Hunting with LimaCharlie

Presented at Hackfest 2016, Nov. 4, 2016, 3:30 p.m. (Unknown duration)

LIMA CHARLIE (LC) is an Open Source, cross­platform endpoint security monitoring and mitigation solution focusing on detecting and prosecuting APTs. The endpoint sensors communicate in near­real time with a cloud software stack. Detection and monitoring capabilities are implemented mostly in the cloud and to a lesser extent in the sensor. By "going live" on the sensor, operators are also able to perform live investigations and mitigation.

LC focuses on providing quick detection capability development, easy integration with other industry products tighter detection­investigation cycles.

This talk with provide an overview of LC as a platform. A live portion will demonstrate a real­life scenario where an anomaly is detected, investigated, detection modules are generated and the threat is prosecuted.

LC is provided under Apache v2 license and can be found at: http://github.com/refractionpoint/limacharlie

Presenters:

• Nadia Vigneault
  Maxime currently works for Google. His career has been centered around advanced computer attacks. He worked for the Canadian Intelligence apparatus in functions ranging from development of cyber defence technologies through Counter Computer Network Exploitation and Counter Intelligence. Maxime led the creation of an advanced cyber security program for the Canadian government and received several Director's awards for his service. Leaving the government, Maxime provided direct help to private and public organisations in matters of cyber defence, working at CrowdStrike and eventually co­founding Arcadia, architecting advanced cyber defense solutions. For the past few years Maxime has also been providing analysis and guidance to major Canadian media organisations.
• Sylvain Desharnais
  Maxime currently works for Google. His career has been centered around advanced computer attacks. He worked for the Canadian Intelligence apparatus in functions ranging from development of cyber defence technologies through Counter Computer Network Exploitation and Counter Intelligence. Maxime led the creation of an advanced cyber security program for the Canadian government and received several Director's awards for his service. Leaving the government, Maxime provided direct help to private and public organisations in matters of cyber defence, working at CrowdStrike and eventually co­founding Arcadia, architecting advanced cyber defense solutions. For the past few years Maxime has also been providing analysis and guidance to major Canadian media organisations.

Links:

• https://hackfest.ca/en/2016/speakers2016/#maxime
• https://infocon.org/cons/Hackfest/Hackfest 8 2016/Hackfest 2016 - Maxime Lamothe-Brassard presented - Hunting with LimaCharlie.mp4
• https://www.youtube.com/watch?v=SUwSCC7oJYA

Similar Presentations:

• BSidesLV 2023 / Open Source GitOps for Detection Engineering
• May Contain Hackers (MCH2022) / Sensor.Community - Global Open Environmental Data Platform
• DEF CON 18 (2010) / Open Source Framework for Advanced Intrusion Detection Solutions