Advanced APT Hunting with Splunk

BSidesLV 2018

Presented by: Dave Herrald, Ryan Kovar, John Stoner
Date: Wednesday August 08, 2018
Time: 08:00 - 17:55
Location: Training Ground

You wanna learn how to hunt the APTs? This is the workshop for you. Using a realworld* dataset we hunt through the APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APTs riddling a small startup’s network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try yourself.

Ryan Kovar

Dave Herrald

John Stoner


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats