SlideShare a Scribd company logo
1
BSides Jacksonville
16 Nov 2019
Threat Hunting with
the Elastic Stack
$whoami
Brandon DeVault
●
●
●
●
●
linkedin.com/in/brandondevault
@Oofles brandon.devault@elastic.co
@SolderSwag
3
Agenda
• Technology
• Threat Hunting
• Demo!
4
Elastic Stack Overview
5
SIEM & security analytics
thrive on search
Elastic is a search company
6
7
8
9
Store, Search, &
Analyze
Visualize &
Manage
Ingest
Elastic Stack
Elastic Stack
Kibana
Elasticsearch
Beats Logstash
10
Logstash
ETL for Elasticsearch
Ingest data of all shapes,
sizes, and sources
Parse and dynamically
transform data
Transport data to any
output
Secure and encrypt data
inputs
Build your own pipelines Lots of plugins
11
Beats
Lightweight data shippers
Ship data from the source
Ship and centralize in
Elasticsearch
Ship to Logstash for
transformation and parsing
Ship to Elastic Cloud Libbeat: API framework to
build custom beats 70+ community Beats
12
Elasticsearch
Distributed by design, scales horizontally
13
Kibana
Window into the Elastic Stack
Visualize and analyze Geospatial Customize and Share
Reports
Graph Exploration UX to secure and manage
the Elastic Stack
Build Custom Apps
14
Core of ROCK
●
●
●
●
●
16
What is ROCK?
Yeah, but what’s
in it?
17
Zeek (Bro) Network Security Monitor
• Analyzes network data and creates a session log
• Uses the terms Originator and Responder
‒ originator ≠ source
‒ responder ≠ destination
• Used to construct full timeline of events
• See the bigger picture
18
Threat Hunting
19
Why are we doing this?
Make. Them. Pay.
Jason Batchelor
20
21
23
24
Aperture
Precise, Targeted ...errr Collection
26
What could possibly go wrong?
- Every live demo ever...
27
Web : www.elastic.co
Demos: demo.elastic.co
Products : https://www.elastic.co/products
Forums : https://discuss.elastic.co/
Community :
https://www.elastic.co/community/meetups
Twitter : @elastic
Thank you!

More Related Content

What's hot

How to run Elasticsearch on Azure in just a few minutes
How to run Elasticsearch on Azure in just a few minutesHow to run Elasticsearch on Azure in just a few minutes
How to run Elasticsearch on Azure in just a few minutes
Christoph Wurm
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
Edureka!
 
Análisis del roadmap del Elastic Stack
Análisis del roadmap del Elastic StackAnálisis del roadmap del Elastic Stack
Análisis del roadmap del Elastic Stack
Elasticsearch
 
Elastic at Procter & Gamble: A Network Story
Elastic at Procter & Gamble: A Network StoryElastic at Procter & Gamble: A Network Story
Elastic at Procter & Gamble: A Network Story
Elasticsearch
 
Logging, Metrics, and APM: The Operations Trifecta (P)
Logging, Metrics, and APM: The Operations Trifecta (P)Logging, Metrics, and APM: The Operations Trifecta (P)
Logging, Metrics, and APM: The Operations Trifecta (P)
Elasticsearch
 
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Edureka!
 
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsBetter Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
Elasticsearch
 
Elasticsearch and the Database Market
Elasticsearch and the Database MarketElasticsearch and the Database Market
Elasticsearch and the Database Market
ObjectRocket
 
Logging, indicateurs et APM : le trio gagnant pour des opérations réussies
Logging, indicateurs et APM : le trio gagnant pour des opérations réussiesLogging, indicateurs et APM : le trio gagnant pour des opérations réussies
Logging, indicateurs et APM : le trio gagnant pour des opérations réussies
Elasticsearch
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic Stack
Elasticsearch
 
Monitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stackMonitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stack
SmartWave
 
FIWARE Global Summit - QuantumLeap: Time-series and Geographic Queries
FIWARE Global Summit - QuantumLeap: Time-series and Geographic QueriesFIWARE Global Summit - QuantumLeap: Time-series and Geographic Queries
FIWARE Global Summit - QuantumLeap: Time-series and Geographic Queries
FIWARE
 
