Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Summit schedule: http://www.sans.org/u/DuS
The Most Dangerous Game: Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
John Hubbard, SOC Manager, GlaxoSmithKline; Certified Instructor, SANS Institute
Modern cyber defense requires the mindset of “assume breach,” but with so much data generated by our networks and endpoints, how can we collect the information needed to identify attacks in an affordable way, let alone sort through it all? This talk will discuss the unique challenges of finding post-exploitation activity in our mountains of data and walk through using the open source Elastic Stack to identify the techniques enumerated in MITRE’s ATT&CK framework. Attendees will be given an overview of how to leverage the ATT&CK body of knowledge, options for data collection, and suggested rules and dashboards that specifically target finding post-exploitation activity. The goal of this talk is to arm defenders with industry-validated attack knowledge, and demonstrate how late-stage compromises can be identified and stopped before significant damage is caused.
Видео Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework канала SANS Institute
The Most Dangerous Game: Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
John Hubbard, SOC Manager, GlaxoSmithKline; Certified Instructor, SANS Institute
Modern cyber defense requires the mindset of “assume breach,” but with so much data generated by our networks and endpoints, how can we collect the information needed to identify attacks in an affordable way, let alone sort through it all? This talk will discuss the unique challenges of finding post-exploitation activity in our mountains of data and walk through using the open source Elastic Stack to identify the techniques enumerated in MITRE’s ATT&CK framework. Attendees will be given an overview of how to leverage the ATT&CK body of knowledge, options for data collection, and suggested rules and dashboards that specifically target finding post-exploitation activity. The goal of this talk is to arm defenders with industry-validated attack knowledge, and demonstrate how late-stage compromises can be identified and stopped before significant damage is caused.
Видео Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework канала SANS Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How To Use The Elastic Stack as a SIEM - John Hubbard
Putting MITRE ATT&CK™ into Action with What You Have, Where You Are presented by Katie Nickels
Hunting Cyber Threat Actors with TLS Certificates
Zero-Trust Networks: The Future Is Here - SANS Blue Team Summit 2019
Post-Exploit Threat Modeling with ATT&CK
DIY DNS DFIR: You’re Doing it WRONG: Threat Hunting Summit 2016
Threat Hunting via Sysmon - SANS Blue Team Summit
Using Zeek/Bro To Discover Network TTPs of MITRE ATT&CK™ Part 1
QRadar and the MITRE Attack Framework
OpenDev 10.2017 | Logging, security, and analytics on Azure with the Elastic Stack
MITRE ATT&CK Framework For Threat Hunting - Seth Brunt and Abby Warnes
Hack.lu 2017 Sigma - Generic Signatures for Log Events by Thomas Patzke
How to Get Promoted: Developing Metrics to Show How Threat Intel Works - SANS CTI Summit 2019
SOF ELK® A Free, Scalable Analysis Platform for Forensic, Incident Response, and Security Operation
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate Your Data Analytics!
ATT&CK Matrix: The Enemies Playbook
Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018
Splunk for Security Investigation: Command and Control Analysis
Whiteboard Wednesday: 3 Minutes on MITRE ATT&CK™