Purpose Driven Hunt - What Do I Do With All This Data

Purpose Driven Hunt - What Do I Do With All This Data

via YouTube Direct link

Collection Requirements -Enumerate Logon Sessions

12 of 16

12 of 16

Collection Requirements -Enumerate Logon Sessions

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Purpose Driven Hunt - What Do I Do With All This Data

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Problems with the Generic Hunt Process
  3. 3 Hypothesis driven hunting benefits Focuses data collection efforts - Provides a specific goal for the hunt team • Helps eliminate analysis paralysis
  4. 4 MITRE Cyber Attack Lifecycle
  5. 5 Procedures - In the detailed information of each technique specific examples or threats are included as available Not all procedures represented, large and growing set of data
  6. 6 Identify the Tactie & Technique
  7. 7 Identify Collection Requirements
  8. 8 Identify the Scope - Two factors for scope
  9. 9 Document Excluded Factors . What things were you unable to include in the hypothesis at each
  10. 10 Identify the Procedures - Technique. Pass the Ticket
  11. 11 Collection Requirements - Interact w/ Mimikatz to see effect on tickets Collect relevant data points
  12. 12 Collection Requirements -Enumerate Logon Sessions
  13. 13 Identify the Scope - Our Timeframe
  14. 14 Document Exeluded Factors - Credential Theft Attacks
  15. 15 Future Developments - Silver Ticket Detection
  16. 16 Resources

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.