Birthday Hunting

Presented at BSidesLV 2019, Aug. 7, 2019, 5 p.m. (25 minutes)

Just looking at your logs is extremely unappealing for many security analysts. This leaves specialized tools and scripts to do the analysis before anything is investigated. This leaves any threat actor with access to the tools at an advantage and you with tunnel vision. With the math presented here we show the odds of finding something is quite high for hunting and the effectiveness of $CYBER_ML_PRODUCT might be closer to a list of your assets picked at random.

Presenters:

• Jack Burgess
  Trained physicist, now security data scientist, Jack has worked with companies large and small to enhance their capabilities through the practical application of analytics. Having led a number of Spark / Metron based security projects in Melbourne, New York, and Los Angeles working on distributed computing and infosec problems are passions followed very closely by talking about them.

Similar Presentations:

• Black Hat USA 2022 / The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting
• Black Hat Europe 2017 / Accelerate the Hunt: Make Attackers’ Lives Harder with Effective Threat-Hunting