The Hunter Games - How to Find the Adversary with Event Query Language

Explore threat-based detection techniques and learn how to effectively identify adversaries using Event Query Language in this conference talk from Circle City Con 2019. Discover various approaches to finding unexpected threats, including remote access analysis, environment monitoring, persistence detection, process examination, and WMI investigation. Gain insights into analytics libraries, attack frameworks, and data normalization. Delve into future developments such as real-time streaming and connect with resources to enhance your cybersecurity skills in adversary hunting.

Intro
Agenda
Threat Based Detection
How to find the adversary
What about when someone does something you didnt anticipate
Approach 1 Ask
Approach 2 Remote Access
Approach 3 Environment
Approach 4 Persistence
Approach 6 Processes
Approach 7 Attempts
Approach 8 WMI Incoming
Approach 9 Host
Approach 10 Host
Approach 11 Analytics
Analytics Library
Attack Framework
Normalization
Whats next
Realtime streaming
Getting in touch
Resources
Data