Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Summit schedule: http://www.sans.org/u/DuS
The Most Dangerous Game: Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
John Hubbard, SOC Manager, GlaxoSmithKline; Certified Instructor, SANS Institute
Modern cyber defense requires the mindset of “assume breach,” but with so much data generated by our networks and endpoints, how can we collect the information needed to identify attacks in an affordable way, let alone sort through it all? This talk will discuss the unique challenges of finding post-exploitation activity in our mountains of data and walk through using the open source Elastic Stack to identify the techniques enumerated in MITRE’s ATT&CK framework. Attendees will be given an overview of how to leverage the ATT&CK body of knowledge, options for data collection, and suggested rules and dashboards that specifically target finding post-exploitation activity. The goal of this talk is to arm defenders with industry-validated attack knowledge, and demonstrate how late-stage compromises can be identified and stopped before significant damage is caused.
Видео Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework канала SANS Institute
The Most Dangerous Game: Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
John Hubbard, SOC Manager, GlaxoSmithKline; Certified Instructor, SANS Institute
Modern cyber defense requires the mindset of “assume breach,” but with so much data generated by our networks and endpoints, how can we collect the information needed to identify attacks in an affordable way, let alone sort through it all? This talk will discuss the unique challenges of finding post-exploitation activity in our mountains of data and walk through using the open source Elastic Stack to identify the techniques enumerated in MITRE’s ATT&CK framework. Attendees will be given an overview of how to leverage the ATT&CK body of knowledge, options for data collection, and suggested rules and dashboards that specifically target finding post-exploitation activity. The goal of this talk is to arm defenders with industry-validated attack knowledge, and demonstrate how late-stage compromises can be identified and stopped before significant damage is caused.
Видео Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework канала SANS Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How To Use The Elastic Stack as a SIEM - John HubbardPutting MITRE ATT&CK™ into Action with What You Have, Where You Are presented by Katie NickelsHunting Cyber Threat Actors with TLS CertificatesZero-Trust Networks: The Future Is Here - SANS Blue Team Summit 2019Post-Exploit Threat Modeling with ATT&CKDIY DNS DFIR: You’re Doing it WRONG: Threat Hunting Summit 2016Threat Hunting via Sysmon - SANS Blue Team SummitUsing Zeek/Bro To Discover Network TTPs of MITRE ATT&CK™ Part 1QRadar and the MITRE Attack FrameworkOpenDev 10.2017 | Logging, security, and analytics on Azure with the Elastic StackMITRE ATT&CK Framework For Threat Hunting - Seth Brunt and Abby WarnesHack.lu 2017 Sigma - Generic Signatures for Log Events by Thomas PatzkeHow to Get Promoted: Developing Metrics to Show How Threat Intel Works - SANS CTI Summit 2019SOF ELK® A Free, Scalable Analysis Platform for Forensic, Incident Response, and Security OperationMITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate Your Data Analytics!ATT&CK Matrix: The Enemies PlaybookBuild it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018Splunk for Security Investigation: Command and Control AnalysisWhiteboard Wednesday: 3 Minutes on MITRE ATT&CK™