Loading…
BSidesSF 2019 has ended
Monday, March 4 • 11:45am - 12:15pm
Don't Boil the Ocean: Using MITRE ATT&CK to Guide Hunting Activity

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
As threat hunting becomes a focus for more and more organizations, the abilities of the staff who are being asked to hunt vary greatly. One of the greatest challenges of threat hunting is biting off more than you can chew.
Oftentimes, analysts want to "boil the ocean" and hunt without a specific purpose or plan. This talk is focused on using the MITRE ATT&CK framework as the catalyst to assist in building the hypothesis and plan to determine what we should hunt for and how we should build our hypothesis. To make this point, I will use an adversary emulation that we developed at Splunk and show how hunt teams can take the techniques defined in the MITRE ATT&CK framework and apply them to hunts that identify artifacts and indicators and how these initial findings can be fed into a process with ATT&CK to drive additional hunts, enabling hunters to gain more and more insight to better operationalize their findings.

Speakers
avatar for John Stoner

John Stoner

Principal Security Strategist, Splunk
John Stoner is a Principal Security Strategist at Splunk. He leverages his experience and lessons learned to educate and improve the organization's capabilities in Security Operations, Threat Hunting, Incident Response, and Threat Intelligence. He has authored multiple workshops that... Read More →



Monday March 4, 2019 11:45am - 12:15pm
IMAX