章次 章 次
-
0:00章章章 章章 章 次 章 第一章 章 第一章 1: creating a thread in another process. 300s · Speaker 1
creating a thread in another process. Very common, a technique used by malware to inject code and hide in other processes. So a good one to keep in mind. Let's see, file creation is another one. This will log when files are created on a sys…
-
5:00章章章 章章 章 次 章 第一章 章 第一章 2: you know, various directories and folders that target that attackers may commonly target just to carry out their attacks. 299s · Speaker 2
you know, various directories and folders that target that attackers may commonly target just to carry out their attacks. This is where you want to look at when new files are created, when files might be deleted, when files are modified, es…
-
10:00章章章 章章 章 次 章 第一章 章 第一章 3: configurations here for a minute. 299s · Speaker 1
configurations here for a minute. A baseline is essentially a measure of what is normal. It is the kind of standard of what everything should look like when there are no issues on either endpoints or network devices or anything like that. A…
-
15:00章章章 章章 章 次 章 第一章 章 第一章 4: automation that's being added in and what level of automation is being included with the analysis as well. 300s · Speaker 2
automation that's being added in and what level of automation is being included with the analysis as well. So a few different factors here that are used to measure this, especially in kind of the one of the models that's most common used fo…
-
20:00章章章 章章 章 次 章 第一章 章 第一章 5: Level four threat hunting teams are the most advanced when it comes to this maturity model. 299s · Speaker 1
Level four threat hunting teams are the most advanced when it comes to this maturity model. But again, very similar to level three, but with a very high level of automation in their threat hunting process, in their data analysis process, ve…
-
25:00
If the last information you have about specific attacks is from, you know, five to seven years ago, then that information may not be very relevant to attacks that are being carried out today. However, if the information you find is from las…
-
27:24章章章 章章 章 次 章 第一章 章 第一章 7: the network. 300s · Speaker 2
the network. but it does kind of give you that potential starting point to be able to create a hypothesis. This type of hunt and this way of thinking starts with looking at data and noticing something suspicious about it. Now, this is still…
-
32:25章章章 章章 章 次 章 第一章 章 第一章 8: and know what is normal and what is abnormal to be able to recognize if anything does look suspicious. 49s · Speaker 1
and know what is normal and what is abnormal to be able to recognize if anything does look suspicious. So again, there are countless ways of thinking about threat hunts. There are no real standard way to think about a threat hunt. Threat hu…