ክፍሎች
-
0:00ምዕራፍ 1: creating a thread in another process. 300s · Speaker 1
creating a thread in another process. Very common, a technique used by malware to inject code and hide in other processes. So a good one to keep in mind. Let's see, file creation is another one. This will log when files are created on a sys…
-
5:00ምዕራፍ 2: you know, various directories and folders that target that attackers may commonly target just to carry out their attacks. 299s · Speaker 2
you know, various directories and folders that target that attackers may commonly target just to carry out their attacks. This is where you want to look at when new files are created, when files might be deleted, when files are modified, es…
-
10:00ምዕራፍ 3: configurations here for a minute. 299s · Speaker 1
configurations here for a minute. A baseline is essentially a measure of what is normal. It is the kind of standard of what everything should look like when there are no issues on either endpoints or network devices or anything like that. A…
-
15:00ምዕራፍ 4: automation that's being added in and what level of automation is being included with the analysis as well. 300s · Speaker 2
automation that's being added in and what level of automation is being included with the analysis as well. So a few different factors here that are used to measure this, especially in kind of the one of the models that's most common used fo…
-
20:00ምዕራፍ 5: Level four threat hunting teams are the most advanced when it comes to this maturity model. 299s · Speaker 1
Level four threat hunting teams are the most advanced when it comes to this maturity model. But again, very similar to level three, but with a very high level of automation in their threat hunting process, in their data analysis process, ve…
-
25:00
If the last information you have about specific attacks is from, you know, five to seven years ago, then that information may not be very relevant to attacks that are being carried out today. However, if the information you find is from las…
-
27:24ምዕራፍ 7: the network. 300s · Speaker 2
the network. but it does kind of give you that potential starting point to be able to create a hypothesis. This type of hunt and this way of thinking starts with looking at data and noticing something suspicious about it. Now, this is still…
-
32:25ምዕራፍ 8: and know what is normal and what is abnormal to be able to recognize if anything does look suspicious. 49s · Speaker 1
and know what is normal and what is abnormal to be able to recognize if anything does look suspicious. So again, there are countless ways of thinking about threat hunts. There are no real standard way to think about a threat hunt. Threat hu…