Overview
Syllabus
Intro
Agenda
What is Threat Hunting
What does it all require
Choosing a model
Application shimming
Attack Miter Framework
Prerequisites
Where do we begin
System perspective
Hunting signature
Account creation
Windows Admin Shares
Windows Event Logs
Executable Launch from Extracted Archive
Job Impression
Hunting Time
Hunting Lateral Movement
Hunting Network Connections
Hunting Web Shells
Advanced Threat Hunting
shim cache hunting
build a hunting dashboard
be proactive
create a dashboard
create custom signatures
download the free utilities
wrap up
Taught by
RSA Conference