Active Countermeasures Webcast
05-06-2020
Testing Your Threat Hunt Platform
Because Threat Hunting is such a new discipline, it’s not always clear what Threats a particular package can detect. In this webcast, Bill Stearns and Keith Chew will walk you through testing your Threat Hunting software to make sure it is working properly and can detect different types of unwanted traffic. This is a walkthrough of the process for detecting DNS beaconing and Metasploit. After this webcast, you should be all set to do testing on the other threat traffic types.
slide deck can be found Here inside the ACM_Webcasts folder
In preparation for this webcast, check out our Threat Simulation blog series Here
Presented by: Bill Stearns & Keith Chew
Timeline:
- 0:00 – Before We Start
- 3:06 – Threat Simulation: Testing Threat Hunting Software
- 4:29 – OK, But Why?
- 6:11 – Approach
- 8:32 – Network Layout
- 9:11 – Setup
- 14:24 – Actual Testing
- 15:37 – Detecting DNS C2 Traffic
- 17:41 – DNS Live Demo
- 29:17 – What We Look For
- 30:08 – If Not Detected?
- 36:36 – Metasploit Framework
- 1:00:55 – More Information
- 1:01:45 – Questions From Discord Chat
- 1:16:44 – Peanut Butter & Jelly