My key takeaways
- carbon black was one of the first vendors as "black box flight recorder"
- mitr uses cobalt strike and power… to simulate attacks
- Good comparison: https://attackevals.mitre-engenuity.org/enterprise/evaluations.html?round=APT29
- container security: Wazuh can inspect docker containers, carbon black was working with VMware, not docker or kubernetes
- to start a hunt in velociraptor, hit the play button
Env
- Provided by BHIS
- Presenter: John Strand