章次 章 次
-
0:09
There's a number of different terms and definitions that are very commonly used when we're talking about threat hunting, and it's important to know what those are. Now, if you're already familiar, if you're already in the cybersecurity indu…
-
5:12章章章 章章 章 次 章 第一章 章 第一章 2: So for your more typical or generic APTs, they start out with APT and then a number. 287s · Speaker 1
So for your more typical or generic APTs, they start out with APT and then a number. They can also use UNC, which stands for Uncategorized Group, or FIN or FIN to designate a threat actor group that's focused mainly on financial crimes. So …
-
10:00章章章 章章 章 次 章 第一章 章 第一章 3: to show that there is potentially the presence of malicious activity. 298s · Speaker 2
to show that there is potentially the presence of malicious activity. Now, just because there is an IOC found doesn't always mean that there is a confirmed compromise or a confirmed malicious activity on a system. It is just an indicator th…
-
15:00章章章 章章 章 次 章 第一章 章 第一章 4: He created the Pyramid of Pain while he was working at Mandiant. 300s · Speaker 2
He created the Pyramid of Pain while he was working at Mandiant. And again, the point of this is to show two different things. One, the difficulty in obtaining different indicators of compromise. Also, if you're able to detect specific type…
-
20:00章章章 章章 章 次 章 第一章 章 第一章 5: more difficult for the attacker to evade the detection or to kind of get around the mitigation, excuse me. 301s · Speaker 2
more difficult for the attacker to evade the detection or to kind of get around the mitigation, excuse me. And this is what we're talking about, our network artifacts and our host artifacts. And these can be things like user agent strings f…
-
25:01
So the Pyramid of Pain is a good way to, again, visualize Not just the difficulty in detecting certain IOCs, but also visualizing the amount of effort it takes for the attackers to get around any sort of mitigations for the detection of the…