Presented at
DEF CON 32 (2024),
Aug. 9, 2024, noon
(105 minutes).
Skynet is an AI project (just kidding.) It is meant to be a sort of unified theory of detection, enabling us to plot any detection artifact types on screen around an entity and decision them faster and more accurately. While plotting alert sets, attack trees, and kill chains has been done, for the presentation of alert sets and cases, we are planning to use graphing as the primary presentation, triage and decisioning mechanism, at scale, using a novel combination of heuristics and machine learning. It is an alert manager made by users, for users.
Presenters:
-
Craig Chamberlain
Craig Chamberlain has been working on threat hunting and detection for most of his life and has contributed to several SIEM-like products you may have used. Most of them had unnecessarily simple alert pages and workflow, which makes him sad, and this is his attempt to put things right. He has presented at numerous conferences including the SANS Threat Hunting Summit; RSA 2024; CactusCon; the ISC2 Congress; SOURCE Boston; and several B-Sides conferences in Washington DC, San Francisco, NoVA, Boston, and Rochester.
-
Rewanth Tammana
Rewanth Tammana is a security ninja, open-source contributor, and an independent consultant. Previously, Senior Security Architect at Emirates NBD National Bank of Dubai). He is passionate about DevSecOps, Cloud, and Container Security. He added 17,000+ lines of code to Nmap. Rewanth speaks and delivers training at numerous security conferences worldwide. He was recognized as one of the MVP researchers on Bugcrowd (2018), published an IEEE research paper on ML and security, and more.