Signatures are dead, or so we’re told. It’s true that many items that are shared as Indicators of Compromise (file names/paths/sizes/hashes and network IPs/Domains) are no longer effective. These rigid indicators break at the first attempt at evasion. Creating resilient detections that stand up to attempted evasion by dedicated attackers and researchers is challenging but possible with the right tools, visibility, and methodical approach. As part of FireEye’s Advanced Practices Team, we are tasked with creating resilient, high-fidelity detections that run across hundreds of environments and millions of endpoints. In this talk we will share insights on our processes and approaches to developing
detection – including practical examples derived from real-world attacks – that you will be able to apply across many common and open-source security tools.
Matthew Dunwoody (@matthewdunwoody), Principal Applied Security Researcher, FireEye/Mandiant
Daniel Bohannon (@danielhbohannon), Senior Applied Security Researcher, FireEye/Mandiant
Музыка
Фильмы
ТВ Шоу
Категории видео
