Hunting an APT

The purpose of this workshop is to enhance your knowledge on techniques used to hunt an APT. During this workshop, we will talk about hunting and why we hunt, we will set our scenario and then we will work through several different hunting scenarios that all tie back to a specific adversary and threat and develop a better understanding of what went on as we confirm each hypothesis. Each section will walk through a hypothesis that will be mapped to either a phase of the LMKC or the ATT&CK framework. At the end of each section a slide will describe lessons learned, provide a threat picture based on what was uncovered when proving the hypothesis as well as potential actions that can operationalize the intelligence gathered for use by the incident response team in the future.

Instructor background

Damien and Matt have combined over 40 years experience in the threat hunting world. They both work at Splunk helping customers find, identify, and remediate their persistent threats.

Prerequisites

There are no prerequisites for this workshop.