Modern Threat Hunting

Presented at Objective by the Sea version 6.0 (2023), Oct. 13, 2023, 11:25 a.m. (25 minutes).

Threat Hunting is one of the most popular techniques used by security analysts for all kinds of investigations. It is both science and, to some degree, inspiration. However, in the last years, the security industry has developed new tools and techniques that can dramatically improve the effectiveness and efficiency of our Threat Hunting. In particular, similarity and automatic Yara generation are key when dealing with large amounts of data. In this workshop, we will go through the process of Threat Hunting for MacOS and showcase how to leverage new techniques available for analysts to step our research up to the next level.

Presenters:

• Karl Hiramoto - Senior Software Engineer at VirusTotal
  Karl Hiramoto has been at VirusTotal since 2014 and is now a senior software engineer where he primarily focuses on sandboxing, a MacOS sandbox, IDS systems, and related infrastructure.

Links:

• https://objectivebythesea.org/v6/talks.html#Speaker_2
• https://www.youtube.com/watch?v=OVJOCn5E0Ss

Similar Presentations:

• GrrCON 2018 / Threat Hunting: the macOS edition
• Black Hat Europe 2017 / Accelerate the Hunt: Make Attackers’ Lives Harder with Effective Threat-Hunting
• Black Hat USA 2022 / The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting