Showing posts with label threat hunting. Show all posts
Showing posts with label threat hunting. Show all posts

Discover the secrets of a SOC and how to build a Threat Hunting team




Discover the secrets of a SOC with Simon Crocker Cisco SOC Advisory Services Lead EMEAR, and how to build a Threat Hunting team with Martin Lee Manager, Talos Outreach EMEA & Asia at Cisco. Speech was given at Cisco Live Barcelona 2020.


Para mas visita: https://sectemple.blogspot.com/

Dragos Threat Hunting Webinar




Six Steps to Effective ICS Threat Hunting
Watch how to apply a 6-step ICS threat hunting model to real-world threat hunting scenarios. 
Sponsored by Dragos and The SANS Institute
Presented by Dan Gunter, Dragos Director of R&D
Marc Seitz, Dragos Industrial Hunter, Threat Operations
Tim Conway, SANS Technical Director



Para mas visita: https://sectemple.blogspot.com/

Hunt and Gather: Developing Effective Threat Hunting Techniques




Tim Bandos, CISO, Digital Guardian Results-driven threat hunting requires a revolving door of strategies and techniques to stay one step ahead of hackers. This session will showcase several techniques taken from the book of one threat hunting team that demonstrates the need for constant innovation. The session will provide tips for infosec experts to plan, develop, and execute effective threat hunting techniques of their own.


Para mas visita: https://sectemple.blogspot.com/

Cyber Threat Hunting Level 1 | Chris Brenton | August 2021




Find Lab Instructions Here: https://www.activecountermeasures.com/cyber-threat-hunting-training-course/

Training Begins - 00:33:51

Hands-on Labs - 03:18:20


Para mas visita: https://sectemple.blogspot.com/

FIAP ON | MBA - Threat Hunting: Análise de Malware em Documentos






Para mas visita: https://sectemple.blogspot.com/

LOGRHYTHM Presentación - Threat Hunting Automation with LogRhythm




Threat Hunting Automation with LogRhythm
 
Una de los principales diferenciales entre un SOC convencional y uno de siguiente generación es realizar Threat Hunting, a veces se percibe como "una herramienta"... sin embargo son técnicas que cuando se adecúan a una herramienta poderosa entregan resultados increíbles, permitiendo detectar y responder de una manera real y objetiva a las amenazas.
 
 
Lo invitamos a:

-Conocer qué es Threat Hunting (Caza de Amenazas) y sus beneficios.

-Desmitificar su complejidad y los términos de marketing a su alrededor.

-Automatizar los procesos de detección y respuesta con una de las mejores plataformas para realizar Threat Hunting (The LogRhythm Security Intelligence Platform).

-Adicionar estas técnicas a su día a día con miras a visibilidad de indicadores de COVID-19.


Para mas visita: https://sectemple.blogspot.com/

Cyber Threat Hunting: Web Shell Hunting Overview | packtpub.com




This video tutorial has been taken from Cyber Threat Hunting. You can learn more and buy the full video course here [https://bit.ly/2UNQ3GJ]

Find us on Facebook -- http://www.facebook.com/Packtvideo
Follow us on Twitter - http://www.twitter.com/packtvideo


Para mas visita: https://sectemple.blogspot.com/

Taller Threat Hunting - Parte 4




Edición del Video: Tatiana Perez
Contacto: https://mypublicinbox.com/MasterTan0s
Sitio Web: https://secpro.co
Twitter: @davidpereiracib


Para mas visita: https://sectemple.blogspot.com/

Threat Hunting — Demystified




Presenter: Ashish Thapar, Managing Principal, Verizon

Threat hunting as a term is often misunderstood and misused in the general cybersecurity fraternity. In the world of unknown unknowns, it is important that ‘threat hunting’ is evaluated and implemented as an effective cyber-defence strategy to keep the adversaries at bay.


Para mas visita: https://sectemple.blogspot.com/

Threat Hunting Workshop 101 with Advanced Data Sets




In this workshop we go deep into the data sets in RiskIQ PassiveTotal. Traditional data sets Whois, PassiveDNS, DNS, Hashes, Subdomains, and OSINT (open source Intelligence) only go so far in investigations. RiskIQ Advanced data sets Certificates, Trackers, Host Pairs, Web Components, Cookies, Services, Reverse DNS fill in the gaps and allow for Threat Hunters to infrastructure chain for a single indicator to illuminate the entire threat infrastructure. In this workshop Benjamin Powell is Joined by Alexandra Munk go through every data set and their benefits in investigations.


Para mas visita: https://sectemple.blogspot.com/

El mundo del Threat Hunting en la actualidad




DOJOConf 2021 | Conferencia de Ciberseguridad y Tecnología, es una conferencia bajo el sello #comunidaddojo, organizada por la Fundación Comunidad DOJO con el objetivo de incentivar el aprendizaje y buenas prácticas.


