Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=PdCQChYrxXg


Category:
Guide
Duration: 32:38
26,068 views
582

SANS Summit schedule: http://www.sans.org/u/DuS

The Most Dangerous Game: Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
John Hubbard, SOC Manager, GlaxoSmithKline; Certified Instructor, SANS Institute

Modern cyber defense requires the mindset of “assume breach,” but with so much data generated by our networks and endpoints, how can we collect the information needed to identify attacks in an affordable way, let alone sort through it all? This talk will discuss the unique challenges of finding post-exploitation activity in our mountains of data and walk through using the open source Elastic Stack to identify the techniques enumerated in MITRE’s ATT&CK framework. Attendees will be given an overview of how to leverage the ATT&CK body of knowledge, options for data collection, and suggested rules and dashboards that specifically target finding post-exploitation activity. The goal of this talk is to arm defenders with industry-validated attack knowledge, and demonstrate how late-stage compromises can be identified and stopped before significant damage is caused.



Other Videos By SANS Institute


2018-11-29Kolide & OSQuery: How to Build Solid Queries and Packs for Detection and Threat Hunting
2018-11-29SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
2018-10-24Practical Advice for Submitting to Speak at a Cybersecurity Conference
2018-10-23How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
2018-10-23The Science of Security: The Psychological Impacts of Security Awareness Programs
2018-10-23The Dark Arts of Social Engineering – SANS Security Awareness Summit 2018
2018-10-15SANS Webcast - YARA - Effectively using and generating rules
2018-10-15SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
2018-10-15SANS Webcast - Perimeter Security and Why it is Obsolete
2018-10-05Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
2018-09-25Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
2018-09-25Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
2018-09-24SANS Institute - 2018 Security Awareness Report Webcast Sneak Peek
2018-08-28You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
2018-08-17Introduction to Malware Analysis
2018-08-17SANS vLive Evening Classes - LEG523
2018-08-17SANS vLive Evening Classes - SEC504
2018-08-17Introduction to Linux
2018-06-14Jumping Air Gaps – SANS ICS Summit 2018
2018-06-12A Sneak Peak at the New ICS410
2018-05-31You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
ATT&CK
ATT&CK framework
threat hunting
Security Operations Center
Security Operations Summit
SANS Summit
Cybersecurity Summit