Detection Technique Deep Dive

Presented by

Doug Brown - Senior Threat Hunter at CrowdStrike

About this talk

Having detection techniques at hand – which you can apply in systematic approaches across different environments – is a ninja skill detection engineers and threat hunters need to have. In this session, Senior Threat Hunter Doug Brown will provide you with just that. Join Doug as he explores a range of concrete search techniques to measure a variety of behavioural changes, and demonstrates how to map those to MITRE ATT&CK techniques. Attend this session to learn how to: Map advanced statistics to MITRE ATT&CK techniques Detect spikes with median absolute deviation and handle data with seasonality Identify first-time events in new values seen in a field or combination of fields, including cardinality of distinct fields to measure behaviour change Detect C2 beaconing through domain parking and lateral movement with RDP for first-time users by applying simple sequencing techniques Plus, you’ll get bonus examples of highly complex sequencing approaches.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (304)
Subscribers (38081)
Splunk is the world’s first Data-to-Everything Platform. Now organizations no longer need to worry about where their data is coming from, and they are free to focus on the business outcomes that data can deliver. Innovators in IT, Security, IoT and business operations can now get a complete view of their business in real time, turn data into business outcomes, and embrace technologies that prepare them for a data-driven future.