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Elasticsearch
 
Community day ppt_kinesisv1.0
Community day ppt_kinesisv1.0Community day ppt_kinesisv1.0
Community day ppt_kinesisv1.0
Sridevi Murugayen
 
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elasticsearch
 
Elastic at KPN
Elastic at KPNElastic at KPN
Elastic at KPN
Elasticsearch
 
Migrating a legacy logging system: Etsy’s journey to Elastic Cloud
Migrating a legacy logging system: Etsy’s journey to Elastic CloudMigrating a legacy logging system: Etsy’s journey to Elastic Cloud
Migrating a legacy logging system: Etsy’s journey to Elastic Cloud
Elasticsearch
 
Quick Intro to Google Cloud Technologies
Quick Intro to Google Cloud TechnologiesQuick Intro to Google Cloud Technologies
Quick Intro to Google Cloud Technologies
Chris Schalk
 
Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box
Elasticsearch
 
Protecting Your Cluster from Your Humans
Protecting Your Cluster from Your HumansProtecting Your Cluster from Your Humans
Protecting Your Cluster from Your Humans
Elasticsearch
 

What's hot (20)

How to run Elasticsearch on Azure in just a few minutes
How to run Elasticsearch on Azure in just a few minutesHow to run Elasticsearch on Azure in just a few minutes
How to run Elasticsearch on Azure in just a few minutes
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
 
Análisis del roadmap del Elastic Stack
Análisis del roadmap del Elastic StackAnálisis del roadmap del Elastic Stack
Análisis del roadmap del Elastic Stack
 
Elastic at Procter & Gamble: A Network Story
Elastic at Procter & Gamble: A Network StoryElastic at Procter & Gamble: A Network Story
Elastic at Procter & Gamble: A Network Story
 
Logging, Metrics, and APM: The Operations Trifecta (P)
Logging, Metrics, and APM: The Operations Trifecta (P)Logging, Metrics, and APM: The Operations Trifecta (P)
Logging, Metrics, and APM: The Operations Trifecta (P)
 
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
 
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsBetter Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
 
Elasticsearch and the Database Market
Elasticsearch and the Database MarketElasticsearch and the Database Market
Elasticsearch and the Database Market
 
Logging, indicateurs et APM : le trio gagnant pour des opérations réussies
Logging, indicateurs et APM : le trio gagnant pour des opérations réussiesLogging, indicateurs et APM : le trio gagnant pour des opérations réussies
Logging, indicateurs et APM : le trio gagnant pour des opérations réussies
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic Stack
 
Monitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stackMonitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stack
 
FIWARE Global Summit - QuantumLeap: Time-series and Geographic Queries
FIWARE Global Summit - QuantumLeap: Time-series and Geographic QueriesFIWARE Global Summit - QuantumLeap: Time-series and Geographic Queries
FIWARE Global Summit - QuantumLeap: Time-series and Geographic Queries
 
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
 
Community day ppt_kinesisv1.0
Community day ppt_kinesisv1.0Community day ppt_kinesisv1.0
Community day ppt_kinesisv1.0
 
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
 
Elastic at KPN
Elastic at KPNElastic at KPN
Elastic at KPN
 
Migrating a legacy logging system: Etsy’s journey to Elastic Cloud
Migrating a legacy logging system: Etsy’s journey to Elastic CloudMigrating a legacy logging system: Etsy’s journey to Elastic Cloud
Migrating a legacy logging system: Etsy’s journey to Elastic Cloud
 
Quick Intro to Google Cloud Technologies
Quick Intro to Google Cloud TechnologiesQuick Intro to Google Cloud Technologies
Quick Intro to Google Cloud Technologies
 
Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box
 
Protecting Your Cluster from Your Humans
Protecting Your Cluster from Your HumansProtecting Your Cluster from Your Humans
Protecting Your Cluster from Your Humans
 

Similar to BSides JAX 2019 - Threat Hunting with the Elastic Stack

Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
Vikram Shinde
 
Serverless data lake architecture
Serverless data lake architectureServerless data lake architecture
Serverless data lake architecture
Maik Wiesmüller
 
