SlideShare ist ein Scribd-Unternehmen logo

Threat Hunting by Falgun Rathod - Cyber Octet Private Limited

Falgun Rathod
Falgun Rathod

Introduction to Threat Hunting by Ethical Hacking Institute in India - Cyber Octet Private Limited - Cyber Security Training & Certifications

Technologie
1 von 17
Downloaden Sie, um offline zu lesen
खतरों का शिकार THREAT HUNTING
Who I am Falgun Rathod • Managing Director at Cyber Octet Pvt. Ltd. • 10+ Years Experience in Cyber Security • Served 120+ Clients • Consultant to Government Agencies • Threat Hunter | Ethical Hacker • Penetration Tester • Core Subjects – Industrial Control Systems, Social Engineering, GRC.
Covered Today • Threat Hunting Defined • Why Threat Hunting • Skills required • Threat Detection VS Threat Hunting • What to Hunt • Techniques • Practical • Conclusion
Breaches are Expensive! • Average cost of a breach in the US is $7.9M • Average cost of a breach globally is $3.8M • Takes an average of 197 days to identify a breach • Average span of 69 days to contain a breach
Threat Hunting Defined  Objectives * Identify compromised systems and accounts * Improve security monitoring detection rules * Perform forensics at scale  Hunt Strategies * Threat Intelligence – Sweep for known bad * Anomaly – Configurations with the least frequency of occurrence * Behavioral – Attacker tools, tactics, and techniques  Risks Mitigated * “Pre-existing conditions” – historic compromises * Blind spots – limited security monitoring visibility * Secondary compromises – attackers move off patient 0
Why Threat Hunting • Attacks leave behind valuable traces • Failed attacks • Probes • Discover weaknesses • Find activity before it becomes a disaster
People Involve & Skillset • Team Lead • Provides oversight and direction for hunters • Communicates with internal & external stakeholders • Developer • Integrates threat hunting toolsets and processes • Ability to develop custom scripts • Incident Responder • Identify system configuration anomalies • Develop new or modify rulesets based on findings
Threat Detection vs Threat Hunting
IOC & IOA 1. Unusual Outbound Network Traffc 2. Anomalies In Privileged User Account Activity 3. Geographical Irregularities 4. Log-in Irregularities and Failures 5. Swells In Database Read Volume 6. HTML Response Sizes 7. Large Numbers Of Requests For The Same File 8. Mismatched Port-Application Traffc 9. Suspicious Registry Or System File Changes 10. DNS Request Anomalies
Determining What to Hunt For and How Often Here’s an example list of potential attacker activities and techniques you might identify: • Malware Beaconing • DLL Injection • Pass the Hash (PtH) • Shared Webroot • DNS Tunneling
Data Sources • Endpoint Logs: * Winaudit * EPS – Endpoint Protection System * Windows Event Forwarding * SIEM Collectors * EDR – Endpoint Detection & Response Tools • Network Logs: * DNS * Firewall * IDPS * Wireshark • Account Logs: * Active Directory * VPN’s If you’re capturing any of these logs, you can start hunting for malicious activity – you’ve already got the data!
Network Hunting
You need to be able to prove the Incidents  Tracking * Who did what when? * What systems? * What user accounts? * When did activities occur? * What data is being accessed?  Organization * Visibility into team member activity * Project status tracking at every stage * Quantify metrics
Practical • Process Explorer & Autoruns • Wireshark • System Logs
Case Study An expert threat hunter analyzes the family, studies the characteristics and discovers that: • It is a worm written in JavaScript / VBScript • It is spread by removable drives (pen drives, hard drives, etc.) by creating LNKs • It is placed in the startup of the system • The C & C server updates its code • Anti-debug / anti-vm / anti-emulation measures • Highly obfuscated in the latest versions • Very difficult to detect statically / firm • It spreads throughout the network very quickly • Very difficult to disinfect after spreading through the network
Conclusion Attackers are evolving and adapting to tools and services. Malwares are not only the Concern but the Malware Writers are. Breaches are happening every now and then, Continuous analysis and threat hunting is the solution ! Hunt Hackers Now Before They Hunt You..
Thank you Cyber Octet Team - खतरों के खखलाड़ी info@cyberoctet.com +91- 98244 35293 https://www.cyberoctet.com

Empfohlen

Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
penetration Tester
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
Anton Chuvakin
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
Sameer Thadani
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Security testing
Security testingSecurity testing
Security testing
baskar p
 

Empfohlen

Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
penetration Tester
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
Anton Chuvakin
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
Sameer Thadani
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Security testing
Security testingSecurity testing
Security testing
baskar p
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
Mohammed Adam
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
Edureka!
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Mazenetsolution
 
Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities
Joel Aleburu
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
Priyanka Aash
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
Edureka!
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
Priyanka Aash
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Cyber security
Cyber securityCyber security
Cyber security
Eduonix
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
TISA
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident Response
Infocyte
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
newbie2019
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
rajakhurram
 

Weitere ähnliche Inhalte

Was ist angesagt?

Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
Edureka!
 
Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities
Joel Aleburu
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
Edureka!
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
TISA
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 

Was ist angesagt? (20)

Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Cyber security
Cyber securityCyber security
Cyber security
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident Response
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 

Ähnlich wie Threat Hunting by Falgun Rathod - Cyber Octet Private Limited

NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
Atif Ghauri
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
Paranoia 2018: A Process is No One
Paranoia 2018: A Process is No OneParanoia 2018: A Process is No One
Paranoia 2018: A Process is No One
Jared Atkinson
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
Spyglass Security
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 

Ähnlich wie Threat Hunting by Falgun Rathod - Cyber Octet Private Limited (20)

Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management Handbook
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slides
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit v
 
Paranoia 2018: A Process is No One
Paranoia 2018: A Process is No OneParanoia 2018: A Process is No One
Paranoia 2018: A Process is No One
 
CNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsCNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 Leads
 
Threat Hunting Professional Online Training Course
Threat Hunting Professional Online Training CourseThreat Hunting Professional Online Training Course
Threat Hunting Professional Online Training Course
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
building foundation for ethical hacking.ppt
building foundation for ethical hacking.pptbuilding foundation for ethical hacking.ppt
building foundation for ethical hacking.ppt
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response Architecture
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
EmPOW: Integrating Attack Behavior Intelligence into Logstash Plugins
EmPOW: Integrating Attack Behavior Intelligence into Logstash PluginsEmPOW: Integrating Attack Behavior Intelligence into Logstash Plugins
EmPOW: Integrating Attack Behavior Intelligence into Logstash Plugins
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
 

Mehr von Falgun Rathod

Mehr von Falgun Rathod (6)

Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
 
Open Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodOpen Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 
Penetration Testing, Auditing & Standards Issue : 02_2012-1
Penetration Testing, Auditing & Standards Issue : 02_2012-1Penetration Testing, Auditing & Standards Issue : 02_2012-1
Penetration Testing, Auditing & Standards Issue : 02_2012-1
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 

Kürzlich hochgeladen

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Kürzlich hochgeladen (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

Threat Hunting by Falgun Rathod - Cyber Octet Private Limited

  • 2. Who I am Falgun Rathod • Managing Director at Cyber Octet Pvt. Ltd. • 10+ Years Experience in Cyber Security • Served 120+ Clients • Consultant to Government Agencies • Threat Hunter | Ethical Hacker • Penetration Tester • Core Subjects – Industrial Control Systems, Social Engineering, GRC.
  • 3. Covered Today • Threat Hunting Defined • Why Threat Hunting • Skills required • Threat Detection VS Threat Hunting • What to Hunt • Techniques • Practical • Conclusion
  • 4. Breaches are Expensive! • Average cost of a breach in the US is $7.9M • Average cost of a breach globally is $3.8M • Takes an average of 197 days to identify a breach • Average span of 69 days to contain a breach
  • 5. Threat Hunting Defined  Objectives * Identify compromised systems and accounts * Improve security monitoring detection rules * Perform forensics at scale  Hunt Strategies * Threat Intelligence – Sweep for known bad * Anomaly – Configurations with the least frequency of occurrence * Behavioral – Attacker tools, tactics, and techniques  Risks Mitigated * “Pre-existing conditions” – historic compromises * Blind spots – limited security monitoring visibility * Secondary compromises – attackers move off patient 0
  • 6. Why Threat Hunting • Attacks leave behind valuable traces • Failed attacks • Probes • Discover weaknesses • Find activity before it becomes a disaster
  • 7. People Involve & Skillset • Team Lead • Provides oversight and direction for hunters • Communicates with internal & external stakeholders • Developer • Integrates threat hunting toolsets and processes • Ability to develop custom scripts • Incident Responder • Identify system configuration anomalies • Develop new or modify rulesets based on findings
  • 8. Threat Detection vs Threat Hunting
  • 9. IOC & IOA 1. Unusual Outbound Network Traffc 2. Anomalies In Privileged User Account Activity 3. Geographical Irregularities 4. Log-in Irregularities and Failures 5. Swells In Database Read Volume 6. HTML Response Sizes 7. Large Numbers Of Requests For The Same File 8. Mismatched Port-Application Traffc 9. Suspicious Registry Or System File Changes 10. DNS Request Anomalies
  • 10. Determining What to Hunt For and How Often Here’s an example list of potential attacker activities and techniques you might identify: • Malware Beaconing • DLL Injection • Pass the Hash (PtH) • Shared Webroot • DNS Tunneling
  • 11. Data Sources • Endpoint Logs: * Winaudit * EPS – Endpoint Protection System * Windows Event Forwarding * SIEM Collectors * EDR – Endpoint Detection & Response Tools • Network Logs: * DNS * Firewall * IDPS * Wireshark • Account Logs: * Active Directory * VPN’s If you’re capturing any of these logs, you can start hunting for malicious activity – you’ve already got the data!
  • 13. You need to be able to prove the Incidents  Tracking * Who did what when? * What systems? * What user accounts? * When did activities occur? * What data is being accessed?  Organization * Visibility into team member activity * Project status tracking at every stage * Quantify metrics
  • 14. Practical • Process Explorer & Autoruns • Wireshark • System Logs
  • 15. Case Study An expert threat hunter analyzes the family, studies the characteristics and discovers that: • It is a worm written in JavaScript / VBScript • It is spread by removable drives (pen drives, hard drives, etc.) by creating LNKs • It is placed in the startup of the system • The C & C server updates its code • Anti-debug / anti-vm / anti-emulation measures • Highly obfuscated in the latest versions • Very difficult to detect statically / firm • It spreads throughout the network very quickly • Very difficult to disinfect after spreading through the network
  • 16. Conclusion Attackers are evolving and adapting to tools and services. Malwares are not only the Concern but the Malware Writers are. Breaches are happening every now and then, Continuous analysis and threat hunting is the solution ! Hunt Hackers Now Before They Hunt You..
  • 17. Thank you Cyber Octet Team - खतरों के खखलाड़ी info@cyberoctet.com +91- 98244 35293 https://www.cyberoctet.com