Training Objective
Course Content
Key Takeaways
Why should people attend your course?
Attendee Requirements
Who Should Take This Course
Speaker Details
Training Title:
Cyber Threat Intelligence BootCamp
Training Schedule:
Start Date: 10 September 2025
End Date: 11 September 2025
Training Objective
From Hunt to Detect: Building Next-Gen SOC Skills is more than a catchy title — it reflects a critical capability gap in many modern security operations centers. While detection rules and alerts are essential, they are only as strong as the hunting mindset behind them. This 2-day intensive workshop bridges that gap by teaching participants how to move seamlessly from proactive threat hunting to engineering high-fidelity detections.
Attendees will learn to leverage Splunk and Microsoft Sentinel to analyze diverse log sources, map findings to the MITRE ATT&CK framework, and design effective detection logic. Through guided labs, live attack simulations, and data-driven exercises, participants will build the ability to identify stealthy adversary activity, fine-tune detections to reduce false positives, and integrate results into automated incident response workflows.
By the end of the training, participants will have the hands-on skills and strategic perspective needed to operate as next-generation SOC analysts — capable of not just responding to alerts, but shaping the detections that generate them.
Course Content
Day 1 - Threat Hunting
- • Module 0: Threat Hunting 101
- • Module 1: Setting Up the Hunting Platform
- • Module 2: Hunting Against Basic PowerShell Execution
- • Module 3: Hunting Against Remote PowerShell Execution
- • Module 5: Hunting Against WMI Eventing for Persistence
- • Module 6: Hunting Against Privilege Escalation via WMI ActiveScriptEventConsumers
- • Module 7: Hunting Against Defense Evasion via DLL Injection
- • Module 8: Hunting Against Credential Access via LSASS Dumping
- • Module 11: Hunting APT29 with Jupyter Notebook
- • Module 12: Hunting AWS CloudTrail with Jupyter Notebook
- • Module 13: SIEM Integration
- • Module 14: Data driven Hunting using Python and Jupyter. Identify anomalies with Clustering, Z Score Analysis, Isolation Forest, Entropy detection.
Day 2 - Threat Detection
- • Module 1: Sigma101
- • Module 2: Create Efficient Detection using Sigma
- • Module 3: Practical use of Sigma in Detection
- • Module 4: Replicate Complex Hunt into Detection, Building Detection Queries with SIEM(Splunk for advanced hunting)
Key Takeaways
By the end of this workshop, participants will be able to:
- • Adopt a Threat Hunter's Mindset - Shift from reactive alert triage to proactive discovery of hidden adversary activity.
- • Leverage SIEM Platforms Effectively - Use Splunk and Microsoft Sentinel to ingest, normalize, and analyze diverse security log sources.
- • Apply Threat Intelligence & Frameworks - Map activities to the MITRE ATT&CK framework and use TTP-based hunting for targeted results.
- • Engineer High-Fidelity Detections - Translate hunt findings into detection logic that balances coverage with precision, reducing false positives.
- • Simulate & Validate Detections - Run realistic attack scenarios to test and refine rules, ensuring operational readiness.
- • Automate SOC Workflows - Integrate detections with SOAR playbooks for faster, more efficient incident response.
- • Enhance Security Posture - Combine proactive hunting and reactive detection for a comprehensive defense strategy.
Why should people attend your course?
Most SOC teams are drowning in alerts yet still miss advanced threats that quietly bypass traditional defenses. This course is designed to break that cycle. From Hunt to Detect: Building Next-Gen SOC Skills gives you the rare combination of proactive hunting and detection engineering skills in a single, hands-on program.
You should attend if you want to:
- • See the full attacker kill chain - Understand adversary tradecraft from initial compromise to persistence and exfiltration.
- • Hunt before alerts exist - Develop hypotheses, leverage threat intel, and uncover stealthy activity that SIEMs alone won't catch.
- • Engineer better detections - Turn hunt findings into actionable, high-fidelity rules in Splunk and Microsoft Sentinel.
- • Work on live attack simulations - Practice detection and response in a realistic, contained lab environment.
- • Bridge the SOC skill gap - Gain both the mindset of a hunter and the precision of a detection engineer.
- • Future-proof your role - Equip yourself with advanced skills that are in high demand across cybersecurity operations.
This is not a lecture-heavy theory session — it's a lab-driven, scenario-based training that lets you work with the tools, datasets, and techniques used in real-world enterprise environments.
Attendee Requirements
To get the most out of this hands-on workshop, participants should have:
- • Basic SOC or Security Knowledge - Familiarity with common security concepts such as logs, alerts, and incident response workflows.
- • Understanding of Networking Fundamentals - Knowledge of TCP/IP, DNS, HTTP/HTTPS, and common network protocols.
- • Windows & Linux Basics - Comfort navigating both operating systems and understanding basic command-line operations.
- • SIEM Exposure (Preferred) - Experience with Splunk, Microsoft Sentinel, or any SIEM platform is helpful but not mandatory.
- • SIEM Exposure (Preferred) - Experience with Splunk, Microsoft Sentinel, or any SIEM platform is helpful but not mandatory.
- • Modern Web Browser - Google Chrome or Mozilla Firefox recommended for lab access.
- • Stable Internet Connection - Minimum 8 Mbps download speed to access the remote lab environment without interruptions.
Who Should Take This Course
This training is ideal for cybersecurity professionals who want to strengthen both their proactive threat hunting skills and their ability to build effective detections in enterprise environments. It is especially relevant for:
- • SOC Analysts (Tier 1, 2, and 3) - Who want to move beyond alert triage into advanced hunting and detection engineering.
- • Threat Hunters - Looking to sharpen their methodology and integrate hunts with SIEM detection rules.
- • Detection Engineers - Who need practical exposure to Splunk and Microsoft Sentinel in real-world attack scenarios.
- • Incident Responders - Wanting to identify and track attacker activity earlier in the kill chain.
- • Blue Team Members - Seeking to expand their skill set with proactive defense techniques.
- • Security Engineers - Who build and maintain SIEM environments and want to enhance detection coverage.
- • IT and Network Administrators - Interested in transitioning into SOC or detection-focused roles.
If your role involves protecting systems, detecting malicious activity, or responding to security incidents, this course will give you the skills to stay ahead of evolving threats.
Speaker Details
Archan Choudhury
CEO BlackPerl DFIR, Ex-Amazon
Bio
Archan Choudhury is a seasoned cybersecurity professional with over a decade of extensive experience in Digital Forensics & Incident Response (DFIR), Threat Hunting, and SOC engineering. As the Founder & CEO of BlackPerl DFIR, he brings deep expertise in building resilient cyber defense solutions and training professionals for real-world security operations. He has worked extensively in various hands-on and leadership roles in Unilver, Informatica, Amazon and Uptycs before starting BlackPerl. He has served as a trusted consultant, instructor, and speaker at numerous industry forums, including notable events like FUELD Conference, VULNCON where he shares practical insights into cloud-focused DFIR and security operation and threat detections.
LinkedIn: https://www.linkedin.com/in/archan-choudhury-b4a719b7/
Arpit Kumar
Sr. Security Engineer BlackPerl DFIR
Bio
Arpit is a Security Engineer at BlackPerl, specializing in detection engineering and cybersecurity operations for global clients. In this role, they focus on crafting robust detection rules across various SIEM tools and developing Sigma-based detection use cases tailored to customer environments. His responsibilities include identifying gaps in client-generated automated Sigma rules and fine-tuning AI engines to enhance detection fidelity. He also conducts dark web scanning and monitoring activities using a designated text stack to identify potential threats and exposures for clients.
His role also involves active monitoring, log analysis, and incident response using a diverse set of security tools and SIEM platforms to detect cyberattacks and unauthorized activity. He conducts detailed forensic investigations on compromised endpoints using various tools, including live/historical analysis, memory dumps, and file system reviews to assess breach impact.