BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:177d1429-ee5c-4a44-bca2-62768c696fd6
DTSTAMP:20260528T020359Z
SUMMARY:(Beginner) Threat Hunting with the Elastic Stack
DESCRIPTION:Title: (Beginner) Threat Hunting with the Elastic Stack\n\nDesc
 ription:\nThis hands-on workshop will walk you through leveraging the open
  source Elastic (ELK) stack to proactively identify attacker activity hidi
 ng within diverse data sets. The basic tools and techniques taught during 
 this workshop can be used to investigate isolated security incidents or im
 plemented at scale for continuous monitoring and threat hunting. You will 
 be provided with access to a preconfigured Elastic cluster and extensive s
 ample logs containing malicious endpoint and network events waiting to be 
 discovered on a simulated enterprise network. Emphasis will be placed on l
 ive demos and practical training exercises throughout.\n\nWith all new log
 s and revamped material from our past versions of this workshop\, this yea
 r's hands-on workshop will walk attendees through leveraging the open sour
 ce Elastic (ELK) stack to proactively identify malicious activity hiding w
 ithin diverse data sets. The basic tools and techniques taught during this
  class can be used to investigate isolated security incidents or implement
 ed at scale for continuous monitoring and threat hunting. Attendees will b
 e provided with access to a preconfigured Elastic cluster and extensive sa
 mple logs containing malicious endpoint and network events waiting to be d
 iscovered on a simulated enterprise network. New for this year\, attacker 
 artifacts will be more closely mapped to the MITRE ATT&CK Framework and ta
 gged accordingly in the provided logs to help demonstrate the value of log
  enrichment\, showcase both common and novel real-world attacker TTPs\, an
 d leverage a methodological approach to adversary and anomaly detection. E
 mphasis will be placed on live demos and practical training exercises thro
 ughout.\n\nSpeaker(s): Ben Hughes\n\nLocation: Blue Team Vlg / Blue Team V
 lg - Workshop Track 2\n\nDiscord: https://discord.com/channels/70820826769
 9945503/732454317658734613\n\nEvent starts: 2020-08-07 15:00 (03:00 PM) PD
 T (UTC -07:00)\n\nEvent ends: 2020-08-07 16:30 (04:30 PM) PDT (UTC -07:00)
 \n\nFor the most up-to-date information\, please either visit https://info
 .defcon.org\, or use HackerTracker\, which is available for iOS and Androi
 d. This is an automated message\, and this data was last modified 2020-08-
 02T22:58 (UTC).
URL:https://forum.defcon.org/node/234093
DTSTART:20200807T230000Z
DTEND:20200808T003001Z
LOCATION:Blue Team Vlg / Blue Team Vlg - Workshop Track 2
END:VEVENT
END:VCALENDAR