SlideShare a Scribd company logo
1
Alamo ACE
19 Nov 2019
Threat Hunting with
the CVA/H
$whoami
Brandon DeVault
● Live in Jacksonville, FL
● 11 years: Florida Air National Guard
● AOC Mission Defense Team
● Former JCSE/JCU
● Perched / Elastic
linkedin.com/in/brandondevault
@Oofles brandon.devault@elastic.co
@SolderSwag
3
Agenda
• Technology
• Threat Hunting Methodology
• Demo!
• Hunt!!
4
Cyber Vulnerability
Assessment / Hunter
5
6
Server Kubernetes
Docker
Sensor
Zeek (Bro)
Google
Stenographer
Kibana
Elasticsearch
Logstash
7
Docker
8
Kubernetes
• Container Orchestration
‒ Automating Deployment
‒ Scaling
‒ Management
9
Elastic Stack Overview
10
SIEM & security analytics
thrive on search
Elastic is a search company
11
12
13
14
Store, Search, &
Analyze
Visualize &
Manage
Ingest
Elastic Stack
Elastic Stack
Kibana
Elasticsearch
Beats Logstash
15
Logstash
ETL for Elasticsearch
Ingest data of all shapes,
sizes, and sources
Parse and dynamically
transform data
Transport data to any
output
Secure and encrypt data
inputs
Build your own pipelines Lots of plugins
16
Beats
Lightweight data shippers
Ship data from the source
Ship and centralize in
Elasticsearch
Ship to Logstash for
transformation and parsing
Ship to Elastic Cloud Libbeat: API framework to
build custom beats 70+ community Beats
17
Elasticsearch
Distributed by design, scales horizontally
18
Kibana
Window into the Elastic Stack
Visualize and analyze Geospatial Customize and Share
Reports
Graph Exploration UX to secure and manage
the Elastic Stack
Build Custom Apps
19
Server Kubernetes
Docker
Sensor
Zeek (Bro)
Google
Stenographer
Kibana
Elasticsearch
Logstash
20
Apache kafka
• Distributed streaming platform
‒ old: batch
‒ new: streams
• Publish & Subscribe
21
Suricata
• Intrusion Detection System (IDS)
• Multithreaded
• Extended Snort Language
• Port-independent protocol detection
22
Zeek (Bro) Network Security Monitor
• Analyzes network data and creates a session log
• Uses the terms Originator and Responder
‒ originator ≠ source
‒ responder ≠ destination
• Used to construct full timeline of events
• See the bigger picture
2323
So CVA/H is unique, right?
24
25
The Hunting ELK (HELK)
26
27
Threat Hunting
28
Why are we doing this?
Make. Them. Pay.
Jason Batchelor
29
30
Let’s Discuss the Approach
Passive Active
3131
Why passive first?
32
33
Aperture
Precise, Targeted ...errr Collection
35
What could possibly go wrong?
- - Every live demo ever...
3636
WiFi: perched
Pass: training
http://192.168.2.11
05 Sep 2018
CAPTURE
THE
FLAG!
37
Web : www.elastic.co
Demos: demo.elastic.co
Products : https://www.elastic.co/products
Forums : https://discuss.elastic.co/
Community :
https://www.elastic.co/community/meetups
Twitter : @elastic
Thank you!

More Related Content

What's hot

JMeter入門
JMeter入門JMeter入門
JMeter入門
Satoshi Takami
 
Breaking the cyber kill chain!
Breaking the cyber kill chain!Breaking the cyber kill chain!
Breaking the cyber kill chain!
Nahidul Kibria
 
Security Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlSecurity Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access control
Kohei KaiGai
 
ProxySQL - High Performance and HA Proxy for MySQL
ProxySQL - High Performance and HA Proxy for MySQLProxySQL - High Performance and HA Proxy for MySQL
ProxySQL - High Performance and HA Proxy for MySQL
René Cannaò
 
分散DB Apache Kuduのアーキテクチャ DBの性能と一貫性を両立させる仕組み 「HybridTime」とは
分散DB Apache KuduのアーキテクチャDBの性能と一貫性を両立させる仕組み「HybridTime」とは分散DB Apache KuduのアーキテクチャDBの性能と一貫性を両立させる仕組み「HybridTime」とは
分散DB Apache Kuduのアーキテクチャ DBの性能と一貫性を両立させる仕組み 「HybridTime」とは
Cloudera Japan
 
Installing & Configuring IBM Domino 9 on CentOS
Installing & Configuring IBM Domino 9 on CentOSInstalling & Configuring IBM Domino 9 on CentOS
Installing & Configuring IBM Domino 9 on CentOS
Devin Olson
 
