From The Trenches: Observations of and Tracking Actor Activity

Presented at RVAsec 2019, May 22, 2019, 3 p.m. (50 minutes)

EDR and threat hunting capabilities provide an unprecedented level of visibility into an infrastructure, and by extension, into malicious actor's behaviors and TTPs.  This capability extends well beyond what is available from OSINT collection and processing, as well as traditional IR, and provides the foundation for a strategic tracking process to truly take full advantage of what's available.  Not only can you track behaviors over time, but mapping the observed TTPs to the MITRE ATT&CK framework can provide valuable insights, and inform defensive measures.

Presenters:

• Harlan Carvey - CrowdStrike
  Harlan has spent over 2 decades in the info/cyber security field, most of which has been spent in DFIR. He is a prolific author and speaker.

Links:

• https://rvasec2019.sched.com/event/OAxf/from-the-trenches-observations-of-and-tracking-actor-activity

Similar Presentations:

• BSidesSF 2019 / Don't Boil the Ocean: Using MITRE ATT&CK to Guide Hunting Activity
• BSidesDC 2019 / Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK
• BSidesSF 2022 Rescheduled / Threat hunting: Using MITRE ATT&CK against Carbanak malware