Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
ฝัง
- เผยแพร่เมื่อ 20 ก.ค. 2024
- SANS Summit schedule: www.sans.org/u/DuS
The Most Dangerous Game: Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
John Hubbard, SOC Manager, GlaxoSmithKline; Certified Instructor, SANS Institute
Modern cyber defense requires the mindset of “assume breach,” but with so much data generated by our networks and endpoints, how can we collect the information needed to identify attacks in an affordable way, let alone sort through it all? This talk will discuss the unique challenges of finding post-exploitation activity in our mountains of data and walk through using the open source Elastic Stack to identify the techniques enumerated in MITRE’s ATT&CK framework. Attendees will be given an overview of how to leverage the ATT&CK body of knowledge, options for data collection, and suggested rules and dashboards that specifically target finding post-exploitation activity. The goal of this talk is to arm defenders with industry-validated attack knowledge, and demonstrate how late-stage compromises can be identified and stopped before significant damage is caused.
![[TH] 2024 PMWC x EWC Group Stage Day 2 | PUBG MOBILE WORLD CUP x ESPORTS WORLD CUP](http://i.ytimg.com/vi/vwIQyCmNIBU/mqdefault.jpg)
It's amazing how much open source tools exist and orgs don't use them. I believe it's mostly because they don't know they exist, and there are some that know but are too lazy to configure and invest the time.
Great presentation!
Very informative. Thank you.
Excellent presentation~
Very Informational! Great Content!
Wow, with a presentation.
Excellent presentation. Are the slides available? Where?
Okay so its the initial evolution of securityOnion