Bobby Thomas, Kyle Smathers - Hunting for Hackers by Deloitte - DCTLV2025
Name of Training: Hunting for Hackers by Deloitte
Trainer(s): Bobby Thomas and Kyle Smathers
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $1,900
Course Description:
The “Hunting for Hackers” course provides a baseline level of knowledge designed to train cybersecurity professionals to actively defend critical computer systems. The course exposes participants to a “Think like the Adversary” mindset to actively detect sophisticated and tailored adversary attacks. This course is designed to prepare cybersecurity professionals to Hunt within their network for evidence of adversary presence not previously detected by automated enterprise security devices and software.
Rather than simply reacting to network attacks, participants of this cyber threat hunting training learn methods to interrogate systems and analyze data proactively and remotely. This empowers participants to proactively discover systems targeted by an adversary. Participants learn how to discover malicious code, and evidence of adversary presence and lateral movement within a network. Throughout the program, instructors share their experience in cybersecurity, operations, and tool development. This provides participants an appreciation of the challenges they may face in countering the cyber adversary.
*Students will receive 6 months of access to our virtual lab environment to continue practicing concepts learned during this course.
Course Outline:
- Introduction: Class introduction
- Lesson 1: Introduction to Hunt Methodology
- Summarize what hunting is
- Identify how intelligence-driven operations affect analysis
- Explore hunt team roles and skills
- Contrast hunt, forensics, and Incident Response (IR)
- Determine hunt platform requirements
- Explain data management requirements
- Review how a hunt team should communicate
- Create operators notes standard
- Create an organizational schema for data
- Identify methods to protect data
- Define the goal of reporting
- Review the requirements to generate report
- Identify different types of reports and dissemination
- Summarize what hunting is
- Lesson 2: Environment Collection
- Develop a system baseline
- Review host discovery and enumeration techniques
- Review host characterization techniques
- Contrast manual vs. automated hunt operations
- Examine the difference and collect temporal and non-temporal data
- Review Elastic Stack functionality
- Develop a system baseline
- Lesson 3: IOC Identification
- Understanding normal boot processes
- Identifying anomalies
- Service Triage
- DLL Triage
- Review Windows Drivers
- Understand Windows Event logs
- Evaluate events in Windows Event logs
- Understand how Windows applications log their events
- Evaluate events in Windows application logs
- Understanding normal boot processes
- Lesson 4: Targeted Collection Analysis
- Perform an investigation
- Collect evidence from a host
- Form hypothesis on adversary motive
- End of Day/Course Review
- Perform an investigation
Difficulty Level:
Beginner/Intermediate
Suggested Prerequisites:
There are no prerequisites for this class.
What Students Should Bring:
Participants will need to bring their own device with a modern web browser / keyboard.
Trainer(s) Bio:
Bobby Thomas has over 20 years of experience in cyber operations, network analysis, exploitation, and incident response. He possesses a comprehensive background in cyber network operations from planning to execution, intelligence operations, management, technical training course development and revision. Bobby currently works on Deloitte’s Advanced Cyber Training Team, Cyber Assessment Team, and Threat Hunting Team. He has his master’s degree in cyber security and multiple industry leading certifications to include: CISSP, GCFA, GNFA, GCFE, CEH, and Security+. During his off time he enjoys trying new restaurants and traveling with his family.
Kyle Smathers is a Specialist Master at Deloitte Risk & Financial Advisory and a seasoned cybersecurity professional with a knack for problem-solving and developing capabilities. He has served as an Air Force officer and continues his service as a reservist, bringing over a decade of experience with cutting-edge cybersecurity platforms, training, and missions. His innovative contributions have gained significant recognition, earning him an invitation to contribute to the design of the Air Force's ‘Interceptor’ cyber threat hunting platform. In his free time, he is either with his family, riding his bicycle or working on a house project.
Deloitte is recognized as a global leader in Security Consulting, Cybersecurity Incident Response Services, Managed Cloud Services, and Strategic Risk Management Consulting. Deloitte is considered one of the “Big Four” accounting firms and is the largest professional services organization in the world.
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.