Don't Boil the Ocean - Using MITRE ATT&CK to Guide Hunting Activity

Explore a focused approach to threat hunting using the MITRE ATT&CK framework in this 31-minute conference talk from Security BSides San Francisco 2019. Learn how to overcome the challenge of "boiling the ocean" by developing specific, purposeful hunting strategies. Discover techniques for building hypotheses and plans based on the MITRE ATT&CK framework, enabling more effective threat identification. Through an adversary emulation developed at Splunk, gain insights into applying ATT&CK techniques to identify artifacts and indicators. Understand how to leverage initial findings to drive additional hunts, creating a cyclical process that enhances operational effectiveness and deepens threat hunting capabilities.

BSidesSF 2019 - Don't Boil the Ocean: Using MITRE ATT&CK to Guide Hunting Activity (John Stoner)