Explore the evolution and practical application of threat hunting in cybersecurity through this Security BSides London conference talk. Delve into the distinction between traditional security monitoring and modern threat hunting techniques. Discover key datasets, analytical approaches, and cutting-edge Tactics, Techniques, and Procedures (TTPs) essential for effective threat hunting at scale. Learn about real-world compromises that evaded traditional detection methods but were uncovered through hands-on threat hunting. Gain insights into the Paris Model, manual vs. automated approaches, and the impact of events like the Shadow Brokers leak. Examine various data sources, analysis techniques, and tools used in threat hunting, including hashes, endpoints, network tools, and memory injection. Understand the role of frequency analysis, machine learning, and automation in enhancing threat detection capabilities. Acquire practical tips for implementing threat hunting, including a quick insider attack demonstration and the use of tools like Imhotep. Explore strategies for improving defense and detection methods, and gain perspective on the relationship between threat hunting and Red Team activities. Read more