Hunting on Amazon Web Services (AWS) - SANS Threat Hunting Summit 2017

Автор: SANS Digital Forensics and Incident Response

Загружено: 2017-08-23

Просмотров: 6494

Описание: While ‘hunting’ has come to mean targeted searches for IOCs, I always considered it operations that perturb the environment in order to illuminate adversary activity. For instance you might bounce a server and see if they try to reacquire. This was risky in
a traditional datacenter, but the modern methodologies embraced at Netflix, such as microservices and Continuous Deployment, make it tractable.

In this presentation they explore tools and tactics that enable a broad range of hunting activities on Amazon Web Services (AWS). We will discuss how to leverage native AWS APIs and services, as
well as supplement them with Open Source tools on the host, and navigate the ‘shared responsibility model’ to hunt in a large scale production environment.

Alex Maestretti (@maestretti)
Engineering Manager, Netflix

Forest Monsen (@forestm)
Senior Security Response Engineer, Netflix

Не удается загрузить Youtube-плеер. Проверьте блокировку Youtube в вашей сети.
Повторяем попытку...

Hunting on Amazon Web Services (AWS) - SANS Threat Hunting Summit 2017

Доступные форматы для скачивания:

Скачать видео

Информация по загрузке:

Скачать аудио

Похожие видео

Threat Hunting in Security Operation - SANS Threat Hunting Summit 2017

Threat Hunting in Security Operation - SANS Threat Hunting Summit 2017

Incident Response in the Cloud (AWS) - SANS Digital Forensics & Incident Response Summit 2017

Incident Response in the Cloud (AWS) - SANS Digital Forensics & Incident Response Summit 2017

AWS re:Inforce 2019: Threat Detection on AWS: An Introduction to Amazon GuardDuty (FND216)

AWS re:Inforce 2019: Threat Detection on AWS: An Introduction to Amazon GuardDuty (FND216)

Real-Time Threat Hunting - SANS Threat Hunting & Incident Response Summit 2017

Real-Time Threat Hunting - SANS Threat Hunting & Incident Response Summit 2017

AWS re:Invent 2019: Actionable threat hunting in AWS (SEC339)

AWS re:Invent 2019: Actionable threat hunting in AWS (SEC339)

AWS re:Inforce 2019: The Fundamentals of AWS Cloud Security (FND209-R)

AWS re:Inforce 2019: The Fundamentals of AWS Cloud Security (FND209-R)

Поиск угроз через Sysmon — саммит SANS Blue Team

Поиск угроз через Sysmon — саммит SANS Blue Team

Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017

Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017

Мониторинг безопасности облака и обнаружение угроз в AWS

Мониторинг безопасности облака и обнаружение угроз в AWS

Сисадмины больше не нужны? Gemini настраивает Linux сервер и устанавливает cтек N8N. ЭТО ЗАКОННО?

Сисадмины больше не нужны? Gemini настраивает Linux сервер и устанавливает cтек N8N. ЭТО ЗАКОННО?

Как охотиться на опасных животных как профессионал: простой способ

Как охотиться на опасных животных как профессионал: простой способ

Getting Hands on with Amazon GuardDuty - AWS Virtual Workshop

Getting Hands on with Amazon GuardDuty - AWS Virtual Workshop

Эксперт по кибербезопасности о ваших паролях, вирусах и кибератаках

Эксперт по кибербезопасности о ваших паролях, вирусах и кибератаках

Kubernetes — Простым Языком на Понятном Примере

Kubernetes — Простым Языком на Понятном Примере

Threat Hunting in the Cloud! -- Pwned Labs!

Threat Hunting in the Cloud! -- Pwned Labs!

ShimCache and AmCache enterprise-wide hunting - SANS Threat Hunting Summit 2017

ShimCache and AmCache enterprise-wide hunting - SANS Threat Hunting Summit 2017

"CloudTrail Logging Internals: A Methodology For Investigating AWS Security Incidents" - Eliav Levy

Threat Hunting AWS CloudTrail Logs with Microsoft Sentinel: Real-Time Attack Demo | Arijit Paul

Threat Hunting AWS CloudTrail Logs with Microsoft Sentinel: Real-Time Attack Demo | Arijit Paul

КАК УСТРОЕН TCP/IP?

КАК УСТРОЕН TCP/IP?

How To Investigate A Compromised AWS Cloud Environment

How To Investigate A Compromised AWS Cloud Environment