Modern Threat Hunting with your SIEM on a $0 Budget – Ryan Fried – ESW #284



Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren’t valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group “domain admins” or RDPing from workstation to workstation and translating those to threat hunting queries. I will talk about how to start small and will give a few examples where we proactively found evil in our environment.

Segment Resources:
https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report
https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54
https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

Modern Threat Hunting with your SIEM on a $0 Budget

Guests

Ryan Fried

Ryan Fried – Senior Security Engineer at Brooks Running

Ryan holds a masters degree in cyber security, has worked in the cybersecurity field for 9 years, and works as an adjunct professor teaching cyber security at a college for 7 years. Currently Ryan works for Brooks Running as a senior security analyst, specializing in security automation, network segmentation and purple teaming.

Hosts

Adrian Sanabria

Adrian Sanabria – Director of Product Management at Tenchi Security

@sawaba

Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

John Kinsella

John Kinsella – Co-founder & CTO at Cysense

@johnlkinsella

John Kinsella is the Co-founder & CTO of Cysense

Katie Teitler

Katie Teitler – Senior Security Strategist at Axonius

@Katherinert15

Katie Teitler is a cybersecurity content creator. In her current role with Axonius, she is part of the product marketing team, helping audiences understand the value proposition of cyber asset management as it pertains to risk reduction. In past roles, Katie was an industry analyst, research director, content marketer, and freelance author, and managed content and speakers for InfoSec World, now a flagship offering of the Cyber Risk Alliance.

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!