Threat Hunting: Real Intrusions by State-Sponsored and eCrime Groups
“Threat hunting” is a term getting thrown around a lot in the security industry, but there is still a lot of confusion about what it actually means. Does it mean responding to alerts? Is it another SOC? Is threat hunting the same thing as incident response? How would an organization start doing threat hunting? Get ready to find out in this real training for free event.
In this webcast we are going to dive into what threat hunting means and how you can use it to actively find intrusions. We will discuss how to use it effectively and then look at techniques being used in actual intrusions.
You will see intrusions that were executed by nation-states and eCrime groups. We will cover the exact command lines they executed, what the attacks accomplished, and how the bad guys attempted to avoid discovery. These techniques will include how the attackers:
- Establish persistence to stay in a network
- Move laterally to other hosts
- Evade defenses and stay undetected
- Compromise additional credentials and move deeper into the environment
In this sponsored webinar with Randy Franklin Smith and Ultimate Windows Security, we will discuss some threat hunting techniques that can be used to discover the attacks used. You can then use this information to start doing your own threat hunting.
Attendees will learn:
- What threat hunting is, it’s benefits and how it’s different than other activities
- Targeted intrusion techniques recently observed in the wild
- How to use threat hunting to discover threat actors before they accomplish their objectives
Senior Tactical Intelligence Researcher - CrowdStrike
Jason Wood is a Senior Researcher, Tactical Intelligence at CrowdStrike with extensive experience in penetration testing, security architecture reviews, security operations, and training. He is the author of Breaking Web Application Security, a two-day course on how to perform security assessments of web applications.
For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.Visit the Tech Center