Loading…
Botconf 2017 has ended
Back To Schedule
Friday, December 8 • 15:10 - 16:00
Advanced Threat Hunting

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Many threat intelligence teams are small and must make limited resources work in the most efficient way possible. The data these teams rely on may be quite high volume and potentially low signal to noise ratio. The tools used to collect and exploit this data have finite resources and must be leveraged at the highest utilization possible. Additionally, these tools must be applied to the most valuable data first.

This talk presents a process that your team can implement to make your threat and malware hunting more efficient. The core of this process uses YARA rules to process files from an arbitrary source in volume. From that core, it covers methods of prioritizing the output of the rules based on the team’s priority and the confidence in the quality of the rules. Using this process, files are submitted to sandboxes for automated analysis. The output of each of these systems is then parsed for certain qualities that would increase or decrease the value of the information to the team. Attendees will take away not only a solid process that they can implement in their own organizations, but also a list of gotchas and problems that they should avoid.

Speakers
avatar for Robert Simmons

Robert Simmons

Director of Research Innovation, ThreatConnect
Robert Simmons is Director of Research Innovation at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis... Read More →


Friday December 8, 2017 15:10 - 16:00 CET
Corum