SANS DFIR Summit 2022Speakers: Derek Ditch & Jessica David
Threat Hunting
Threat actors and red team members routinely use turnkey offensive security tools such as Cobalt Strike and other commodity malware to carry out intrusion campaigns and emulate adversary behavior. Many of these tools are designed to validate security detection capabilities, but in the wrong hands, can be configured to operate in an abusive way. These generic offensive platforms carry a wealth of information about the campaign configuration. As a defender, knowing this information can significantly equip you to dismantle malicious campaigns and proactively defend your network. This talk will focus on collecting memory segments from several malware families, extracting and parsing configurations, writing the data back into an open-source data analytic platform, and use cases on how defenders can use this data to impose costs on adversary activities and campaigns. The collection, extraction, parsing, and analysis will be accomplished by using open-source tools we have released to the community.
View upcoming Summits:
Download the presentation slides (SANS account required) at
Музыка
Фильмы
ТВ Шоу
Категории видео
