Overview
Explore industrial control systems (ICS) and SCADA threat hunting techniques in this comprehensive conference talk from BSides Augusta 2016. Delve into the fundamentals of threat hunting, including its definition, the sliding scale of cybersecurity, and how to initiate a threat hunting program. Learn about hunting maturity and the threat hunting jawbreaker model. Discover methods for generating hypotheses using threat intelligence, situational awareness, and domain expertise specific to ICS environments. Examine real-world case studies from Ukraine, the UK, Norway, and a naval ship incident to understand common attack patterns. Gain practical insights on developing sample hypotheses and implementing effective threat hunting strategies in critical infrastructure environments.
Syllabus
Introduction
Jon Lavender
Threat Hunting
What is Threat Hunting
Sliding Scale of Cybersecurity
How to Get Started
Hunting Maturity
Threat Hunting Jawbreaker
How do we start
Generating hypotheses
Threat Intelligence Inspire Hypothesis
Situational Awareness Inspire Hypothesis
Demesne Expertise
ICS
Whats Wrong
Fake Case Studies
BTC Pipeline Attack
Cyberkill Chains
Case Study Ukraine
Case Study UK
Case Study Norway
Case Study Naval Ship
Sample Hypothesis
Recap
Giveaway