Setting up an Opensource Threat Detection Program

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration)

Through the use of event detection monitoring and do it yourself monitoring techniques on a Linux Apache PHP MySQL stack, I will demonstrate how you can create different alarms and reporting surfaces that alert you when your application is being attacked. This case study will demonstrate the use of hacking tools as a defense strategy in a corporate network and will cover the story of the detection of insider threats from the internal application point of view. The entire presentation is a hands-on lab that can be used after the presentation as a guide for attendees to set up a Threat Detection program.

Presenters:

• Lance Buttars - Ingo Money
  Lance works as a software engineer in the payment industry developing software that transfers money between banking systems. He is a founding member of 801 Labs; a hackerspace located in Salt Lake City and is an active member of his local Defcon group DC801. Lance has a BS in Computer Science and a Master's Degree in Cybersecurity and Info Assurance.

Links:

• https://deepsec.net/archive/2019.deepsec.net/speaker.html#PSLOT423
• https://infocon.org/cons/DeepSec/DeepSec 2019/Setting Up an Opensource Threat Detection Program - Lance Buttars.mp4

Similar Presentations:

• BSidesLV 2023 / Open Source GitOps for Detection Engineering
• BSidesLV 2017 / Elastic-ing All the Things - Saving anything at elastic stack and having fun with detections
• DEF CON 18 (2010) / Open Source Framework for Advanced Intrusion Detection Solutions