21 min listen
Modern Threat Hunting with your SIEM on a $0 Budget - Ryan Fried - ESW #284
Modern Threat Hunting with your SIEM on a $0 Budget - Ryan Fried - ESW #284
ratings:
Length:
33 minutes
Released:
Aug 12, 2022
Format:
Podcast episode
Description
Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. I will talk about how to start small and will give a few examples where we proactively found evil in our environment. Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54 https://www.cisa.gov/uscert/ncas/alerts/aa22-181a Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw284
Released:
Aug 12, 2022
Format:
Podcast episode
Titles in the series (100)
Interview with Schuyler Towne - Episode 338: Schuyler Towne is on a mission to recover as much information as possible about the lock-related patents that were lost to the patent office fire of 1836. His primary interest is in the history and the story of the creators of the lost locks, but his... by Security Weekly Podcast Network (Video)