MR-1011 Crawl, Monitor, Walk, Detect

Presented at Texas Cyber Summit 2019, Oct. 10, 2019, 3:30 p.m. (60 minutes)

As organizations combat threats across numerous vectors its forced defenders to rethink our tactics. Yes, attacks are crafty and slip past firewalls, SIEMS, and DLP solutions so why aren't we taking a more creative approach. We typically focus on incident response to drive detection and lessons learned to adjust monitoring. Let's discuss how to leverage incident response to foster successful threat hunting engagements. This session will demonstrate examples of tracing attacker movements, edging attackers out of your network, and creating countermeasures. The session will focus on important strategies, tools, and techniques to consider for your hunting engagements. We will highlight realities of the relationship between incident response and threat hunting, as well as provide real world examples of identifying attacker methodologies.

Presenters:

• O’Shea Bowens - Null Hat Security
  O'Shea Bowens is the founder and CEO of Null Hat Security. He enjoys solving problems and establishing programs in the areas of incident response, security operations, lets just say he's blue team for life. He founded Null Hat Security as he believes in personalized training with current and future defenders in order to fine tune skill sets and knowledge of threats for best response efforts. O'Shea is also the co-founder of "Intrusion Diversity System", a bi-monthly hosted cyber security podcast.

Links:

• https://texascybersummitii2019.sched.com/event/U8le/mr-1011-crawl-monitor-walk-detect

Similar Presentations:

• Black Hat Europe 2017 / Accelerate the Hunt: Make Attackers’ Lives Harder with Effective Threat-Hunting
• GrrCON 2013 / Cloud Incident Response
• Black Hat USA 2014 / The State of Incident Response