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
Timothy Spann
 
Splunk @ Adobe
Splunk @ AdobeSplunk @ Adobe
Splunk @ Adobe
Splunk
 
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkówPLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PROIDEA
 
ELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learnedELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learned
Tin Le
 
Data in Motion: Building Stream-Based Architectures with Qlik Replicate & Kaf...
Data in Motion: Building Stream-Based Architectures with Qlik Replicate & Kaf...Data in Motion: Building Stream-Based Architectures with Qlik Replicate & Kaf...
Data in Motion: Building Stream-Based Architectures with Qlik Replicate & Kaf...
HostedbyConfluent
 
Examining OpenData with a Search Index using Elasticsearch
Examining OpenData with a Search Index using ElasticsearchExamining OpenData with a Search Index using Elasticsearch
Examining OpenData with a Search Index using Elasticsearch
FaithWestdorp
 
The Great Lakes: How to Approach a Big Data Implementation
The Great Lakes: How to Approach a Big Data ImplementationThe Great Lakes: How to Approach a Big Data Implementation
The Great Lakes: How to Approach a Big Data Implementation
Inside Analysis
 
Take an Analytics-driven Approach to Container Performance with Splunk for Co...
Take an Analytics-driven Approach to Container Performance with Splunk for Co...Take an Analytics-driven Approach to Container Performance with Splunk for Co...
Take an Analytics-driven Approach to Container Performance with Splunk for Co...
Docker, Inc.
 
Semplificare l'analisi dei dati con architetture "Serverless": architetture e...
Semplificare l'analisi dei dati con architetture "Serverless": architetture e...Semplificare l'analisi dei dati con architetture "Serverless": architetture e...
Semplificare l'analisi dei dati con architetture "Serverless": architetture e...
Amazon Web Services
 
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
Getting value from IoT, Integration and Data Analytics
 
Introducing Open Distro for Elasticsearch - ADB201 - New York AWS Summit
Introducing Open Distro for Elasticsearch - ADB201 - New York AWS SummitIntroducing Open Distro for Elasticsearch - ADB201 - New York AWS Summit
Introducing Open Distro for Elasticsearch - ADB201 - New York AWS Summit
Amazon Web Services
 
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
Timothy Spann
 
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
Timothy Spann
 
Webinar: Rearchitecting Storage for the Next Wave of Splunk Data Growth
Webinar: Rearchitecting Storage for the Next Wave of Splunk Data GrowthWebinar: Rearchitecting Storage for the Next Wave of Splunk Data Growth
Webinar: Rearchitecting Storage for the Next Wave of Splunk Data Growth
Storage Switzerland
 
Architecting Data Lakes on AWS
Architecting Data Lakes on AWSArchitecting Data Lakes on AWS
Architecting Data Lakes on AWS
Sajith Appukuttan
 
Regina Pison - Elastic - OSL19
Regina Pison - Elastic - OSL19Regina Pison - Elastic - OSL19
Regina Pison - Elastic - OSL19
marketingsyone
 
"Building a Modern Data platform in the Cloud", Alex Casalboni, AWS Dev Day K...
"Building a Modern Data platform in the Cloud", Alex Casalboni, AWS Dev Day K..."Building a Modern Data platform in the Cloud", Alex Casalboni, AWS Dev Day K...
"Building a Modern Data platform in the Cloud", Alex Casalboni, AWS Dev Day K...
Provectus
 
Data Con LA 2018 - A tale of two BI standards: Data warehouses and data lakes...
Data Con LA 2018 - A tale of two BI standards: Data warehouses and data lakes...Data Con LA 2018 - A tale of two BI standards: Data warehouses and data lakes...
Data Con LA 2018 - A tale of two BI standards: Data warehouses and data lakes...
Data Con LA
 

Similar to BSides JAX 2019 - Threat Hunting with the Elastic Stack (20)

Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
 
Serverless data lake architecture
Serverless data lake architectureServerless data lake architecture
Serverless data lake architecture
 
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
 
Splunk @ Adobe
Splunk @ AdobeSplunk @ Adobe
Splunk @ Adobe
 
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkówPLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
 
ELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learnedELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learned
 
Data in Motion: Building Stream-Based Architectures with Qlik Replicate & Kaf...
Data in Motion: Building Stream-Based Architectures with Qlik Replicate & Kaf...Data in Motion: Building Stream-Based Architectures with Qlik Replicate & Kaf...
Data in Motion: Building Stream-Based Architectures with Qlik Replicate & Kaf...
 
