Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- www.blackhillsinfosec.com/
00:00 - Introduction
01:25 - Problem Statement
03:41 - Consistencies
07:43 - Set-Up
09:28 - Why Bro
11:40 - Rita is at the Heart
16:50 - VSAgent
17:30 - DNSCat
17:57 - Ads
20:12 - Round Robin Malware Beaconing
21:44 - Connection to DoD
25:40 - Question: AWS
27:35 - Lesson
30:57 - Blacklisting
32:09 - What to Look For
34:40 - Note on Porn
35:58 - When Good Sites Go Bad
39:15 - Spyware
41:27 - Compromised Servers
43:38 - Crypto Mining
45:24 - Online Resource: IP/URL Void
46:08 - Online Resource: BGP/ASN Ranking
46:55 - Online Resource: Shodan
47:36 - Online Resource: PunkSPIDER
48:48 - Conclusions and Questions
50:47 - Q: What Happened to John Strand vs John Strand
52:20 - Q: Is Rita Modular
54:00 - Q: More on Rita
57:18 - Active Countermeasures - BHIS Product
01:01:38 - Deployment Options
01:03:12 - Demo and Questions
01:21:40 - Pricing and Other Questions
Description: In this webcast John walks through a couple of cool things we've found useful in some recent network hunt teams. He also shares some of our techniques and tools (like RITA) that we use all the time to work through massive amounts of data. There are lots of awesome websites that can greatly increase the effectiveness of your in network threat hunting.
For those interested, after the webcast we show off our new commercial threat hunting tool, AI Hunter. We are currently looking for Beta testers who have span ports ready to fire and possibly are already using Bro.
The demo is after the hour of free tools and techniques. Free stuff, intermission, then the demo. We won't spam you afterwards about the product, promise.
Slides available here: www.blackhillsinfosec.com/web...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest RU-vid: / wildwesthackinfest
Active Countermeasures RU-vid: / activecountermeasures
Antisyphon Training RU-vid: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #infosec
16 июл 2024
