Explore the capabilities of ARTHIR, a modular framework for remote threat hunting and incident response, in this conference talk from OSDFCon 2021. Learn how to leverage PowerShell and Windows Remote Management to perform compromise assessments, configuration, containment, and other security activities across multiple target systems. Discover how ARTHIR improves upon the Kansa tool, offering enhanced functionality for remotely executing binaries and retrieving output. Understand the framework's integration with the MITRE ATT&CK Matrix, allowing users to map modules to specific tactics and techniques. Gain insights into the open-source nature of ARTHIR, including its GitHub repository, SLACK community, and opportunities for contribution. Explore the included modules, such as original Kansa and LOG-MD free edition components, and learn how to create custom modules. Presented by Michael Gough, a malware archaeologist and incident responder, this talk provides valuable information for blue team defenders and security professionals seeking to enhance their remote threat hunting capabilities.
ARTHIR - ATT&CK Remote Threat Hunting Incident Response Windows Tool
Overview
Syllabus
ARTHIR: ATT&CK Remote Threat Hunting Incident Response Windows Tool by Michael Gough [OSDFCon 2021]
Taught by
BasisTech
Related Courses
-
MITRE ATT&CK Defender™ ATT&CK® Threat Hunting
-
Advanced Threat Hunting and Incident Response
-
Threat Hunting with Windows Event Forwarding
-
Threat Hunting - Using MITRE ATT&CK Against Carbanak Malware
-
Don't Boil the Ocean - Using MITRE ATT&CK to Guide Hunting Activity
3.0 -
Introduction to ATT&CK Framework for Risk Managers and Threat Analysts
