This talk is designed to provide you the skills necessary to hunt for malicious actors on the networks you defend​. I will teach you how to do this using primarily Open-Source software and technologies​. You CAN have effective cybersecurity on a limited budget​. Part 1: OSINT Network defenses - talk through creating an open-source network intrusion detection sensor leveraging a Raspberri Pi and Suricata. We have successfully deployed these sensors on network up to 500 endpoints. We will cover the basics of what Suricata is as well as how to use a Pi for better visibility within a network. Part 2: OSINT Threat Intel - talk through using a number of different tools for faster false positive detection. Will also speak about how to automate some of the OSINT feeds for the Suricata sensor - daily OSINT updates protecting the network. Part 3: Now that we have some tooling in place - how do we look for anomalous activity. Will cover how to approach an investigation, define attackers and define a compromise. Part 4: Introduction of our F3EA Framework for threat hunting. Explore all 5 sections and define what each are and how they relate to the overall investigation. The Framework is iterative and feeds itself. Part 5: Threat Hunting models - practical examples of how to hunt and a number of common techniques that we have found highly successful.

Joseph is a professional hacker who has served as a senior cybersecurity consultant to BP, American Express, Home Depot, and Palantir. Joe speaks at a variety of cybersecurity events and leads the Incident Response and technical investigations team at Bluestone Analytics.

Back to SecureWV 2017 video list