Streamlining and Automating Threat Hunting With Kestrel - Black Hat 2022

Session Details : https://ift.tt/YpgDbyG Kestrel is a rapidly evolving threat hunting language designed to accelerate cyber threat hunting by providing a layer of abstraction to build reusable, composable, and shareable hunt-flow. Kestrel significantly simplifies hunting and sharing by creating a standard way to encode a single hunt step, chain multiple hunt steps, and fork/merge hunt-flows to develop threat hypothesis. We prepare a blue team lab for the Black Hat session. Anyone can spin up your own copy of the demo/lab to play with while watching this demo: https://ift.tt/B4m1FqJ Kestrel Github: https://ift.tt/OmUTkwj We accomplish four tasks in this demo: 1. Search for TTPs from simple to complex, from specific to generic. We will get a sense of knowledge abstraction and revisit automatic hunting with generic TTPs in the last task. 2. Discover different parts of the attack on one host, then follow the data-flow associated with the lateral movement to discover the entire attack campaign across hosts. 3. Upgrade our hunts with analytics, the white-box or black-box detection logic one can invoke in a Kestrel hunt-flow to gain information besides querying a data source. 4. Show how to automate hunts with OpenC2: Given some points to investigate, use OpenC2 "investigate" command to instantiate and execute a Kestrel hunt-flow, then harvest results for further reasoning or response actions.
Hello and welcome to the temple of cybersecurity. Now you are watching Streamlining and Automating Threat Hunting With Kestrel - Black Hat 2022 published at September 12, 2022 at 08:18AM. For more hacking info and free hacking tutorials visit: https://ift.tt/kNho0Rb follow us on:
Youtube: https://www.youtube.com/channel/UCiu1SUqoBRbnClQ5Zh9-0hQ/
Whatsapp: https://ift.tt/CSItAad
Reddit: https://ift.tt/fizhdT7
Telegram: https://ift.tt/IsYyMu8
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/wKuknQA



Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news