Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework скачать в хорошем качестве

Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework

SANS Summit schedule: http://www.sans.org/u/DuS The Most Dangerous Game: Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework John Hubbard, SOC Manager, GlaxoSmithKline; Certified Instructor, SANS Institute Modern cyber defense requires the mindset of “assume breach,” but with so much data generated by our networks and endpoints, how can we collect the information needed to identify attacks in an affordable way, let alone sort through it all? This talk will discuss the unique challenges of finding post-exploitation activity in our mountains of data and walk through using the open source Elastic Stack to identify the techniques enumerated in MITRE’s ATT&CK framework. Attendees will be given an overview of how to leverage the ATT&CK body of knowledge, options for data collection, and suggested rules and dashboards that specifically target finding post-exploitation activity. The goal of this talk is to arm defenders with industry-validated attack knowledge, and demonstrate how late-stage compromises can be identified and stopped before significant damage is caused.