Hunt and Gather - Developing Effective Threat Hunting Techniques

Explore effective threat hunting techniques in this 40-minute RSA Conference talk by Tim Bandos, CISO of Digital Guardian. Learn how to stay ahead of hackers through innovative strategies, including application shimming, attack MITRE framework, and Windows admin shares analysis. Discover prerequisites for successful threat hunting, gain insights into system perspectives, and understand how to hunt for lateral movement, network connections, and web shells. Delve into advanced techniques like shim cache hunting, building custom dashboards, and creating proactive signatures. Acquire practical tips to plan, develop, and execute your own threat hunting techniques, leveraging free utilities and best practices shared by an experienced threat hunting team.

Intro
Agenda
What is Threat Hunting
What does it all require
Choosing a model
Application shimming
Attack Miter Framework
Prerequisites
Where do we begin
System perspective
Hunting signature
Account creation
Windows Admin Shares
Windows Event Logs
Executable Launch from Extracted Archive
Job Impression
Hunting Time
Hunting Lateral Movement
Hunting Network Connections
Hunting Web Shells
Advanced Threat Hunting
shim cache hunting
build a hunting dashboard
be proactive
create a dashboard
create custom signatures
download the free utilities
wrap up