A Practical Approach to Hunting Adversary Infrastructure

  • Monday, 12 Jul 2021 12:00PM EDT (12 Jul 2021 16:00 UTC)
  • Speaker: Tim Helming, Security Evangelist

Hunting on adversary infrastructure can pay off for blue teams by exposing comprehensive malicious campaigns. This creates a form of grassroots threat intelligence which has immediate relevance, because it is based on starting with traffic actually observed in the protected environment, and pivoting from there. Not only is this form of hunting relatively easy to carry out, and effective, but parts of it also lend themselves to automation, whether via a dedicated SOAR platform, or via scripting against DomainTools Iris APIs. This webinar covers why infrastructure hunting is important, how it works, and how teams can get started with it.