| Channel | Publish Date | Thumbnail & View Count | Download Video |
|---|---|---|---|
 | Publish Date not found |  0 Views |
Contact Black Hills Infosec if you need Pentesting, Threat Hunting, ACTIVE SOC, Incident Response or Blue Team Services – https://www.blackhillsinfosec.com/
00:00 – Introduction
01:25 – Problem statement
03:41 – Consistencies
07:43 – Construction
09:28 – Why, brother
11:40 – Rita is the heart of it
16:50 – VSAgent
5:30 p.m. – DNSCat
17:57 – Show
20:12 – Round-robin malware beaconing
21:44 – Connection to the Ministry of Defense
25:40 – Question: AWS
27:35 – Lessons
30:57 – Blacklist
32:09 – What you should pay attention to
34:40 – Note on porn
35:58 – When good websites go bad
39:15 – Spyware
41:27 – Compromised servers
43:38 – Crypto mining
45:24 – Online resource: IP/URL invalid
46:08 – Online Resource: BGP/ASN Ranking
46:55 – Online Resource: Shodan
47:36 – Online Resource: PunkSPIDER
48:48 – Conclusions and questions
50:47 – Q: What happened to John Strand? vs. John Strand
52:20 – Q: Is Rita modular
54:00 – F: More about Rita
57:18 – Active Countermeasures – BHIS Product
01:01:38 – Deployment options
01:03:12 – Demo and questions
01:21:40 – Prices and other questions
Description: In this webcast, John goes over some cool things we've found useful in some current network hunting teams. He also shares some of our techniques and tools (like RITA) that we use all the time to process massive amounts of data. There are a lot of great websites that can greatly increase the effectiveness of your network threat hunting.
For anyone interested, we will be demonstrating our new commercial threat hunting tool, AI Hunter, after the webcast. We are currently looking for beta testers who have ready-to-use Span ports and may already be using Bro.
The demo will take place after the class with free tools and techniques. Free material, break, then the demo. We won't bother you with spam about the product afterward, we promise.
Slides available here: https://www.blackhillsinfosec.com/webcast-tales-network-threat-hunting-trenches/
Black Hills Infosec Social Networks
Twitter: https://twitter.com/BHinfoSecurity
Mastodon: https://infosec.exchange/@blackhillsinfosec
LinkedIn: https://www.linkedin.com/company/antisyphon-training
Discord: https://discord.gg/ffzdt3WUDe
Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections
Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/services/active-soc/
Penetration testing: https://www.blackhillsinfosec.com/services/
Incident Response: https://www.blackhillsinfosec.com/services/incident-response/
Backdoors & Breaches – Incident Response Card Game
Backdoors and security breaches: https://www.backdoorsandbreaches.com/
Play B&B online: https://play.backdoorsandbreaches.com/
Antisiphon training
Pay what you can: https://www.antisyphontraining.com/pay-what-you-can/
Live training: https://www.antisyphontraining.com/course-catalog/
On-demand training: https://www.antisyphontraining.com/on-demand-course-catalog/
Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest
Active Countermeasures YouTube: https://youtube.com/activecountermeasures
Antisyphon training on YouTube: https://www.youtube.com/antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/
#bhis #infosec
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.
