NetflOSINT- Taking an Often-Overlooked Data Source and Operationalizing It - Joe Gray - Hack in Paris
Hack in Paris via YouTube
Overview
Explore the often-overlooked potential of Netflow data in network forensics through this 42-minute conference talk from Hack in Paris. Dive into the world of NetflOSINT as Joe GRAY, an experienced security threat hunting and intelligence engineer, demonstrates how to operationalize this valuable data source. Learn about extracting Netflow data from PCAPs, enabling more efficient statistical and in-depth analysis. Discover tools and techniques for leveraging Netflow information in cybersecurity investigations, including compression, filtering, and analysis methods. Gain insights into the advantages of Netflow over traditional packet captures and explore related products like IPFIX. Follow along as GRAY showcases practical demonstrations using tools such as SiLK, SoftElk, and Jupiter, and understand how to apply concepts like standard deviation in threat hunting scenarios. Whether you're a seasoned cybersecurity professional or new to network forensics, this talk offers valuable knowledge to enhance your investigative capabilities and broaden your understanding of often-underutilized data sources in the field.
Syllabus
Introduction
Why this talk
Agenda
Compression
Filtering
What is Netflow
Typical Netflow fields
Similar products
Pcaps vs Netflow
What you need
Flowing the path
Generating the CSV
Getting silk installed
Analysis methods
Free trial
Other tools
SoftElk
Thread Hunt
Jupiter
Jupiter demo
Two things that come to mind
Standard deviation
VPN
Taught by
Hack in Paris