Module 8 System Hacking
Module 8   System HackingModule 8   System Hacking
Module 8 System Hacking
leminhvuong
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker Containers
Deep Shankar Yadav
 
Postgresql Database Administration- Day3
Postgresql Database Administration- Day3Postgresql Database Administration- Day3
Postgresql Database Administration- Day3
PoguttuezhiniVP
 
[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性
[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性
[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性
ikeyat
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active Directory
Will Schroeder
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
Splunk
 
ProstgreSQLFailoverConfiguration
ProstgreSQLFailoverConfigurationProstgreSQLFailoverConfiguration
ProstgreSQLFailoverConfiguration
Suyog Shirgaonkar
 
Bulk Loading into Cassandra
Bulk Loading into CassandraBulk Loading into Cassandra
Bulk Loading into Cassandra
Brian Hess
 
Suricata
SuricataSuricata
Suricata
tex_morgan
 
Registry Forensics
Registry ForensicsRegistry Forensics
Registry Forensics
Somesh Sawhney
 
MySQL 8.0 achitecture and enhancement
MySQL 8.0 achitecture and enhancementMySQL 8.0 achitecture and enhancement
MySQL 8.0 achitecture and enhancement
lalit choudhary
 
Setting up mongodb sharded cluster in 30 minutes
Setting up mongodb sharded cluster in 30 minutesSetting up mongodb sharded cluster in 30 minutes
Setting up mongodb sharded cluster in 30 minutes
Sudheer Kondla
 
ClickHouse tips and tricks. Webinar slides. By Robert Hodges, Altinity CEO
ClickHouse tips and tricks. Webinar slides. By Robert Hodges, Altinity CEOClickHouse tips and tricks. Webinar slides. By Robert Hodges, Altinity CEO
ClickHouse tips and tricks. Webinar slides. By Robert Hodges, Altinity CEO
Altinity Ltd
 
Windows MSCS 운영 및 기타 설치 가이드
Windows MSCS 운영 및 기타 설치 가이드Windows MSCS 운영 및 기타 설치 가이드
Windows MSCS 운영 및 기타 설치 가이드
CheolHee Han
 

What's hot (20)

JMeter入門
JMeter入門JMeter入門
JMeter入門
 
Breaking the cyber kill chain!
Breaking the cyber kill chain!Breaking the cyber kill chain!
Breaking the cyber kill chain!
 
Security Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlSecurity Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access control
 
ProxySQL - High Performance and HA Proxy for MySQL
ProxySQL - High Performance and HA Proxy for MySQLProxySQL - High Performance and HA Proxy for MySQL
ProxySQL - High Performance and HA Proxy for MySQL
 
分散DB Apache Kuduのアーキテクチャ DBの性能と一貫性を両立させる仕組み 「HybridTime」とは
分散DB Apache KuduのアーキテクチャDBの性能と一貫性を両立させる仕組み「HybridTime」とは分散DB Apache KuduのアーキテクチャDBの性能と一貫性を両立させる仕組み「HybridTime」とは
分散DB Apache Kuduのアーキテクチャ DBの性能と一貫性を両立させる仕組み 「HybridTime」とは
 
Installing & Configuring IBM Domino 9 on CentOS
Installing & Configuring IBM Domino 9 on CentOSInstalling & Configuring IBM Domino 9 on CentOS
Installing & Configuring IBM Domino 9 on CentOS
 
Module 8 System Hacking
Module 8   System HackingModule 8   System Hacking
Module 8 System Hacking
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker Containers
 
Postgresql Database Administration- Day3
Postgresql Database Administration- Day3Postgresql Database Administration- Day3
Postgresql Database Administration- Day3
 
[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性
[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性
[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active Directory
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
 
ProstgreSQLFailoverConfiguration
ProstgreSQLFailoverConfigurationProstgreSQLFailoverConfiguration
ProstgreSQLFailoverConfiguration
 
Bulk Loading into Cassandra
Bulk Loading into CassandraBulk Loading into Cassandra
Bulk Loading into Cassandra
 
Suricata
SuricataSuricata
Suricata
 
Registry Forensics
Registry ForensicsRegistry Forensics
Registry Forensics
 
MySQL 8.0 achitecture and enhancement
MySQL 8.0 achitecture and enhancementMySQL 8.0 achitecture and enhancement
MySQL 8.0 achitecture and enhancement
 
Setting up mongodb sharded cluster in 30 minutes
Setting up mongodb sharded cluster in 30 minutesSetting up mongodb sharded cluster in 30 minutes
Setting up mongodb sharded cluster in 30 minutes
 
ClickHouse tips and tricks. Webinar slides. By Robert Hodges, Altinity CEO
ClickHouse tips and tricks. Webinar slides. By Robert Hodges, Altinity CEOClickHouse tips and tricks. Webinar slides. By Robert Hodges, Altinity CEO
ClickHouse tips and tricks. Webinar slides. By Robert Hodges, Altinity CEO
 
