Endgame Seattle Threat Hunting Workshop
Enterprises are battling targeted attacks. These attacks are 100% successful because they are well planned and resourced, are human driven, and have a level of sophistication that bypasses existing tools. Most of these targeted attackers use advanced stealth techniques such as memory injection, fileless behaviors, living off the land methods, persisting within the COM, etc. to hide in the network, making it difficult to find them.
Hunt and IR teams are tasked to search and eliminate these threats, often after the adversary is deeply entrenched in the network, leaving enterprises vulnerable to theft and disruption. Threat hunting is the proactive detection and elimination of threats without any prior knowledge or known indicators of compromise. The goal is to evict attackers out of enterprise network before any damage and loss occurs – and of course do this when you have no indicator of compromise!
Join SpecterOps' Adversary Detection Researcher, Roberto Rodriguez, and Endgame Sr. Threat Researchers, Devon Kerr and Paul Ewing, for a hands-on workshop over heavy hors d'oeuvres and drinks as you network with fellow hunters and learn:
- The foundation of hunting: Why IOC-based and alert-based hunting is not enough
- Hunting on the cheap: SYSMON, Logs, Network data
- Hunting at scale: Prevention, In-memory hunt, persistence hunt
- Measuring Success: Hunt metrics for organizations to measure value of your hunt program
Our next workshop is on Wednesday, December 6, 2017 in Seattle, WA. Register below.