Tel: 210.320.5026

110 E. Houston St.

6th Floor

San Antonio, TX 78205


  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon

© 2019 by Level Effect, LLC. All Rights Reserved.

Threat hunting with Python

Network breaches are growing in frequency and severity. Network defenders are trying to keep up but are outpaced by the ever-changing technical advancements of adversary capabilities and ingenuity. Defenders need the tools and skills to keep pace to discover and eradicate these evolving threats, but sometimes the tool doesn’t exist or is not available to the defending team. Hackers don’t wait, and neither should we. Learn to develop and apply custom scripts and data analysis techniques to uncover and neutralize persistent threats with Python. 

In this course, we will assume the role of a cyber analyst in an enterprise network and take a hands-on approach to conducting threat hunting with Python to discover persistent network threats. Using relevant data sources, we will acquire, filter, and enrich log data to identify key indicators of compromise and the scope of the network breach.




Python intro

We’ll start off with an introduction to the Python programming language. The purpose of the course isn’t to get students to be expert python programmers. Instead, we want to make it accessible to non-programmers and show folks in a non-intimidating atmosphere how a powerful tool like Python can be leveraged to make their jobs faster and more effective. Students will be allowed to work at their own pace to explore the Python environment and work with instructors to complete lab exercises designed to showcase what Python can do.


Gathering network and system data for analysis

Writing your own python code is great, but how do you use it with your work? In this module, we cover pulling in real world data, like Apache log files and Microsoft Windows event logs, with the end goal of learning how to harness the power of a computer to churn through data. We’ll cover topics like opening files, reading the data from files, parsing the data so we can make sense of it, and ultimately searching for what we’re interested in with nothing but code.


Data analysis for threat hunting

Here we'll cover the fundamentals of Exploratory Data Analysis (EDA). During this phase we will dive into the data and look at relationships of the fields, values, and statistics associated to the data. Using Python Pandas we will clean and filter data into usable formats for analysis. Understanding the data and with the application of an offensive mindset, we can begin to identify trends which could be associated to a network breach. 


Data enrichment with geo & reputation

This module provides an overview of how students can take seemingly boring log data and turn it into an enriched and compelling report. Enrichments give context to the data and help authors tell a better story about what the data is showing. Students will utilize basic (and mostly free) techniques to build a better story, contextualize events, and add power to their findings.



$3,000.00 per person

Hands-on labs

Over the duration of the course, students will conduct hands-on labs with Python to identify and scope the extent of a targeted network breach. Students will parse files, conduct data analysis and create visualizations, use APIs, and complete a multitude of analytical challenges during the course and in a capstone challenge. 

You will Recieve

Certificate of completion, USB flash drive with course materials, and related text books. 

Course Discounts

Contact Us for group and Geekdom member pricing. 

Course Requirements
  • Students will need to provide their own laptop

  • Any OS is supported

  • We utilize a private development environment so there is nothing to install or configure on your machine. 

Target Audience