From The Trenches: Observations of and Tracking Actor Activity

Presented at RVAsec 2019, May 22, 2019, 3 p.m. (50 minutes).

EDR and threat hunting capabilities provide an unprecedented level of visibility into an infrastructure, and by extension, into malicious actor's behaviors and TTPs.  This capability extends well beyond what is available from OSINT collection and processing, as well as traditional IR, and provides the foundation for a strategic tracking process to truly take full advantage of what's available.  Not only can you track behaviors over time, but mapping the observed TTPs to the MITRE ATT&CK framework can provide valuable insights, and inform defensive measures.

Presenters:

  • Harlan Carvey - CrowdStrike
    Harlan has spent over 2 decades in the info/cyber security field, most of which has been spent in DFIR. He is a prolific author and speaker.

Links:

Similar Presentations: