April 7

Webinar Takeaway: How to Get Started in Cyber Threat Hunting

Security

0  comments

My key takeaways

  • responding to alerts, writing sig's, checking dashboards is reactionary; threat hunting is proactive
  • @TayandYou <- nice example of an AI being out of control
    • how can AI solve infosec problems, unless we have our processes right?
  • ThreatH process
    • start with the network and look for anomalies
    • suspect system? pivot to host logs
    • infected? full forensics
  • Much of threat hunting is identifying, if there is a business need for what you see; context matters

  • Threat intelligence is about knowing what is bad. Threat hunting is about finding this "bad" on your infrastructure. Digital Forensics is what happens after you found "bad" -- Pakiri@Discord

  • IT mindset vs security mindset
    • IT mindset: "where is the fire?"
    • Security mindset: "what's the story behind this?"
  • Scrum & Agile mindset fits well threat hunting: constant learning and improving
  • Threat hunters toolbox
  • A lot of DNS requests for a domain but no A record request? Suspicious!
  • Set Zeek TCP timeout to 4h to find long connections (how2)

Env

additional links

Tags

threathunting, webinar takeaway

You may also like

Webinar takeaway – Applying The Threat Hunter’s Runbook

My key takeaways threat hunting runbook Identify connection persistency Identify if there is a business need Protocol analysis Investigate external IP address Investigate internal IP address Threat hunting is stealthy only when in IR mode, the adversary should be allowed to notice we are after him set the TCP timeout from 5min to 1h in

Read More

Webinar takeaway – The Ins and Outs of RITA

My key takeaways RITA is made to detect beacons and long connections open source tool Signature based detection of malicious code is outdated Average detect time is over 6 month > 50% of compromised systems are detected by outsiders RITA is behaviour based Needs a bunch of pakets to work on min 1h, default 24h

Read More
Leave a Comment