F3. A Proven Method for Finding Targeted Attacks with Free and Open Source Tools
Thursday, May 10, 2018
11:15 AM - 12:15 PM
The difficulty of finding targeted attacks has made the cyber security industry quite wealthy, to be honest. Many venture capitalists and internal security teams are throwing money at this problem. Why is it so hard, then, to find the most nefarious attacks: the ones with a human behind the keyboard? Perhaps we're using the wrong data. And, perhaps we're too caught up in boiling the ocean instead of being aggressively focused in our defensive posture. I will show you how to find targeted, file-less attacks with free and open source tools and present a methodology that has discovered hundreds of targeted attacks worldwide.
After completing the session, learner will:
- Comprehend the value of endpoint process metadata
- Understand what a targeted attack hunting objective looks like in practice
- Learn how to hunt for lateral movement file-less attacks on Windows computers
Kris is the co-founder of Vector8, Inc. and has 15 years experience in leadership roles of security operations, incident response, digital forensics, signature development, indicator management, and tactical tool development within large enterprises. Kris has a passion for security orchestration, automation, and culture and applied related philosophies to lean-but-powerful security teams in the Air Force CERT, GE Aviation, CrowdStrike, and now Vector8.