A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


What the deuce? Strategies for splitting your alerts. - John T. Myers BSides Philadelphia 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

What the deuce? Strategies for splitting your alerts.
John T. Myers

BSides Philadelphia 2016

Today's threat landscape has evolved to a point where the barrier to entry for network exploitation is drastically low. Additionally, the increased usage of native OS tools for network administration has made "living off the land" post-exploitation easier than ever. How do security professionals prioritize what to do? The answer is to base it off of the intruder's priority. If the intruder cares about your network, they'll be back, and probably move laterally to expand their accesses. This essentially lumps intrusions into two categories: threats that got in and went no where, threats that got in and went somewhere. You should care about the latter over the former. This talk will discuss some strategies on collecting a better transactional record of what happens inside networks and how to use these transactions to conduct better post-exploitation analysis and pro-active hunting on threats that are already poking around.

John T. Myers is a co-founder and CTO of Efflux Systems, a Maryland based security startup. Prior to Efflux, John's career focused on cyber and intelligence operations for the U.S. Air Force. As Director of Operations, he guided cyber operations training programs and directed large scale Red Flag cyber ops planning and exercises. As a Senior Cyber Analyst, John led counter-cyber intel missions and developed advanced tactics, techniques, and procedures (TTPs), analyzed unknown network activity, and was ultimately awarded for uncovering traffic from a top-10 DoD threat. He was also competitively selected for DoDs premiere 3-year Computer Network Operations Develop Program (CNODP), where he engineered and developed CNO capabilities. Here he also discovered security flaws and critical vulnerabilities in DoD systems, cutting reporting and countermeasure response times in half. John graduated Magna Cum Laude with a BS in Computer Science from Rennselaer Polytechnic Institute and holds a MS in Information Systems and Network Management from Strayer University, Maryland.

Recorded at BSides Philly 2016

Back to BSides Philly video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast