NetflOSINT- Taking an Often-Overlooked Data Source and Operationalizing It - Joe Gray - Hack in Paris

Explore the often-overlooked potential of Netflow data in network forensics through this 42-minute conference talk from Hack in Paris. Dive into the world of NetflOSINT as Joe GRAY, an experienced security threat hunting and intelligence engineer, demonstrates how to operationalize this valuable data source. Learn about extracting Netflow data from PCAPs, enabling more efficient statistical and in-depth analysis. Discover tools and techniques for leveraging Netflow information in cybersecurity investigations, including compression, filtering, and analysis methods. Gain insights into the advantages of Netflow over traditional packet captures and explore related products like IPFIX. Follow along as GRAY showcases practical demonstrations using tools such as SiLK, SoftElk, and Jupiter, and understand how to apply concepts like standard deviation in threat hunting scenarios. Whether you're a seasoned cybersecurity professional or new to network forensics, this talk offers valuable knowledge to enhance your investigative capabilities and broaden your understanding of often-underutilized data sources in the field.