Birthday Hunting

Presented at BSidesLV 2019, Aug. 7, 2019, 5 p.m. (25 minutes).

Just looking at your logs is extremely unappealing for many security analysts. This leaves specialized tools and scripts to do the analysis before anything is investigated. This leaves any threat actor with access to the tools at an advantage and you with tunnel vision. With the math presented here we show the odds of finding something is quite high for hunting and the effectiveness of $CYBER_ML_PRODUCT might be closer to a list of your assets picked at random.


Presenters:

  • Jack Burgess
    Trained physicist, now security data scientist, Jack has worked with companies large and small to enhance their capabilities through the practical application of analytics. Having led a number of Spark / Metron based security projects in Melbourne, New York, and Los Angeles working on distributed computing and infosec problems are passions followed very closely by talking about them.

Links:

Similar Presentations: