Cyber Threat Hunting | Chris Brenton | October 2020 | 4 Hours




Join the Threat Hunting Community on Discord: https://discord.gg/tbQBAzT
Slides & VM: https://www.activecountermeasures.com...
0:00:00 - PreShow Banter™ — Tales of Great Ambitions
0:16:47 - Chris Crowley Plugs His UpComing SOC Class (https://soc-class.com/)
0:21:32 - Meet the ACM Teams
0:26:45 - This is the Way : The Path to Threat Hunting Carriers
0:29:34 - FEATURE PRESENTATION: Network Cyber Threat Hunter Training
0:34:43 - How We Try To Catch Bad Guys
0:38:12 - Limitations of Logging
0:50:52 - Threat Intel Feeds?
0:55:50 - What Should Threat Hunting Be?
1:01:04 - Starting With the Network
1:14:40 - What to Look For
1:18:51 - Keeping Score
1:21:57 - Blind Spots to C2 Targeting
1:24:13 - C2 Detection
1:28:36 - Bad Guys V Red Teams
1:31:00 - Long Connections
1:39:53 - Bro V Zeek?
1:43:31 - Zeek Has a Timeout Problem
1:49:49 - Anyway, Here’s Firewalls
1:50:45 - Beacons!
1:59:06 - False Positives? Unexpected Results?
2:17:15 - Destination IP Address
2:19:55 - Internal Systems
2:21:27 - Event ID Type 3
2:23:07 - Passer
2:25:44 - C2 Detection Tools
2:43:31 - C2 Labs
2:46:17 - LAB: Find Long Connections
3:02:50 - LAB: Investigate Long-Talkers
3:10:36 - LAB: Beacons By Session Size
3:31:25 - LAB: C2 Over DNS
3:39:11 - LABS Again, But With RITA
3:49:46 - AI Hunter
3:53:55 - That’s All, Folks

Chris Crowley's SOC class:
https://soc-class.com/

**This session will have updated labs and content that was not included in past trainings!

Chris Brenton from Active Countermeasures is conducting another free, one-day, Cyber Threat Hunting Training online course!

One of the biggest challenges in security today is identifying when our protection tools have failed and a threat actor has made it onto our network. 

In this free, 4-hour course, we will cover how to leverage network and host data to perform a cyber threat hunt. 

The focus will be on processes and techniques that can be used to protect:
- Desktops
- Servers
- Network gear
- IIoT
- BYOD system

The course includes hands-on labs using packet captures of various command and control channels. 

We also discuss how you can use our new Sysmon tool BeaKer to detect attacks on the host with Sysmon... for free!

The labs enable you to apply what you've learned using various open-source tools. 

By the end of the course, you’ll understand the tools and techniques needed to perform compromise assessments within your own environment. While the course will be available later for download, live attendees will receive a "Cyber Security Threat Hunter Level-1" certificate.


Why are we doing it? Cyber threat hunting is a relatively new discipline. As an industry, we are still formulating standards and procedures. We want to do our part by giving back to the security community. We are hoping that by sharing what we've learned we can help spark new ideas and threat hunting tools. Let's build a community and solve these problems together.


Para mas visita: https://sectemple.blogspot.com/

Comments