Find All the Badness, Collect All the Things

Explore the capabilities of GRR, an open-source remote live-forensics system developed by Google, in this informative Black Hat conference talk. Discover how GRR enables rapid incident response and large-scale threat hunting across an entire fleet of machines. Learn about common use cases, including collecting persistence mechanisms, analyzing network connections, examining process listings, and investigating browsing history. Understand the power of GRR's artifact collection feature and its ability to perform binary collection for malware analysis. Gain insights into the challenges of implementing GRR across different environments and the future directions of the project, including integration with other open-source forensics tools and IOCs. This 58-minute presentation by Greg Caste provides valuable knowledge for cybersecurity professionals looking to enhance their incident response and threat hunting capabilities.

GRR: Find All the Badness, Collect All the Things