Completed
Procedures - In the detailed information of each technique specific examples or threats are included as available Not all procedures represented, large and growing set of data
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Purpose Driven Hunt - What Do I Do With All This Data
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Problems with the Generic Hunt Process
- 3 Hypothesis driven hunting benefits Focuses data collection efforts - Provides a specific goal for the hunt team • Helps eliminate analysis paralysis
- 4 MITRE Cyber Attack Lifecycle
- 5 Procedures - In the detailed information of each technique specific examples or threats are included as available Not all procedures represented, large and growing set of data
- 6 Identify the Tactie & Technique
- 7 Identify Collection Requirements
- 8 Identify the Scope - Two factors for scope
- 9 Document Excluded Factors . What things were you unable to include in the hypothesis at each
- 10 Identify the Procedures - Technique. Pass the Ticket
- 11 Collection Requirements - Interact w/ Mimikatz to see effect on tickets Collect relevant data points
- 12 Collection Requirements -Enumerate Logon Sessions
- 13 Identify the Scope - Our Timeframe
- 14 Document Exeluded Factors - Credential Theft Attacks
- 15 Future Developments - Silver Ticket Detection
- 16 Resources