Threat Hunting With Splunk

Presented at A New HOPE (2022), July 23, 2022, 10 a.m. (50 minutes)

Splunk is "Google for log data" and it is the leader in network security monitoring. Learn how to find attackers, identify malware, and attribute attackers to real-world APT groups. You will use cloud servers running the free version of Splunk, with open-source network data from Splunk's "Boss of the SOC" contest. This workshop is structured as a CTF, so each participant can proceed at their own pace. The techniques will be briefly demonstrated, and tips will be provided along with help as needed to make sure everyone is able to solve at least some of the challenges. Participants only need a computer with a web browser.

Presenters:

• Irvin Lemus
  **Irvin Lemus** has been in the industry for more than ten years as an MSP technician, consultant, instructor, and coordinator. He is currently the cybersecurity professor at Cabrillo College in Santa Cruz, CA.
• Kaitlyn Handelman
  **Kaitlyn Handelman** is a security engineer and consultant, defending high-value networks professionally. She has extensive experience in aerospace, radio, and hardware hacking.
• Elizabeth Biddlecome
  **Elizabeth Biddlecome** is a consultant and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals.
• Sam Bowne
  **Sam Bowne** has been teaching computer networking and security classes at City College San Francisco since 2000. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies on topics including incident response and secure coding.

Links:

• https://scheduler.hope.net/new-hope/talk/8UYTVV/

Similar Presentations:

• BSidesDC 2017 / Intro to Splunk for Security Professionals (CLASS)
• SAINTCON 2019 / Threat Hunting with Splunk Training
• A New HOPE (2022) / Violent Python 3