Loading…
Botconf 2017 has ended
View analytic
Friday, December 8 • 15:10 - 16:00
Advanced Threat Hunting

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Many threat intelligence teams are small and must make limited resources work in the most efficient way possible. The data these teams rely on may be quite high volume and potentially low signal to noise ratio. The tools used to collect and exploit this data have finite resources and must be leveraged at the highest utilization possible. Additionally, these tools must be applied to the most valuable data first.

This talk presents a process that your team can implement to make your threat and malware hunting more efficient. The core of this process uses YARA rules to process files from an arbitrary source in volume. From that core, it covers methods of prioritizing the output of the rules based on the team’s priority and the confidence in the quality of the rules. Using this process, files are submitted to sandboxes for automated analysis. The output of each of these systems is then parsed for certain qualities that would increase or decrease the value of the information to the team. Attendees will take away not only a solid process that they can implement in their own organizations, but also a list of gotchas and problems that they should avoid.

Speakers
RS

Robert Simmons

Director of Research Innovation, ThreatConnect
Robert Simmons is Director of Research Innovation at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis... Read More →


Friday December 8, 2017 15:10 - 16:00
Corum Allée du Saint-Esprit, 34000 Montpellier, France