Detection Technique Deep Dive

Logo
Presented by

Doug Brown - Senior Threat Hunter at CrowdStrike

About this talk

Having detection techniques at hand – which you can apply in systematic approaches across different environments – is a ninja skill detection engineers and threat hunters need to have. In this session, Senior Threat Hunter Doug Brown will provide you with just that. Join Doug as he explores a range of concrete search techniques to measure a variety of behavioural changes, and demonstrates how to map those to MITRE ATT&CK techniques. Attend this session to learn how to: Map advanced statistics to MITRE ATT&CK techniques Detect spikes with median absolute deviation and handle data with seasonality Identify first-time events in new values seen in a field or combination of fields, including cardinality of distinct fields to measure behaviour change Detect C2 beaconing through domain parking and lateral movement with RDP for first-time users by applying simple sequencing techniques Plus, you’ll get bonus examples of highly complex sequencing approaches.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (294)
Subscribers (38918)
Splunk is helping to build a safer and more resilient digital world by equipping customers with the unified security and observability platform they need to keep their organization securely up and running — no matter what digital disruptions come their way.