Cyber Threat Hunting: Identify and Hunt Down Intruders

•Download as PPTX, PDF•

1 like•771 views

View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd View companion webinar: "Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series. Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders. The webinar covers: - The job duties of a Cyber Threat Hunting professional - Frameworks and strategies for Cyber Threat Hunting - How to get started and progress your defensive security career - And questions from live viewers! Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/

Technology

● InfoSec Institute webinars are a great way to earn
CPEs
● Certificates of completion are available upon
request: infosecinstitute.com/cpe
● CPE eligibility requirements vary by certifying body.
Learn more: infosecinstitute.com/cpe-requirements
Looking for CPEs?

Meet Your Speakers
Jeremy Martin
Senior Security Researcher
InfoSec Institute Instructor
Camille DuPuis
Moderator
InfoSec Institute

Overview: Red Team vs. Blue Team
What is a Blue Team?
A Blue Team is a group of
subject matter experts that
ensures the defensive security
measures put in place are
effective. Cyber Threat Hunters
are members of a Blue Team
focused on finding, assessing
and removing cyber threats.

The Emergence of Cyber Threat Hunters
A Shift in Mindset
100% prevention is impossible. Intruders will get in and can
go undiscovered for a months or longer (197-day avg. to
identify a breach, according to 2018 Ponemon survey)
Assumption of Breach
Need an active defense. Can’t rely on set-and-forget
security tools. Need to put on their sleuthing hats and
actively discover threats.

3 Essential Factors for Threat Hunting
The Hunter
What is the skill and
experience level of
the threat hunter?
The Tools
What tools are being
used to collect and
analyze the data?
The Data
What is the quality of
the collected data?
Prepare for the Hunt

Simple Threat Hunting Process
Collect and Process Data
Establish the Hypothesis
Hunt
Identify
Respond

Threat Hunting Methodologies
Analytics-Driven
-Uses models and frameworks
to structure data and avoid
biases
-Diamond Model of Intrusion
Analysis is one example
Awareness-Driven
-Focus most important assets,
information and locations
-Conduct a Crown Jewels
Analysis to prioritize
Intelligence-Driven
-Understanding TTPs via IOCs
-May result in alerts and log
entries that can be prioritized
for investigation
Creating a Hypothesis

What are You Hunting for?
Searching for Unusual Behavior
Indicators of Compromise (IOCs): Includes forensics data,
log files and other factors that can help identify potential
malicious activity that has already occurred
Indicators of Attack (IOAs): Similar to IOCs, but can help you
understand attacks in progress
Network-based Artifacts: Search for malware
communication and use tools such as session recording,
packet capture and network state monitoring
Host-based Artifacts: Search endpoints and look for
malware interaction within the registry, file system and
elsewhere
What You May Find
➢ Irregular traffic
➢ Misused protocols
➢ Port-application mismatches
➢ Web shells and other threats
➢ Irregularities in processes
➢ Registry and file system
changes
➢ Abnormal account activity
➢ Abnormal database read
volume
➢ And more ...

Understand Your Threat Hunting Maturity Level
HMM 0
Initial
HMM 1
Minimal
HMM 2
Procedural
HMM 3
Innovative
HMM 4
Leading
-Relies primarily on
automated alerting
-Little or no routine
data collection
-Incorporates
threat intelligence
indicator searches
-Moderate or high
level of routine
data collection
-Follows data
analysis
procedures created
by others
-High or very high
level of routine
data collection
-Creates new data
analysis
procedures
-High or very high
level of routine
data collection
-Automates
majority of
successful data
analysis
procedures
-High or very high
level of routine
data collection

Cyber Threat Hunting
Flex Pro boot camp:
➢ Learn to identify, hunt down and analyze
cyber threats
➢ Learn to use the Hunting Maturity Model to
measure your organization's threat hunting
capability
➢ Build an effective threat hunting solution
based on open-source tools
➢ Become a Certified Cyber Threat Hunting
Professional (CCTHP)
Why Train with InfoSec Institute

Free Hacking Toys when You Enroll
www2.infosecinstitute.com/gifts

Thank you for joining us!
infosecinstitute.com/cyber-threat-hunting/
708-274-7267

What's hot

Threat hunting 101 by Sandeep Singh

OWASP Delhi

The Information Security Community on LinkedIn, with the support of Cybereason, conducted a comprehensive online research project to gain more insight into the state of threat hunting in security operation centers (SOCs). When the 330 cybersecurity and IT professionals were asked what keeps them up at night, many comments revolved around a central theme of undetected threats slipping through an organization’s defenses. Many responses included “unknown” and “advanced” when describing threats, indicating the respondents understand the challenges and fear those emerging threats. Read the full report here.

Threat Hunting Report

Morane Decriem

Road map for actionable threat intelligence

abhisheksinghcs

Threat Hunting

Splunk

Threat Intelligence Workshop

Priyanka Aash

The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by. Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs. Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making. View to learn: --The difference between threat information and threat intelligence. --Available sources of intelligence and how to determine if they apply to your business. --Key steps for preparing to ingest threat information and turn it into intelligence. --How to derive useful data that helps you achieve your business goals. --Tools that are available to make collaboration easier.

6 Steps for Operationalizing Threat Intelligence

Sirius

How MITRE ATT&CK helps security operations

Sergey Soldatov

Threat hunting in cyber world

Akash Sarode

Threat Hunting with Splunk Hands-on

Splunk

Threat hunting for Beginners

SKMohamedKasim

Cyber Threat Intelligence | Information to Insight

Deep Shankar Yadav

Threat Intelligence 101 - Steve Lodin - Submitted

Steve Lodin

Threat Intelligence

Deepak Kumar (D3)

Cyber Threat Intelligence

ZaiffiEhsan

Cyber Threat Intelligence.pptx

AbimbolaFisher1

MITRE ATT&CK framework

Bhushan Gurav

In this virtual meetup of DNIF KONNNECT (04.04.2019), where the growing DNIF community connects, interacts, shares and helps each other to grow and learn about the latest in threat hunting and many more...this time we have Mr. Ankit Panchal from NSDL who shall demonstrate an end to end demo of how you can achieve security maturity. Learn more about DNIF KONNECT here - https://dnif.it/dnif-konnect.html Learn more about DNIF KONNECT here - https://dnif.it/dnif-konnect.html

Threat hunting and achieving security maturity

DNIF

With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program. This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.

MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...

MITRE - ATT&CKcon

PHDays 2018 Threat Hunting Hands-On Lab

Teymur Kheirkhabarov

Threat Intelligence & Threat research Sources

LearningwithRayYT

What's hot (20)

Threat hunting 101 by Sandeep Singh

Threat Hunting Report

Road map for actionable threat intelligence

Threat Hunting

Threat Intelligence Workshop

6 Steps for Operationalizing Threat Intelligence

How MITRE ATT&CK helps security operations

Threat hunting in cyber world

Threat Hunting with Splunk Hands-on

Threat hunting for Beginners

Cyber Threat Intelligence | Information to Insight

Threat Intelligence 101 - Steve Lodin - Submitted

Threat Intelligence

Cyber Threat Intelligence

Cyber Threat Intelligence.pptx

MITRE ATT&CK framework

Threat hunting and achieving security maturity

MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...

PHDays 2018 Threat Hunting Hands-On Lab

Threat Intelligence & Threat research Sources

Similar to Cyber Threat Hunting: Identify and Hunt Down Intruders

At the ISACA annual meeting, our presentation delved into diverse strategies aimed at empowering cybersecurity teams to elevate their cyber threat hunting capabilities within their organizational systems. Through a comprehensive exploration of innovative techniques, best practices, and emerging trends, we aimed to equip attendees with actionable insights to proactively identify and mitigate potential threats. By highlighting the significance of continuous improvement in threat hunting methodologies, we sought to contribute to the advancement of effective cybersecurity practices in a rapidly evolving digital landscape.

Enhancing Cyber threat hunting for your team | 2021

KharimMchatta

Deep Learning based Threat / Intrusion detection system

Affine Analytics

Cutting through the APT hype to help businesses prevent, detect and mitigate advanced threats. Sophisticated cyber-espionage operations aimed at pilfering trade secrets and other sensitive data from corporate networks currently present the biggest threat to businesses. Advanced threat actors ranging from nation-state adversaries to organized cyber-crime gangs are using zero-day exploits, customized malware toolkits and clever social engineering tricks to break into corporate networks, avoid detection, and steal valuable information over an extended period of time. In this presentation, we will cut through some of the hype surrounding Advanced Persistent Threats (APTs), explain the intricacies of these attacks and present recommendations to help you improve your security posture through prevention, detection and mitigation.

Cyber-Espionage: Understanding the Advanced Threat Landscape

Aaron White

Information Technology Security Basics

Mohan Jadhav

Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc

Cyber Threat Intelligence

Marlabs

Mis 1

Rohit Garg

Companies have enough to worry about from outsiders when it comes to cybersecurity. From stealthy hackers infiltrating their networks to criminal cyber-gangs stealing their data and government surveillance of their systems, security teams must be on their toes at all times. But the insider threat can be just as dangerous and sometimes harder to detect. According to the 2015 Insider Threat Spotlight Report, 62 per cent of security professionals are seeing a rise in insider attacks. While many of these are malicious attacks, they can also be unintentional breaches. The consequences, no matter the motivation, can be equally devastating.

The Inside Job: Detecting, Preventing and Investigating Data Theft

Case IQ

Minutes, hours, days - each one counts when responding to a security incident. Yet most firms have a lot of room for improvement. According to the 2013 Verizon Data Breach Investigations Report, in 66% of cases (up from 56% last year), breaches remained undiscovered for years, and in 22% of cases, it took months to fully contain the incident. This webinar will review the challenges firms face in trying to create a rapid and decisive incident response (IR) process. It will then highlight the crucial role that timely, contextual threat intelligence can play in turbo-charging incident response, particularly when tightly integrated with the broader IR discipline. Finally, it will reveal the power of this approach by demonstrating Co3's integrated threat intelligence capabilities including intel from industry-leader iSIGHT Partners.

How To Turbo-Charge Incident Response With Threat Intelligence

Resilient Systems

IT Executive Guide to Security Intelligence

thinkASG

Cyber Threat Hunting Workshop.pdf

ssuser4237d4

Cyber Threat Hunting Workshop.pdf

ssuser4237d4

Business Intelligence (BI) Tools For Computer Forensic

Dhiren Gala

data mining for security application

bharatsvnit

data mining for security application

bharatsvnit

1. introduction to cyber security

Animesh Roy

Cybersecurity risk assessments help organizations identify.pdf

TheWalkerGroup1

In today’s digitally interconnected world, the term “data breaches” has become all too familiar. Whether it’s a small-scale business or a multinational corporation, no organization is immune to its threat. These breaches can wreak havoc on a company’s finances, reputation, and customer trust. Understanding what they are, how they occur, and most importantly, how to prevent and respond to them, is paramount for businesses of all sizes.

Safeguarding Your Business: Understanding, Preventing, and Responding to Data...

cyberprosocial

Ethical hacking a licence to hack

amrutharam

Aujas incident management webinar deck 08162016

Karl Kispert

More information on this webcast: http://ow.ly/IyNdF Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid? Then you won't want to miss our next live demo, where AlienVault's security gurus Mark Allen & Garrett Gross will walk you through the steps of a system compromise, including how AlienVault USM detects these nefarious activities every step of the way. You'll learn: How attackers exploit vulnerabilities to take control of systems What they do next to find & exfiltrate valuable data How to catch them before the damage is done with AlienVault USM Using a real-world example of a common vulnerability, Mark will show you how USM gives you the evidence you need to stop an attack in its tracks.

How to Detect System Compromise & Data Exfiltration with AlienVault USM

AlienVault

Similar to Cyber Threat Hunting: Identify and Hunt Down Intruders (20)

Enhancing Cyber threat hunting for your team | 2021

Deep Learning based Threat / Intrusion detection system

Cyber-Espionage: Understanding the Advanced Threat Landscape

Information Technology Security Basics

Cyber Threat Intelligence

Mis 1

The Inside Job: Detecting, Preventing and Investigating Data Theft

How To Turbo-Charge Incident Response With Threat Intelligence

IT Executive Guide to Security Intelligence

Cyber Threat Hunting Workshop.pdf

Business Intelligence (BI) Tools For Computer Forensic

data mining for security application

1. introduction to cyber security

Cybersecurity risk assessments help organizations identify.pdf

Safeguarding Your Business: Understanding, Preventing, and Responding to Data...

Ethical hacking a licence to hack

Aujas incident management webinar deck 08162016

How to Detect System Compromise & Data Exfiltration with AlienVault USM

More from Infosec

Watch the full webinar here: https://www.infosecinstitute.com/webinar/aws-certified-devops-engineer-what-it-is-and-how-to-get-certified/ Cloud infrastructure is the backbone of many organizations and services, and DevOps engineers are the professionals tasked with ensuring those systems are responsive, available, scalable and secure. The AWS Certified DevOps Engineer – Professional certification validates your skills in provisioning, operating and managing distributed AWS cloud systems. Join us on March 27 at 11 a.m. Central to learn how this AWS certification can benefit your career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn: - What’s on the AWS Certified DevOps Engineer exam (DOP-C02) - Career paths AWS certification holders - Ways you can train and get certified - Plus Q&A from live attendees

