Webcasts

October 17th, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-shorts-collecting-the-right-data-video-blogs/

15 0

October 17th, 2022

18 0

October 5th, 2022

///Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast https://discord.gg/threathunter

///Chris Brenton from Active Countermeasures is conducting another free, one-day, Cyber Threat Hunting Training online course!

We have had over 20,000 students attend our training live!

One of the biggest challenges in security today is identifying when our protection tools have failed and a threat actor has made it onto our network.

In this free, one-day (6-hours) course, we will cover how to leverage network and host data to perform a cyber threat hunt.

The focus will be on processes and techniques that can be used to protect:
- Desktops
- Servers
- Network gear
- IIoT
- BYOD system

The course includes hands-on labs using packet captures of various command and control channels.

We will also discuss how you can use our new Sysmon tool BeaKer to detect attacks on the host with Sysmon... for free!

The labs will enable you to apply what you've learned using various open-source tools.

By the end of the course, you’ll understand the tools and techniques needed to perform compromise assessments within your own environment. While the course will be available later for download, live attendees will receive a "Cyber Security Threat Hunter Level-1" certificate.

Why are we doing it? Cyber threat hunting is a relatively new discipline. As an industry, we are still formulating standards and procedures. We want to do our part by giving back to the security community. We are hoping that by sharing what we've learned we can help spark new ideas and threat hunting tools. Let's build a community and solve these problems together.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast https://discord.gg/threathunter

This will be a live course with QA available. Pre-show Banter and Set-up questions will start at 10:30am ET. The Presentation will begin at 11am ET.

Labs last updated July 9th 2022

41 3

September 23rd, 2022

00:00 - FEATURE PRESENTATION: Getting the details From Zeek
01:48 - Exploring By Hand
05:28 - zless
06:25 - Searing for an IP address in a file
13:05 - Using Zeek Cut
19:42 - THT - Threat Hunting Toolkit
24:06 - THT- Connections
29:03 - THT - DNS
42:56 - Thank You
43:47 - Bonus - Validating Certificates
48:33 - Questions and Closing


Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

High-level packet analysis tools give us the overview of what's on a network; they save us huge amounts of time. But every once in a while we look at these summaries and say "What the heck is going on with this system?"

Here's where we need to fall back to either looking at raw packets or going halfway there by looking at Zeek logs. Zeek provides a rich amount of detail on network traffic if you know how to extract it! In this talk we'll look at both manual and semi-automated approaches to getting more detail out of your Zeek logs.

14 2

September 22nd, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-safelisting-video-blog/

23 0

September 20th, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-c2-over-dns-video-blog

26 1

September 15th, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-fqdn-beacons-video-blog/

20 0

September 13th, 2022

View our blog post for this video: https://www.activecountermeasures.com/threat-hunting-ip-based-beacons-video-blog/

17 1

September 12th, 2022

View our blog post for this video: https://www.activecountermeasures.com/what-is-cyber-threat-hunting-video-blog/

7 2