A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Threat Hunting: Defining the Process While Circumventing Corporate Obstacles - Kevin Foster, Matt Schneck, Ryan Andress BSides Philadelphia 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Threat Hunting: Defining the Process While Circumventing Corporate Obstacles
Kevin Foster, Matt Schneck, Ryan Andress

BSides Philadelphia 2017

Threat hunting is a hot topic spurred on by the thought that it,s not a matter of if, but when, your organization will be breached. Mature security organizations are shifting in their approach from solely relying on reactive response and black box security tools to proactive hunting. This shift in approach requires large amounts of network and endpoint data to tie together attacker tools, tactics, and procedures. Security teams often have their hands tied due to limited budgets, politics and their ability to affect change with what information gets logged (just try getting a DNS admin to check a box that says "Debug" in prod). Hypothesis driven data acquisition can be used to overcome environmental challenges, provide a specific goal, and reduce analysis paralysis. This presentation will discuss hypothesis driven threat hunting using free and commercial tools for organizations which face common corporate roadblocks.

Kevin Foster - Kevin is SANS certified GIAC Forensic Analyst (GCFA) and GIAC Reverse Engineering Malware (GREM) who has experience leading forensic investigations with a variety of commercial and open source tools. He works with organizations on breach and pre-forensics preparedness. Matt Schneck - Matt is SANS GIAC Certified Forensic Examiner (GCFE) and specializes in Endpoint Detection and Response toolset selection and implementation. He helps to assist SRA clients with endpoint detective rulesets and investigations. Ryan Andress - Ryan is SANS GIAC Certified Forensic Analyst (GCFA) and has experience conducting forensic investigations with numerous commercial and open source toolsets. He has experience on projects involving product selection, implementation, configuration of Cloud Application Security Frameworks, and Tier 3 Forensic Investigations.

Recorded at BSides Philly 2017

Back to BSides Philly video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast