Completed
Hypothesis driven hunting benefits Focuses data collection efforts - Provides a specific goal for the hunt team • Helps eliminate analysis paralysis
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Purpose Driven Hunt - What Do I Do With All This Data
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Problems with the Generic Hunt Process
- 3 Hypothesis driven hunting benefits Focuses data collection efforts - Provides a specific goal for the hunt team • Helps eliminate analysis paralysis
- 4 MITRE Cyber Attack Lifecycle
- 5 Procedures - In the detailed information of each technique specific examples or threats are included as available Not all procedures represented, large and growing set of data
- 6 Identify the Tactie & Technique
- 7 Identify Collection Requirements
- 8 Identify the Scope - Two factors for scope
- 9 Document Excluded Factors . What things were you unable to include in the hypothesis at each
- 10 Identify the Procedures - Technique. Pass the Ticket
- 11 Collection Requirements - Interact w/ Mimikatz to see effect on tickets Collect relevant data points
- 12 Collection Requirements -Enumerate Logon Sessions
- 13 Identify the Scope - Our Timeframe
- 14 Document Exeluded Factors - Credential Theft Attacks
- 15 Future Developments - Silver Ticket Detection
- 16 Resources