AWS Certified DevOps Engineer: What it is and how to get certified

Infosec

Watch the webinar here: https://www.infosecinstitute.com/webinar/aws-certified-sysops-administrator/ As the AWS cloud market continues to expand, professionals are needed to administer those systems. AWS Certified Cloud Operations Administrator training prepares you to earn your AWS Certified SysOps Administrator certification — and validates your skills in deploying, managing and operating AWS workloads. Join us to learn how this AWS certification can benefit your IT and cybersecurity career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn: - What’s on the AWS Certified Cloud Operations/SysOps Administrator exam (SOA-C02) - Career paths AWS certification holders - Ways you can train and get certified

AWS Cloud Operations Administrator: What it is and how to get certified

Infosec

Watch the webinar: https://www.infosecinstitute.com/webinar/aws-certified-security---specialty-what-it-is-and-how-to-get-certified/ Cloud security skills are among the most in-demand in 2024, and if you work in the cloud, there’s a good chance it involves AWS. The AWS Certified Security - Specialty certification validates your skills in creating and implementing AWS cloud security solutions. Join us on March 13 at 11 a.m. Central to learn how this AWS certification can benefit your cybersecurity career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn: - What’s on the AWS Certified Security exam (SCS-C02) - Career paths AWS certification holders - Ways you can train and get certified - Plus Q&A from live attendees

AWS Certified Security - Specialty: What it is and how to get certified

Infosec

Watch the webinar here: https://www.infosecinstitute.com/webinar/aws-certified-solutions-architect-what-it-is-and-how-to-get-certified/ Amazon Web Services (AWS) is the market leader for cloud infrastructure, and the AWS Certified Solutions Architect – Associate certification validates your knowledge and skills in designing secure, resilient, high-performing and cost-optimized architectures. Join us to learn how this AWS certification can benefit your career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn: What’s on the AWS Certified Solutions Architect exam (SOA-C02) Career paths AWS certification holders Ways you can train and get certified This webcast is part of the Infosec AWS Training Series: https://www.infosecinstitute.com/resources/?q=aws&Type=Webcast+and+video

AWS Certified Solutions Architect Webinar.pptx

Infosec

Watch the webinar: https://www.infosecinstitute.com/webinar/infosec-and-aws-a-new-way-to-train-for-your-aws-certification/ Amazon Web Services (AWS) certifications are some of the most pursued in the IT and cybersecurity industry, by both employers and professionals. And now, there’s a new way to train for them with Infosec. Join us to learn about the new partnership between AWS and Infosec, making Infosec an authorized live boot camp training provider for AWS certifications. You’ll learn: - How AWS certification can boost your career - Which AWS certification is right for you - How the new AWS live boot camps will work - Plus Q&A from live attendees This webcast is part of the Infosec AWS Training Series: https://www.infosecinstitute.com/resources/?q=aws&Type=Webcast+and+video

Infosec and AWS - A new way to train for your AWS certification (1).pptx

Infosec

Watch the full webinar (and demo) here: https://www.infosecinstitute.com/webinar/how-chatgpt-and-ai-are-changing-cybersecurity-forever/ Artificial intelligence (AI) technologies are reshaping both how cybersecurity is done and how people learn cybersecurity. In this live demonstration, Infosec’s Keatron Evans will demonstrate how you can use ChatGPT to perform cybersecurity functions and teach yourself new skills — right now. Join us on February 23 at 11 a.m. Central to get a practical, hands-on approach around how to use AI for your cybersecurity needs. You’ll learn: - How malicious actors use AI tools like ChatGPT - Ways for cybersecurity professionals to get started with AI - How AI tools can help you learn quicker and better - Plus Q&A from live attendees

How AI and ChatGPT are changing cybersecurity forever.pptx

Infosec

Watch the webinar here: https://www.infosecinstitute.com/webinar/comptia-security-everything-you-need-to-know-about-the-sy0-701-update/ CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul! The updated exam (from SY0-601 to SY0-701) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends heading into 2024. Join Patrick Lane, Director of Certification Product Management at CompTIA, to learn how the Security+ certification is evolving so it remains the “go-to” certification for anyone trying to break into cybersecurity. You’ll learn about: - Evolving Security+ domain areas and job skills - Common job roles for Security+ holders - SY0-601 and SY0-701 exam timelines - Tips to pass the updated Security+ exam - Plus Security+ questions from live viewers

2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx

Infosec

Learn how to roll out a successful Cybersecurity Awareness Month program that boosts employee engagement all October (and beyond). Join Infosec’s Emma Waite and Camille Raymond to learn: - What employee-related risk data is needed to quantify success - How to communicate your NCSAM plans to stakeholders - The content and cadence appropriate to drive engagement - Creative ways organizations are celebrating NCSAM - How to continue the momentum after October

NCSAM 2023 Webinar.pptx

Infosec

Watch the webinar here: https://www.infosecinstitute.com/webinar/comptia-cysa-certification-changes-everything-you-need-to-know/ Information security analyst is one of the fastest-growing job categories in the U.S., with 35 percent overall growth expected by 2031. CompTIA’s Cybersecurity Analyst+ (CySA+) is one of the most popular certifications related to the role — and it’s getting an update in 2023 to align with the most in-demand knowledge and skills requested by employers. Join Patrick Lane, Director of Certification Product Management at CompTIA, to learn everything you need to know about the latest CySA+ certification and exam (CS0-003) updates, including: - Evolving security analyst job skills - Common job roles for CySA+ holders - What’s changed from CS0-002 to CS0-003 - Tips to pass the updated CySA+ exam - Plus CySA+ questions from live viewers

CompTIA CySA+ certification (CS0-003) changes: Everything you need to know

Infosec

Watch the full webinar here: https://event.on24.com/wcc/r/4125122/E0E3F3F43BABD48134E3909C4577F5EA Hiring skilled people is hard. Once you get them, you want to retain them — and increase their value to your customers. Save your spot to learn more about: - Challenges with getting and retaining internal talent - How better skillsets affect margin/profitability - Using Infosec Skills to attract highest-quality hires - Using Infosec Skills to upskill your internal team - Reselling Infosec Skills to your end-user

Skills training value: How to differentiate your staff and your organization ...

Infosec

Emotion and passion are the two most essential elements in understanding how people learn. Often, the initial response to security threats is throwing technology at the problem. But as we know, you can’t fix all of your security issues without understanding the role humans play in the process. Join Nick Shackleton-Jones — 30-year learning and development vet, Former CLO at Deloitte UK and CEO and Founder of Shackleton Consulting — to better understand: - The difference between learning and education - What really drives how employees learn - How to develop a growth mindset that truly changes employee behavior Watch the full webcast here: https://www.infosecinstitute.com/webinar/adult-learning-security/

Learning ≠ Education: How people really learn and what it means for security ...

Infosec

National Cybersecurity Awareness Month (NCSAM) is right around the corner. Now’s the time to level up your security awareness training program — and instill best practices in employees that will help keep them (and your organization) secure year-round. Join us to learn about the four key employee behaviors for NCSAM 2022. All registrants will receive a free Cybersecurity Awareness Month Toolkit, which includes: 1 training module & assessment 5 posters & infographics 1 employee presentation 4 email templates And more

Security awareness training - 4 topics that matter most

Infosec

As threat hunters, you already know staying ahead of the adversary demands a proactive approach to threat detection and response. Don your virtual threat hunting gear and join Infosec Principal Security Researcher Keatron Evans as he goes sleuthing for cyber threats. Join us for practical threat hunting insights and career recommendations, including: Threat hunting knowledge and skills to accelerate your career How to help clients navigate the threat hunting toolbox and prioritize technology investments Live demos of notoriously hard-to-detect adversarial behavior like memory-only malware and living-off-the-land techniques One lucky attendee will win a free year of Infosec Skills. Complete the form to save your seat! P.S. Don’t miss our novice-level threat hunting session: Threat hunting foundations: People, process and technology.

Join the hunt: Threat hunting for proactive cyber defense.pptx

Infosec

Ever wonder what threat hunting is all about? Join Infosec Principal Security Researcher Keatron Evans as he breaks down the basics of what it’s like to have a career hunting down potential cyber threats. Join us on for an inside look at a day in the life of a threat hunter, including: Why threat hunters are more critical today than ever before Knowledge and skills needed to drive threat hunting success Live demos of essential threat hunting skills and tools used to detect and mitigate adversarial behavior One lucky attendee will win a free year of Infosec Skills. Complete the form to save your seat! P.S. Want to go even deeper into threat hunting? Don’t miss our advanced threat hunting session on June 28, Join the hunt: Threat hunting for proactive cyber defense.

Threat hunting foundations: People, process and technology.pptx

Infosec

It’s been more than a decade since Marc Andreessen popularized the idea that “every company needs to become a software company.” But in 2022, just being a software company isn’t enough; you need to become a secure software company. That’s why Ted Harrington created a new Infosec Skills learning path based on his best-selling book, “Hackable: How to Do Application Security Right.” Whether you create code, secure systems or manage organizational risk, understanding application security has become a must-have skill. Join us to learn how to: Avoid common application security mistakes Implement best practices to secure software systems Create the business case for security as a competitive edge Plus, get your live questions answered by Ted Every registrant will get a free copy of Ted’s new ebook, “How to secure your software faster and better.”

How to do application security right

Infosec

The word privacy can have so many meanings. Whether personal, professional or procedural, privacy can be a state of being, an action that requires compliance or a created space of safety. Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year! The panel will discuss: Privacy as it relates to cybersecurity Privacy certifications that align with your career path Best practices for studying for IAPP certification exams Tips for getting experience in the field of privacy Interviewing for the privacy position you’ve been searching for Plus your live questions on privacy as a career

A public discussion about privacy careers: Training, certification and experi...

Infosec

Intrusion detection is a foundational skill for many cybersecurity careers. Learn how intrusion detection works in action in this live webcast. Then take these free intrusion detection system (IDS) tools and start building your skills. Join Infosec Skills author Mark Viglione on March 8 at 11 a.m. CST to learn all about: What is intrusion detection? How intrusion detection fits into different career paths Live demo of Zeek for log analysis Live demo of Elastic SIEM for incident response Plus your live intrusion detection and career questions

Learn intrusion detection: Using Zeek and Elastic for incident response

Infosec

Get started in cybersecurity in 2022

Infosec

CompTIA PenTest+: Everything you need to know about the exam

Infosec

CompTIA CASP+ | Everything you need to know about the new exam

Infosec

More from Infosec (20)

AWS Certified DevOps Engineer: What it is and how to get certified

AWS Cloud Operations Administrator: What it is and how to get certified

AWS Certified Security - Specialty: What it is and how to get certified

AWS Certified Solutions Architect Webinar.pptx

Infosec and AWS - A new way to train for your AWS certification (1).pptx

How AI and ChatGPT are changing cybersecurity forever.pptx

2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx

NCSAM 2023 Webinar.pptx

CompTIA CySA+ certification (CS0-003) changes: Everything you need to know

Skills training value: How to differentiate your staff and your organization ...

Learning ≠ Education: How people really learn and what it means for security ...

Security awareness training - 4 topics that matter most

Join the hunt: Threat hunting for proactive cyber defense.pptx

Threat hunting foundations: People, process and technology.pptx

How to do application security right

A public discussion about privacy careers: Training, certification and experi...

Learn intrusion detection: Using Zeek and Elastic for incident response

Get started in cybersecurity in 2022

CompTIA PenTest+: Everything you need to know about the exam

CompTIA CASP+ | Everything you need to know about the new exam

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

In this session, we will showcase how to revolutionize automated testing for your software, automation, and QA teams with UiPath Test Suite. In part 1 of UiPath test automation using UiPath Test Suite – developer series, we will cover, Software testing overview What is software testing Why software testing is required Typical test types and levels Continuous testing and challenges Introduction to UiPath Test Suite UiPath Test Suite family of products Speaker: Atul Trikha, Chief Technologist & Solutions Architect, Peraton and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 1

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

Discover the essentials of performance testing in the IT sector with our concise guide. Learn about various testing types such as load, stress, endurance, spike, scalability, and volume testing. Understand key performance metrics like response time, throughput, CPU and memory utilization, and error rate. Explore top tools like Apache JMeter, LoadRunner, Gatling, Neoload, and BlazeMeter. Gain insights into best practices for defining objectives, creating realistic scenarios, automating tests, and optimizing performance to ensure user satisfaction, reliability, scalability, and cost efficiency. Ideal for developers, QA engineers, and IT professionals. Visit Expeed Software for more information. https://expeed.com/

In-Depth Performance Testing Guide for IT Professionals

Expeed Software

New customer? New industry? New cloud? New team? A lot to handle! How to ensure the success of the project? Start it well! I've created the 3 areas of focus at the beginning of the project that helped me in multiple roles (BA, PO, and Consultant). Learn from real-world experiences and discover how these insights can empower you to deliver unparalleled value to your customers right from the project's start.

