Tales from the Network Threat Hunting Trenches & AI Hunter Demo скачать в хорошем качестве

Tales from the Network Threat Hunting Trenches & AI Hunter Demo

Join us in the Black Hills InfoSec Discord server here:   / discord   to keep the security conversation going! Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- https://www.blackhillsinfosec.com/ 00:00 - Introduction 01:25 - Problem Statement 03:41 - Consistencies 07:43 - Set-Up 09:28 - Why Bro 11:40 - Rita is at the Heart 16:50 - VSAgent 17:30 - DNSCat 17:57 - Ads 20:12 - Round Robin Malware Beaconing 21:44 - Connection to DoD 25:40 - Question: AWS 27:35 - Lesson 30:57 - Blacklisting 32:09 - What to Look For 34:40 - Note on Porn 35:58 - When Good Sites Go Bad 39:15 - Spyware 41:27 - Compromised Servers 43:38 - Crypto Mining 45:24 - Online Resource: IP/URL Void 46:08 - Online Resource: BGP/ASN Ranking 46:55 - Online Resource: Shodan 47:36 - Online Resource: PunkSPIDER 48:48 - Conclusions and Questions 50:47 - Q: What Happened to John Strand vs John Strand 52:20 - Q: Is Rita Modular 54:00 - Q: More on Rita 57:18 - Active Countermeasures - BHIS Product 01:01:38 - Deployment Options 01:03:12 - Demo and Questions 01:21:40 - Pricing and Other Questions Description: In this webcast John walks through a couple of cool things we've found useful in some recent network hunt teams. He also shares some of our techniques and tools (like RITA) that we use all the time to work through massive amounts of data. There are lots of awesome websites that can greatly increase the effectiveness of your in network threat hunting. For those interested, after the webcast we show off our new commercial threat hunting tool, AI Hunter. We are currently looking for Beta testers who have span ports ready to fire and possibly are already using Bro. The demo is after the hour of free tools and techniques. Free stuff, intermission, then the demo. We won't spam you afterwards about the product, promise. Slides available here: https://www.blackhillsinfosec.com/web... Black Hills Infosec Socials Twitter:   / bhinfosecurity   Mastodon: https://infosec.exchange/@blackhillsi... LinkedIn:   / antisyphon-training   Discord:   / discord   Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.mysh... Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/ser... Penetration Testing: https://www.blackhillsinfosec.com/ser... Incident Response: https://www.blackhillsinfosec.com/ser... Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pa... Live Training: https://www.antisyphontraining.com/co... On Demand Training: https://www.antisyphontraining.com/on... Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube:    / wildwesthackinfest   Active Countermeasures YouTube:    / activecountermeasures   Antisyphon Training YouTube:    / antisyphontraining   Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/ #bhis #infosec