Introducing the New DFIR Hunt Evil Poster
In this webcast, Rob Lee and Mike Pilkington will take you through a deep-dive of the new 'Hunt Evil ' poster. The new 'Hunt Evil ' poster is a significant update to the 'Find Evil ' poster introduced in 2014. Like the old poster, it is designed to help incident responders and threat hunters search for anomalous activity that could indicate intruder activity in the environment.'the first side is titled \Find Evil: Know Normal". It focuses on what processes are normal on a Windows 10 host, how they launch, and how they interact. This is a useful reference to recognize what's normal in Windows, and help to focus attention on any outliers. The second side is titled "Hunt Evil: Lateral Movement". It's an all-new design that provides a graphic cheat sheet of the most likely techniques attackers will use to move data and execute code remotely. Every adversary, including the most skilled, will use some form of lateral movement technique described in the poster. Join Rob and Mike as they discuss how the 'Hunt Evil ' poster can help make responders and hunters more efficient at scoping, hunting, and anticipating future attacker activity across the network.
