Hunt the Beasts in the Bits: A Proactive Approach

Abstract

Cyberattacks are evolving day to day, and cyber criminals employ sophisticated techniques to carry out multistage attacks and hide their malicious activities once they are landed in our digital wonderland. If we have not been hit by any attack yet, it does not mean it will never happen to us; it is just a matter of time. Shall we respect the traditions? Deploy a tool or solution to monitor our environment and wait for alerts! Trigger incident response in the event of any security breach followed by an indicator oriented (IoC and IoA) analysis? Collect forensic images for root cause analysis? These are essential, but all are reactive with long incident dwell time. Besides, they may be good at detecting the known bad, but they are not sufficient to proactively hunt the unknowns. This talk proposes a comprehensive technical roadmap to leverage Windows live analysis for proactive cyber threat hunting using manual methods, automation, and advanced analytical techniques (e.g. behavior/anomaly analysis, pattern recognition, statistics, and visualization). All the steps are mapped with MITRE and D3FEND knowledge bases, threat hunting best practices, and cyber threat intelligence feeds to deal with good, bad, and unknowns.


Speakers Information


Meisam Eslahi

Dr. Meisam is a technical cybersecurity practitioner with solid expertise in providing strategies and technical directions, building new service/business lines, diverse teams, and capabilities. He has over 19 years of experience in information technology, with 15 years dedicated to cybersecurity in leadership and technical roles. In his current role as a Senior Director of cybersecurity at EC-Council Global Services (EGS), Meisam is leading, managing, and delivering a wide range of cybersecurity services to multi-national clients, mainly in Red Teaming, Threat Hunting, DFIR, Cyber Drill, Compromise Assessment, and Penetration Testing. He is also a security researcher, blogger [sechub.medium.com], mentor, and speaker in many global events and conferences like Blue Team Village at Defcon29 (Scope X: Hunt in the Ocean), Gravithon, etc. He writes regularly on LinkedIn [linkedin.com/in/meisameslahi] and Twitter [@drmeisam_ ] about cybersecurity technical tips, techniques and tools, capability building and career growth.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.