Session 2: Hunting for "Living off the Land" Attack Scenarios
Presented by LogRhythm
Speaker: Brian Coulson, Threat Research Senior Engineer, LogRhythm, Inc
10:15 AM - 11:00 AMTue
Santa Fe Room
Threat Research Senior Engineer
Description: Attendees to this session are in for a treat as they will get to spend some valuable time with LogRhythm's most senior threat analyst. In this threat hunting training session, Brian will walk the attendee through scenarios focused on commonly used Powershell attacks within "Living off the Land" style of offensive measures. By using customized SIEM dashboarding and targeted search parameters, you will learn how to efficiently hunt for suspicious indicators within generally available Powershell and Microsoft Sysmon log events. Besides sharing a few of his most interesting threat hunting stories, Brian will show you how to identify and act upon strange patterns and unique indicators of compromise that can tip the balance back in your favor.
Expected Outcome: Attendees will leave with an understanding of how bad actors are leveraging standard tools already installed on target systems as well as threat hunting techniques to seek out those using "Living off the Land" style of attacks.
Intended Audience: The intended audience for this session will be Managers, Supervisors, Architects, Security Analysts, SOC Operations, and Technical staff.