Windows MSCS 운영 및 기타 설치 가이드
Windows MSCS 운영 및 기타 설치 가이드Windows MSCS 운영 및 기타 설치 가이드
Windows MSCS 운영 및 기타 설치 가이드
 

Similar to Alamo ACE - Threat Hunting with CVAH

CircleCityCon - Threat Hunting with the Elastic Stack
CircleCityCon - Threat Hunting with the Elastic StackCircleCityCon - Threat Hunting with the Elastic Stack
CircleCityCon - Threat Hunting with the Elastic Stack
Brandon DeVault
 
BSides JAX 2019 - Threat Hunting with the Elastic Stack
BSides JAX 2019 - Threat Hunting with the Elastic StackBSides JAX 2019 - Threat Hunting with the Elastic Stack
BSides JAX 2019 - Threat Hunting with the Elastic Stack
Brandon DeVault
 
Sqrrl real time_big_data_20130411
Sqrrl real time_big_data_20130411Sqrrl real time_big_data_20130411
Sqrrl real time_big_data_20130411
Sqrrl
 
Research Automation for Data-Driven Discovery
Research Automationfor Data-Driven DiscoveryResearch Automationfor Data-Driven Discovery
Research Automation for Data-Driven Discovery
Globus
 
Research Automation for Data-Driven Discovery
Research Automation for Data-Driven DiscoveryResearch Automation for Data-Driven Discovery
Research Automation for Data-Driven Discovery
Ian Foster
 
Searching for Better Code: Presented by Grant Ingersoll, Lucidworks
Searching for Better Code: Presented by Grant Ingersoll, LucidworksSearching for Better Code: Presented by Grant Ingersoll, Lucidworks
Searching for Better Code: Presented by Grant Ingersoll, Lucidworks
Lucidworks
 
The Great Lakes: How to Approach a Big Data Implementation
The Great Lakes: How to Approach a Big Data ImplementationThe Great Lakes: How to Approach a Big Data Implementation
The Great Lakes: How to Approach a Big Data Implementation
Inside Analysis
 
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkówPLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PROIDEA
 
S016825 ibm-cos-nola-v1710d
S016825 ibm-cos-nola-v1710dS016825 ibm-cos-nola-v1710d
S016825 ibm-cos-nola-v1710d
Tony Pearson
 
CarolinaCon Presentation on Streaming Analytics
CarolinaCon Presentation on Streaming AnalyticsCarolinaCon Presentation on Streaming Analytics
CarolinaCon Presentation on Streaming Analytics
John Eberhardt
 
Leaving the Ivory Tower: Research in the Real World
Leaving the Ivory Tower: Research in the Real WorldLeaving the Ivory Tower: Research in the Real World
Leaving the Ivory Tower: Research in the Real World
ArmonDadgar
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
Greg Hanchin
 
Mobile arsenal
Mobile arsenalMobile arsenal
Mobile arsenal
Ackcent
 
Data as a Strategic Asset
Data as a Strategic AssetData as a Strategic Asset
Data as a Strategic Asset
TamrMarketing
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
Aurélie Henriot
 
Take an Analytics-driven Approach to Container Performance with Splunk for Co...
Take an Analytics-driven Approach to Container Performance with Splunk for Co...Take an Analytics-driven Approach to Container Performance with Splunk for Co...
Take an Analytics-driven Approach to Container Performance with Splunk for Co...
Docker, Inc.
 
Five Ways To Do Data Analytics "The Wrong Way"
Five Ways To Do Data Analytics "The Wrong Way"Five Ways To Do Data Analytics "The Wrong Way"
Five Ways To Do Data Analytics "The Wrong Way"
Discover Pinterest
 
AWS Summit 2013 | Singapore - Understanding AWS Storage Options
AWS Summit 2013 | Singapore - Understanding AWS Storage OptionsAWS Summit 2013 | Singapore - Understanding AWS Storage Options
AWS Summit 2013 | Singapore - Understanding AWS Storage Options
Amazon Web Services
 
Streaming ETL for Data Lakes using Amazon Kinesis Firehose - May 2017 AWS Onl...
Streaming ETL for Data Lakes using Amazon Kinesis Firehose - May 2017 AWS Onl...Streaming ETL for Data Lakes using Amazon Kinesis Firehose - May 2017 AWS Onl...
Streaming ETL for Data Lakes using Amazon Kinesis Firehose - May 2017 AWS Onl...
Amazon Web Services
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issues
Elasticsearch
 

Similar to Alamo ACE - Threat Hunting with CVAH (20)

