These days, threat hunting has become a hot topic in the news and the cyber security industry. Everywhere you look, people are trying to show how their product is doing it, talking about how they could do it, and how by doing it threat hunting will solve all the challenges of cyber security. But, with all this hype it also seems like the term "threat hunting" has become another square on the buzzword bingo card. We don't like that, and we're pushing back.
That is why at Intel 471, we have put together a webinar series called "Do You Even Threat Hunt, Bro" that aims to show true behavioral threat hunting in action and demonstrate the benefits it can have for organizations!
Join one of Intel 471's lead threat hunters, Scott Poley, as he demonstrates a technique used by adversaries and cyber criminals alike, by abusing WMIC to copy and execute payloads on remote endpoints. This session will demonstrate what true behaviorally-based threat hunting looks like, and why organizations need to start adopting threat hunting and take the fight to the adversary!
The webinar will show you what you need to know (and more importantly, do!) to proactively threat hunt in your environment, and most importantly, find out: Do You Even Threat Hunt, Bro?
This technical webinar will cover:
- A hands-on-keyboard demonstration of how an attacker can abuse WMIC to perform lateral copy and execution of a payload on a remote endpoint.
- A practical threat hunting session that guides participants in how the technique works, and why attackers would want to use it post-initial access.
- A breakdown of the behavior in the environment, and how to hunt for this technique in participants' environments.
- Strategies of improving threat hunting and threat detection capabilities without the need for new tools, agents, or appliances.
- How complex behavioral content can allow discovery of actors long before traditional security controls.