To Catch a Penetration Tester: Top SIEM Use Cases

Presented at DerbyCon 6.0 Recharge (2016), Sept. 23, 2016, 3 p.m. (50 minutes)

Every blue team should have a Chris Hansen for catching penetration testers! We surveyed multiple penetration testers and security professionals to collect the best and most useful SIEM detection use cases. The goal of the use cases is to detect a penetration tester/external attacker in a typical enterprise environment. The top use cases will be reviewed. This talk is designed to help blue teams mature their detection and SIEM programs.

Presenters:

• Peter Giannoutsos
• Ryan Voloch

Similar Presentations:

• ShmooCon XIV (2018) / This Is Not Your Grandfather's SIEM
• DEF CON 23 (2015) / I Hunt Penetration Testers: More Weaknesses in Tools and Procedures
• DEF CON 24 (2016) / Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools