Careervira Logo
Careervira Logo

USD $

Courses

Roles & Skills

Lists

Learn Paths

Career Paths

Information Technology
Trending Arrow Icon
Trending
Hands on Training icon
Hands On Training
Trending Arrow Icon
Hands on Training icon

OS Analysis with Wazuh

Course Cover
Pluralsight
compare button icon

Course Features

icon

Duration

36 minutes

icon

Delivery Method

Online

icon

Available on

Downloadable Courses

icon

Accessibility

Mobile, Desktop, Laptop

icon

Language

English

icon

Subtitles

English

icon

Level

Intermediate

icon

Teaching Type

Self Paced

icon

Video Content

36 minutes

Course Description

It can be difficult to detect file-level and process-level attacks. Many tools are "alert factories", which don't have the ability of resolving in-progress attacks. Wazuh is the solution to these problems. This course, OS Analysis With Wazuh, will show you how to use Wazuh to detect data exfiltration in an enterprise environment. To detect malicious filesystem operations, you will first create a rule. You'll then use a Python script to uncover a rootkit using Wazuh. You'll then use Wazuh Active Response to automatically quarantine and prevent the host from exfiltrating data. This course will allow you to simulate real-world attacks using Merlin, a popular C2 service. No prior Merlin experience required. After completing this course, you will have the skills and knowledge required to identify these techniques: Scheduled Task/Job, Hijack Execution flow (T1574) and Exfiltration over C2 Channel (T1041).

Course Overview

projects-img

International Faculty

projects-img

Post Course Interactions

projects-img

Instructor-Moderated Discussions

projects-img

Case Studies, Captstone Projects

Skills You Will Gain

What You Will Learn

You'll cover how to utilize Wazuh to respond to data exfiltration in an enterprise environment

First, you'll create a rule to detect malicious filesystem operations

Next, you'll uncover a rootkit through Wazuh by using a Python script

Finally, you'll leverage Wazuh's Active Response functionality to automatically quarantine the host (and prevent it from exfiltrating data)

In this course, you will simulate all attacks through Merlin (a popular C2 service) so we can emulate real-world scenarios! (No prior Merlin experience is needed)

When you're finished with this course, you'll have the skills and knowledge to detect these techniques Scheduled Task/Job (T1053), Hijack Execution Flow (T1574), and Exfiltration Over C2 Channel (T1041)

Course Instructors

Author Image

Zach Roof

Instructor

Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security E...
Read More
Course Cover
Home
Search
Wishlist