CircleCityCon - Threat Hunting with the Elastic Stack
CircleCityCon - Threat Hunting with the Elastic StackCircleCityCon - Threat Hunting with the Elastic Stack
CircleCityCon - Threat Hunting with the Elastic Stack
 
BSides JAX 2019 - Threat Hunting with the Elastic Stack
BSides JAX 2019 - Threat Hunting with the Elastic StackBSides JAX 2019 - Threat Hunting with the Elastic Stack
BSides JAX 2019 - Threat Hunting with the Elastic Stack
 
Sqrrl real time_big_data_20130411
Sqrrl real time_big_data_20130411Sqrrl real time_big_data_20130411
Sqrrl real time_big_data_20130411
 
Research Automation for Data-Driven Discovery
Research Automationfor Data-Driven DiscoveryResearch Automationfor Data-Driven Discovery
Research Automation for Data-Driven Discovery
 
Research Automation for Data-Driven Discovery
Research Automation for Data-Driven DiscoveryResearch Automation for Data-Driven Discovery
Research Automation for Data-Driven Discovery
 
Searching for Better Code: Presented by Grant Ingersoll, Lucidworks
Searching for Better Code: Presented by Grant Ingersoll, LucidworksSearching for Better Code: Presented by Grant Ingersoll, Lucidworks
Searching for Better Code: Presented by Grant Ingersoll, Lucidworks
 
The Great Lakes: How to Approach a Big Data Implementation
The Great Lakes: How to Approach a Big Data ImplementationThe Great Lakes: How to Approach a Big Data Implementation
The Great Lakes: How to Approach a Big Data Implementation
 
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkówPLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
 
S016825 ibm-cos-nola-v1710d
S016825 ibm-cos-nola-v1710dS016825 ibm-cos-nola-v1710d
S016825 ibm-cos-nola-v1710d
 
CarolinaCon Presentation on Streaming Analytics
CarolinaCon Presentation on Streaming AnalyticsCarolinaCon Presentation on Streaming Analytics
CarolinaCon Presentation on Streaming Analytics
 
Leaving the Ivory Tower: Research in the Real World
Leaving the Ivory Tower: Research in the Real WorldLeaving the Ivory Tower: Research in the Real World
Leaving the Ivory Tower: Research in the Real World
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Mobile arsenal
Mobile arsenalMobile arsenal
Mobile arsenal
 
Data as a Strategic Asset
Data as a Strategic AssetData as a Strategic Asset
Data as a Strategic Asset
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
 
Take an Analytics-driven Approach to Container Performance with Splunk for Co...
Take an Analytics-driven Approach to Container Performance with Splunk for Co...Take an Analytics-driven Approach to Container Performance with Splunk for Co...
Take an Analytics-driven Approach to Container Performance with Splunk for Co...
 
Five Ways To Do Data Analytics "The Wrong Way"
Five Ways To Do Data Analytics "The Wrong Way"Five Ways To Do Data Analytics "The Wrong Way"
Five Ways To Do Data Analytics "The Wrong Way"
 
AWS Summit 2013 | Singapore - Understanding AWS Storage Options
AWS Summit 2013 | Singapore - Understanding AWS Storage OptionsAWS Summit 2013 | Singapore - Understanding AWS Storage Options
AWS Summit 2013 | Singapore - Understanding AWS Storage Options
 
Streaming ETL for Data Lakes using Amazon Kinesis Firehose - May 2017 AWS Onl...
Streaming ETL for Data Lakes using Amazon Kinesis Firehose - May 2017 AWS Onl...Streaming ETL for Data Lakes using Amazon Kinesis Firehose - May 2017 AWS Onl...
Streaming ETL for Data Lakes using Amazon Kinesis Firehose - May 2017 AWS Onl...
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issues
 

More from Brandon DeVault

grrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdfgrrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdf
Brandon DeVault
 
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Brandon DeVault
 
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdfLes Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Brandon DeVault
 
Tracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdfTracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdf
Brandon DeVault
 
Log4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdfLog4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdf
Brandon DeVault
 
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdfTracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Brandon DeVault
 
Level up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdfLevel up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdf
Brandon DeVault
 
Log4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdfLog4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdf
Brandon DeVault
 
Log4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdfLog4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdf
Brandon DeVault
 
Handling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdfHandling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdf
Brandon DeVault
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your network
Brandon DeVault
 

More from Brandon DeVault (11)

grrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdfgrrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdf
 
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
 
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdfLes Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
 
Tracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdfTracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdf
 
Log4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdfLog4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdf
 
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdfTracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
 
Level up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdfLevel up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdf
 
Log4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdfLog4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdf
 
Log4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdfLog4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdf
 
Handling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdfHandling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdf
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your network
 

Recently uploaded

Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 

Alamo ACE - Threat Hunting with CVAH