Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hunt and Gather - Developing Effective Threat Hunting Techniques

RSA Conference via YouTube

Overview

Explore effective threat hunting techniques in this 40-minute RSA Conference talk by Tim Bandos, CISO of Digital Guardian. Learn how to stay ahead of hackers through innovative strategies, including application shimming, attack MITRE framework, and Windows admin shares analysis. Discover prerequisites for successful threat hunting, gain insights into system perspectives, and understand how to hunt for lateral movement, network connections, and web shells. Delve into advanced techniques like shim cache hunting, building custom dashboards, and creating proactive signatures. Acquire practical tips to plan, develop, and execute your own threat hunting techniques, leveraging free utilities and best practices shared by an experienced threat hunting team.

Syllabus

Intro
Agenda
What is Threat Hunting
What does it all require
Choosing a model
Application shimming
Attack Miter Framework
Prerequisites
Where do we begin
System perspective
Hunting signature
Account creation
Windows Admin Shares
Windows Event Logs
Executable Launch from Extracted Archive
Job Impression
Hunting Time
Hunting Lateral Movement
Hunting Network Connections
Hunting Web Shells
Advanced Threat Hunting
shim cache hunting
build a hunting dashboard
be proactive
create a dashboard
create custom signatures
download the free utilities
wrap up

Taught by

RSA Conference

Reviews

Start your review of Hunt and Gather - Developing Effective Threat Hunting Techniques

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.