laptop, and you’ll be ready to go.

  Note: All attendees will receive free access to the Infosec Skill cyber ranges needed for this exercise.

 Learning Objectives 

You will walk away with repeatable skills that you will likely be able to use in your environment immediately, whether in a complex enterprise network or at home. We will be using all open-source tools to make sure attendees can recreate the environment and exercises at home without spending money. After attending this workshop, you will:

1. Understand how to find threat actors once they’ve made it into your environment undetected. 

2. Understand how to conduct proper network and memory forensics in a way unique to hunting for threats that typically go undetected.

3. Understand the procedures for developing a hypothesis based on industry threat intelligence and executing a hunt based on the same.

Instructor: Keatron Evans, Principal Cybersecurity Advisor, Infosec Institute 


  • Keatron Evans

    VP Product Portfolio Strategy, Infosec, part of Cengage Group

Resources & Downloads

  • Join the Hunt Workshop Slides

    Updated on 5/2/2023
  • Join the Hunt Workshop Handout

    Updated on 5/2/2023