Securi-Tay 2017 - Advanced Attack Detection HD

We hear about advancements in the offensive security realm all the time, with new attack techniques being published, new tools released and high profile breaches of major organisations reported in the news. With a whole bunch of technical certifications, training and frameworks available, the offensive security industry is very well represented and fairly well understood, at least in comparison to defensive security. But what do these attacks actually look like, how can we defend against them, and what techniques are there for detecting them? In this talk, we’ll explain some of the technical concepts of threat hunting. We will be looking at what is beyond traditional signature detection – the likes of AV, IPS/IDS and SIEMs, which in our experience are ineffective – and detailing some of the ways you can catch real attackers in the act. As a case study, we’ll look at some of the specifics of common attack frameworks - the likes of Metasploit and Powershell Empire - walking through an example attack, and showing how they can be detected. From large-scale process monitoring to live memory analysis and anomaly detection techniques, we will cover some of the technical quirks when it comes to effective attack detection. About William Burgess & Matt Watkins This presentation will be given by myself and a colleague, Matt Watkins, from Countercept, MWR Info Security. Our interests are in the nitty gritty of Windows Internals, detecting bad guys, memory forensics and threat hunting, and this talk will outline our experiences of doing this at scale.