In order to become a superhero, able to hunt for bad in your environment you first need some great powers. Starting blind, you need means to listen. I will introduce a modular Sysmon configuration to cover your Windows environment, mapped extensively to the ATT&CK framework. By using the ATT&CK framework as a basis for hunting the likelihood of catching at least part of the attackers trail is significantly increased.
To make use of this rich data source I will demonstrate a Threat Hunting application which will guide your investigation along all covered ATT&CK techniques.
This session will be held by Olaf Hartong. Olaf is a Defensive Specialist and security researcher at FalconForce. He specializes in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects. Olaf has presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences. Olaf is the author of various tools including ThreatHunting for Splunk, ATTACKdatamap and Sysmon-modular. He maintains a blog at https://olafhartong.nl.
I dette foredraget vil du få med deg veldig viktig verktøy og metoder for å finne kunne finne sårbarheter raskt i din infrastruktur!