Tweet
You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre ATT&CK framework and how these concepts can frame your hunting. Using Splunk and OSINT, we will hunt for APT activity riddling a small startup's network. During the event, you will be presented a hypothesis and conduct your own hunts, whether it is for persistence, exfiltration, c2 or other adversary tactics. Heck, there might be some PowerShell to be found, too. We will regroup and review the specific hunt and discuss findings and what opportunities we have to operationalize these findings as well. At the end, we give you a dataset and tools to take home and try newly learned techniques yourself.
Speaker(s): Matt Toth, Robert Wagner
Location: Packet Hacking Vlg
Discord: https://discord.com/channels/7082082...42376883306526
Event starts: 2020-08-08 16:00 (04:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-08 18:00 (06:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:18 (UTC).
Speaker(s): Matt Toth, Robert Wagner
Location: Packet Hacking Vlg
Discord: https://discord.com/channels/7082082...42376883306526
Event starts: 2020-08-08 16:00 (04:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-08 18:00 (06:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:18 (UTC).