Signatures are dead, or so we’re told. It’s true that many items that are shared as Indicators of Compromise (file names/paths/sizes/hashes and network IPs/Domains) are no longer effective. These rigid indicators break at the first attempt at evasion. Creating resilient detections that stand up to attempted evasion by dedicated attackers and researchers is challenging but possible with the right tools, visibility, and methodical approach. As part of FireEye’s Advanced Practices Team, Matthew Dunwoody and Daniel Bohannon are tasked with creating resilient, high-fidelity detections that run across hundreds of environments and millions of endpoints. In this talk they will share insights on our processes and approaches to developing detection – including practical examples derived from real-world attacks – that you will be able to apply across many common and open-source security tools.
-
Find out what happened during a ransomware attack on computer
Introduction The encryption pandemic has swept the world. No commercial companies or gover… -
PC3000 Portable III in Digital Forensics
Introduction Sooner or later, most forensics experts have to deal with damaged hard drives… -
How to analyze different types of devices and find connections between them
Modern digital forensics and incident response cases may involve quite different types of …
Load More Related Articles
-
Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis
Last week Sarah Edwards attended MacDevOpsYVR in Vancouver, Canada, and had a talk about h… -
A Brief History of Attribution Mistakes
This presentation will examine the analytic mistakes the infosec community has made over t… -
Windows Store & Apps Analysis
Here are research, tools and scripts presented at Magnet User Summit 2019 by Yogesh Khatri…
Load More In Presentations
Comments are closed.
