Threat Hunting Tutorial: How to use Network Metadata to detect threats

Описание к видео Threat Hunting Tutorial: How to use Network Metadata to detect threats

The network metadata the Recall platform produces can be valuable for threat investigations. Have you wondered how you could make use this same metadata to hunt for threats? In this video Vectra MDR analysts will cover three specific use cases utilizing network metadata to hunt for Log4Shell, PrintNightmare, and Kerberoasting. They will walk you through the specific workflows for each attack technique, provide best practices for hunting in your own environment, and take questions from the audience. Vectra Recall will be used for this webinar; however, the same methodologies can be applied to network metadata obtained from Vectra Stream.

You will learn how to:
► Hunt for three commonly utilized attack techniques
► Utilize multiple metadata types to uncover possible attack behavior 
► Build Recall dashboards customized to your environment 

00:00 Introduction to Advanced Threat Hunting with Network Metadata
01:54 Why should you hunt?
04:49 Why hunting threats with network metadata?
05:41 How can Vectra Recall help you threat hunting?
06:16 List of metadata streams used for threat hunting.
06:49 Threats, Vulnerabilities and Risk
07:29 The difference between risk and vulnerability
09:00 Hunting for PrintNightmare
09:20 PrintNightmare vulnerability explained
13:24 How to find a PrintNightmare exploit
19:11 Log4Shell vulnerability explained
21:50 Log4Shell - Attack Overview
26:27 Log4Shell demo
35:28 Kerberos explained
38:31 Kerberos Service Principal Names
40:30 Kerberoasting HOST SPN
43:20 How to detect a Kerberoasting attack
44:55 Hunting for Kerberoasting
56:00 Additional resources

Resources:
🔗 Watch Part One "Introduction to Threat Hunting with Network Metadata":    • Introduction to Threat Hunting with N...  
🔗 Threat Hunting Ultimate Guide: https://bit.ly/threat-hunting-guide
🔗 Dashboards for Threat Hunting Webinar Series: https://bit.ly/github-threat-hunting-...
🔗 Article on cisa.gov "Cyber Actors Gain Network Access by Exploiting PrintNightmare": https://bit.ly/cisa-russian-cyber-actors


► Learn more at www.vectra.ai

Комментарии

Информация по комментариям в разработке

Похожие видео