Powerful Start- the Key to Project Success, Barbara Laskowska

CzechDreamin

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

Ever caught yourself nodding along when someone mentions "delivering value" in Agile, but secretly wondering what the heck they actually mean? You're not alone! Join us for an eye-opening session where we'll strip away the buzzwords and dive into the heart of Agile—value delivery. But what is "value"? Is it a mythical unicorn in the world of software development, or is there more to this overused term? This isn't going to be a sit-and-get lecture. We're talking about a face-to-face, interactive meetup where YOU play a crucial role. Come along to: Define It: What does "value" really mean? We’ll build a definition that’s not just words, but a compass for your Agile journey. Contextualise It: Discover what value means specifically to you, your team, your company, and your industry. Because one size does not fit all. Deliver It: Share strategies and gather new ones for uncovering and delivering true value—no more shooting in the dark!

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

David Michel

We're living the AI revolution and Salesforce is adapting and bring new value to their customers. Einstein products are evolving rapidly and navigating their limitations, language support, and use cases can be challenging. Let's make review of what Einstein product are available currently, what are the capabilities and what can be used for in CEE region and how Rossie.ai can help to learn Salesforce speak Czech. We will explore the Einstein roadmap and I will make a short live demo (based on your vote) of some Einstein feature.

AI revolution and Salesforce, Jiří Karpíšek

CzechDreamin

This talk focuses on the practical aspects of integrating various telephony systems with Salesforce, drawing on examples from implementations in the Czech scene. It aims to inform attendees about the spectrum of telephony solutions available, from small to large scale, and their compatibility with Salesforce. The presentation will highlight key considerations for selecting a telephony provider that integrates smoothly with Salesforce, including important questions to support the decision-making process. It will also discuss methods for integrating existing telephony systems with Salesforce, aimed at companies contemplating or in the process of adopting this CRM platform. The discussion is designed to provide a straightforward overview of the steps and considerations involved in telephony and Salesforce integration, with an emphasis on functionality, compatibility, and the practical experiences of Czech companies.

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

CzechDreamin

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

You’ve heard good data matters in Machine Learning, but does it matter for Generative AI applications? Corporate data often differs significantly from the general Internet data used to train most foundation models. Join me for a demo on building an open source RAG (Retrieval Augmented Generation) stack using Milvus vector database for Retrieval, LangChain, Llama 3 with Ollama, Ragas RAG Eval, and optional Zilliz cloud, OpenAI.

Introduction to Open Source RAG and RAG Evaluation

Zilliz

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Already know how to write a basic SOQL query? Great! But what about an *aggregate* SOQL query? You know, the kind that uses aggregate functions like COUNT & MAX along with GROUP BY and HAVING clauses? No? Well, get ready to learn how to slice & dice your org’s data right inside your own dev console. From finding duplicate records to prototyping summary & matrix reports, learn the ins and outs of aggregate queries during this fast-paced but admin-friendly session on advanced SOQL concepts.

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

CzechDreamin

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

The standard Salesforce Approval process can be limiting in many ways, especially in complex scenarios. What if there was a way to implement very flexible approvals where one can use Apex code to make data updates in unrelated records, dynamically generate next steps details, and compute assignees on the fly? And still use UI-based configurations to implement concrete approval processes. In this session, we will share ideas behind such a solution and show a few lines of code to get you started.

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

CzechDreamin

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

UiPath Test Automation using UiPath Test Suite series, part 1

Connector Corner: Automate dynamic content and events by pushing a button

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Designing Great Products: The Power of Design and Leadership by Chief Designe...

In-Depth Performance Testing Guide for IT Professionals

Powerful Start- the Key to Project Success, Barbara Laskowska

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

AI revolution and Salesforce, Jiří Karpíšek

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

Search and Society: Reimagining Information Access for Radical Futures

Introduction to Open Source RAG and RAG Evaluation

ODC, Data Fabric and Architecture User Group

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

"Impact of front-end architecture on development cost", Viktor Turskyi

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

Cyber Threat Hunting: Identify and Hunt Down Intruders

1. Cyber Threat Hunting Identify and Hunt Down Intruders

2. ● InfoSec Institute webinars are a great way to earn CPEs ● Certificates of completion are available upon request: infosecinstitute.com/cpe ● CPE eligibility requirements vary by certifying body. Learn more: infosecinstitute.com/cpe-requirements Looking for CPEs?

3. Meet Your Speakers Jeremy Martin Senior Security Researcher InfoSec Institute Instructor Camille DuPuis Moderator InfoSec Institute

4. Overview: Red Team vs. Blue Team What is a Blue Team? A Blue Team is a group of subject matter experts that ensures the defensive security measures put in place are effective. Cyber Threat Hunters are members of a Blue Team focused on finding, assessing and removing cyber threats.