Para mas visita: https://sectemple.blogspot.com/

Masterclass: Threat Hunting & DFIR




Te invitamos a disfrutar esta masterclass sobre ciberseguridad “Threat Hunting & DFIR”, impartida por Cristobal Martinez Martin, Auditor Junior II en Deloitte España.

A través de esta sesión podrás conocer la importancia del Threat Hunting, es decir, el proceso de búsqueda proactiva a través de las redes para que una empresa detecte y aísle amenazas avanzadas, capaces de eliminar las soluciones de seguridad.  El Threat Hunting suple lo que las herramientas más tradicionales no pueden detectar.

"Es el proceso de búsqueda proactiva e interactiva a través de redes para detectar y erradicar amenazas avanzadas que evaden las soluciones de seguridad existentes."

"A diferencia del resto de aproximaciones de la seguridad defensiva, en el threat hunting no se espera a la fase de impacto para ir a buscar la amenaza (reactividad), en lugar de eso se considera que la organización no es segura y puede estar infectada implementando técnicas de detección de amenazas que localicen antes de la fase de exfiltración/impacto (proactividad)."

Índice de contenidos:
- ¿Qué es el threat hunting?
- ¿Por qué el threat hunting es importante?
- Ciclo del threat hunting.
- La pirámide del dolor.
- Mitre ATT&CK Framework.
- Principios del Threat Hunter.
- ¿Cómo me hago Threat Hunter?
- Threat hunting Practical Cycle.
- ¿Qué es el Digital Forensics & Incident Response (DFIR)?
- Ciclo de la respuesta ante incidentes.
- Gestión de incidentes.
- Adquisición de datos.
- Triage.
- Análisis de RAM.
- Demo time.



Para mas visita: https://sectemple.blogspot.com/

Cyber Threat Hunting | Chris Brenton | October 2020 | 4 Hours




Join the Threat Hunting Community on Discord: https://discord.gg/tbQBAzT
Slides & VM: https://www.activecountermeasures.com...
0:00:00 - PreShow Banter™ — Tales of Great Ambitions
0:16:47 - Chris Crowley Plugs His UpComing SOC Class (https://soc-class.com/)
0:21:32 - Meet the ACM Teams
0:26:45 - This is the Way : The Path to Threat Hunting Carriers
0:29:34 - FEATURE PRESENTATION: Network Cyber Threat Hunter Training
0:34:43 - How We Try To Catch Bad Guys
0:38:12 - Limitations of Logging
0:50:52 - Threat Intel Feeds?
0:55:50 - What Should Threat Hunting Be?
1:01:04 - Starting With the Network
1:14:40 - What to Look For
1:18:51 - Keeping Score
1:21:57 - Blind Spots to C2 Targeting
1:24:13 - C2 Detection
1:28:36 - Bad Guys V Red Teams
1:31:00 - Long Connections
1:39:53 - Bro V Zeek?
1:43:31 - Zeek Has a Timeout Problem
1:49:49 - Anyway, Here’s Firewalls
1:50:45 - Beacons!
1:59:06 - False Positives? Unexpected Results?
2:17:15 - Destination IP Address
2:19:55 - Internal Systems
2:21:27 - Event ID Type 3
2:23:07 - Passer
2:25:44 - C2 Detection Tools
2:43:31 - C2 Labs
2:46:17 - LAB: Find Long Connections
3:02:50 - LAB: Investigate Long-Talkers
3:10:36 - LAB: Beacons By Session Size
3:31:25 - LAB: C2 Over DNS
3:39:11 - LABS Again, But With RITA
3:49:46 - AI Hunter
3:53:55 - That’s All, Folks

Chris Crowley's SOC class:
https://soc-class.com/

**This session will have updated labs and content that was not included in past trainings!

Chris Brenton from Active Countermeasures is conducting another free, one-day, Cyber Threat Hunting Training online course!

One of the biggest challenges in security today is identifying when our protection tools have failed and a threat actor has made it onto our network. 

In this free, 4-hour course, we will cover how to leverage network and host data to perform a cyber threat hunt. 

The focus will be on processes and techniques that can be used to protect:
- Desktops
- Servers
- Network gear
- IIoT
- BYOD system

The course includes hands-on labs using packet captures of various command and control channels. 

We also discuss how you can use our new Sysmon tool BeaKer to detect attacks on the host with Sysmon... for free!

The labs enable you to apply what you've learned using various open-source tools. 

By the end of the course, you’ll understand the tools and techniques needed to perform compromise assessments within your own environment. While the course will be available later for download, live attendees will receive a "Cyber Security Threat Hunter Level-1" certificate.


Why are we doing it? Cyber threat hunting is a relatively new discipline. As an industry, we are still formulating standards and procedures. We want to do our part by giving back to the security community. We are hoping that by sharing what we've learned we can help spark new ideas and threat hunting tools. Let's build a community and solve these problems together.


Para mas visita: https://sectemple.blogspot.com/