BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:1f639667-d47e-48f5-95bb-e9039b608531
DTSTAMP:20260528T152841Z
SUMMARY:Advanced APT Hunting with Splunk
DESCRIPTION:You wanna learn how to hunt the APTs? This is the workshop for 
 you. Using a real-worldish dataset\, this workshop will teach you how to h
 unt the "fictional" APT group Taedonggang. We discuss the Diamond model\, 
 hypothesis building\, LM Kill Chain\, and Mitre ATT&CK framework and how t
 hese concepts can frame your hunting. Using Splunk and OSINT\, we will hun
 t for APT activity riddling a small startup's network. During the event\, 
 you will be presented a hypothesis and conduct your own hunts\, whether it
  is for persistence\, exfiltration\, c2 or other adversary tactics. Heck\,
  there might be some PowerShell to be found\, too. We will regroup and rev
 iew the specific hunt and discuss findings and what opportunities we have 
 to operationalize these findings as well. At the end\, we give you a datas
 et and tools to take home and try newly learned techniques yourself.\n\nSp
 eaker(s): Matt Toth\, Robert Wagner\n\nLocation: Packet Hacking Vlg\n\nDis
 cord: https://discord.com/channels/708208267699945503/708242376883306526\n
 \nEvent starts: 2020-08-08 16:00 (04:00 PM) PDT (UTC -07:00)\n\nEvent ends
 : 2020-08-08 18:00 (06:00 PM) PDT (UTC -07:00)\n\nFor the most up-to-date 
 information\, please either visit https://info.defcon.org\, or use HackerT
 racker\, which is available for iOS and Android. This is an automated mess
 age\, and this data was last modified 2020-07-29T01:18 (UTC).
URL:https://forum.defcon.org/node/234262
DTSTART:20200809T000000Z
DTEND:20200809T020001Z
LOCATION:Packet Hacking Vlg
END:VEVENT
END:VCALENDAR