5. The Emergence of Cyber Threat Hunters A Shift in Mindset 100% prevention is impossible. Intruders will get in and can go undiscovered for a months or longer (197-day avg. to identify a breach, according to 2018 Ponemon survey) Assumption of Breach Need an active defense. Can’t rely on set-and-forget security tools. Need to put on their sleuthing hats and actively discover threats.

6. 3 Essential Factors for Threat Hunting The Hunter What is the skill and experience level of the threat hunter? The Tools What tools are being used to collect and analyze the data? The Data What is the quality of the collected data? Prepare for the Hunt

7. Simple Threat Hunting Process Collect and Process Data Establish the Hypothesis Hunt Identify Respond

8. Threat Hunting Methodologies Analytics-Driven -Uses models and frameworks to structure data and avoid biases -Diamond Model of Intrusion Analysis is one example Awareness-Driven -Focus most important assets, information and locations -Conduct a Crown Jewels Analysis to prioritize Intelligence-Driven -Understanding TTPs via IOCs -May result in alerts and log entries that can be prioritized for investigation Creating a Hypothesis

9. What are You Hunting for? Searching for Unusual Behavior Indicators of Compromise (IOCs): Includes forensics data, log files and other factors that can help identify potential malicious activity that has already occurred Indicators of Attack (IOAs): Similar to IOCs, but can help you understand attacks in progress Network-based Artifacts: Search for malware communication and use tools such as session recording, packet capture and network state monitoring Host-based Artifacts: Search endpoints and look for malware interaction within the registry, file system and elsewhere What You May Find ➢ Irregular traffic ➢ Misused protocols ➢ Port-application mismatches ➢ Web shells and other threats ➢ Irregularities in processes ➢ Registry and file system changes ➢ Abnormal account activity ➢ Abnormal database read volume ➢ And more ...

10. Understand Your Threat Hunting Maturity Level HMM 0 Initial HMM 1 Minimal HMM 2 Procedural HMM 3 Innovative HMM 4 Leading -Relies primarily on automated alerting -Little or no routine data collection -Incorporates threat intelligence indicator searches -Moderate or high level of routine data collection -Follows data analysis procedures created by others -High or very high level of routine data collection -Creates new data analysis procedures -High or very high level of routine data collection -Automates majority of successful data analysis procedures -High or very high level of routine data collection

11. Cyber Threat Hunting Flex Pro boot camp: ➢ Learn to identify, hunt down and analyze cyber threats ➢ Learn to use the Hunting Maturity Model to measure your organization's threat hunting capability ➢ Build an effective threat hunting solution based on open-source tools ➢ Become a Certified Cyber Threat Hunting Professional (CCTHP) Why Train with InfoSec Institute

12. Free Hacking Toys when You Enroll www2.infosecinstitute.com/gifts

13. Questions?

14. Thank you for joining us! infosecinstitute.com/cyber-threat-hunting/ 708-274-7267

Editor's Notes

Jeremy Martin is a Senior Security Researcher that has focused his profession around Red Team penetration testing, Computer Forensics, Open source Intelligence, and Cyber Warfare. Starting his career in 1995 Mr. Martin has worked with fortune 200 companies and Federal Government agencies, receiving a number of awards for service. Jeremy currently provides training and works with several governmental incident response and computer forensics departments. Outside consulting, he is an instructor, security researcher, published author, and speaks at security conferences around the world. Mr. Martin’s current research projects include vulnerability analysis, threat profiling, exploitation automation, anti-forensics, open source intelligence gathering, and reverse engineering malware. As an active member of the global Information Security and Assurance communities, Jeremy volunteers for the local ISSA and ACFEI chapters. He also holds several positions for internationally recognized organizations. In 2006-2012, he was elected as the President of the Open Information Systems Security Group (OISSG), while sitting on the Board of Directors for Denver’s InfraGard chapter. From 2005-2010, he has held a state coordinator position for the ACHEI Certified in Homeland Security division. Mr. Martin currently holds over 30 professional certifications.
If you’d like more information right away, you can head to infosecinstitute.com or call to speak with a rep about the course and the current promotion. If you have any other questions please direct them to info@infosecinstitute.com and we’ll be sure to get back to you soon.

Cyber Threat Hunting: Identify and Hunt Down Intruders

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Cyber Threat Hunting: Identify and Hunt Down Intruders

Similar to Cyber Threat Hunting: Identify and Hunt Down Intruders (20)

More from Infosec

More from Infosec (20)

Recently uploaded

Recently uploaded (20)

Cyber Threat Hunting: Identify and Hunt Down Intruders

Editor's Notes