Examining OpenData with a Search Index using Elasticsearch
Examining OpenData with a Search Index using ElasticsearchExamining OpenData with a Search Index using Elasticsearch
Examining OpenData with a Search Index using Elasticsearch
 
The Great Lakes: How to Approach a Big Data Implementation
The Great Lakes: How to Approach a Big Data ImplementationThe Great Lakes: How to Approach a Big Data Implementation
The Great Lakes: How to Approach a Big Data Implementation
 
Take an Analytics-driven Approach to Container Performance with Splunk for Co...
Take an Analytics-driven Approach to Container Performance with Splunk for Co...Take an Analytics-driven Approach to Container Performance with Splunk for Co...
Take an Analytics-driven Approach to Container Performance with Splunk for Co...
 
Semplificare l'analisi dei dati con architetture "Serverless": architetture e...
Semplificare l'analisi dei dati con architetture "Serverless": architetture e...Semplificare l'analisi dei dati con architetture "Serverless": architetture e...
Semplificare l'analisi dei dati con architetture "Serverless": architetture e...
 
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
 
Introducing Open Distro for Elasticsearch - ADB201 - New York AWS Summit
Introducing Open Distro for Elasticsearch - ADB201 - New York AWS SummitIntroducing Open Distro for Elasticsearch - ADB201 - New York AWS Summit
Introducing Open Distro for Elasticsearch - ADB201 - New York AWS Summit
 
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
 
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
 
Webinar: Rearchitecting Storage for the Next Wave of Splunk Data Growth
Webinar: Rearchitecting Storage for the Next Wave of Splunk Data GrowthWebinar: Rearchitecting Storage for the Next Wave of Splunk Data Growth
Webinar: Rearchitecting Storage for the Next Wave of Splunk Data Growth
 
Architecting Data Lakes on AWS
Architecting Data Lakes on AWSArchitecting Data Lakes on AWS
Architecting Data Lakes on AWS
 
Regina Pison - Elastic - OSL19
Regina Pison - Elastic - OSL19Regina Pison - Elastic - OSL19
Regina Pison - Elastic - OSL19
 
"Building a Modern Data platform in the Cloud", Alex Casalboni, AWS Dev Day K...
"Building a Modern Data platform in the Cloud", Alex Casalboni, AWS Dev Day K..."Building a Modern Data platform in the Cloud", Alex Casalboni, AWS Dev Day K...
"Building a Modern Data platform in the Cloud", Alex Casalboni, AWS Dev Day K...
 
Data Con LA 2018 - A tale of two BI standards: Data warehouses and data lakes...
Data Con LA 2018 - A tale of two BI standards: Data warehouses and data lakes...Data Con LA 2018 - A tale of two BI standards: Data warehouses and data lakes...
Data Con LA 2018 - A tale of two BI standards: Data warehouses and data lakes...
 

More from Brandon DeVault

grrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdfgrrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdf
Brandon DeVault
 
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Brandon DeVault
 
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdfLes Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Brandon DeVault
 
Tracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdfTracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdf
Brandon DeVault
 
Log4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdfLog4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdf
Brandon DeVault
 
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdfTracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Brandon DeVault
 
Level up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdfLevel up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdf
Brandon DeVault
 
Log4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdfLog4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdf
Brandon DeVault
 
Log4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdfLog4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdf
Brandon DeVault
 
Handling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdfHandling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdf
Brandon DeVault
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your network
Brandon DeVault
 

More from Brandon DeVault (11)

grrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdfgrrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdf
 
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
 
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdfLes Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
 
Tracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdfTracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdf
 
Log4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdfLog4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdf
 
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdfTracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
 
Level up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdfLevel up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdf
 
Log4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdfLog4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdf
 
Log4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdfLog4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdf
 
Handling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdfHandling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdf
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your network
 

Recently uploaded

JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 

Recently uploaded (20)

JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 

BSides JAX 2019 - Threat Hunting with the Elastic Stack