LAST DAY to get a free GIAC Certification attempt with associated Live Online course purchase!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Welcome Threat Hunters, Phishermen, and Other Liars

  • Tuesday, September 20, 2016 at 10:00 PM EDT (2016-09-21 02:00:00 UTC)
  • Rob Lee

You can now attend the webcast using your mobile device!



SANS Asia-Pacific Webcast Series- Welcome Threat Hunters, Phishermen, and Other Liars

Join us for the next installment of the SANS APAC webcast series, 'Welcome Threat Hunters, Phishermen, and Other Liars'.

Topic: Welcome Threat Hunters, Phishermen, and Other Liars
Presenter: Rob Lee, SANS Faculty Fellow
Date: Wednesday, September 21, 2016
Time: 10:00 am Singapore / 12:00 pm Sydney
Note: This webcast is free of charge however a SANS portal account is required (see webcast link for details)
SANS Asia-Pacific Webcast Series- Welcome Threat Hunters, Phishermen, and Other Liars

Over the past few years, a new term has continually popped up in the IT Security community called "Threat Hunting." While the term seems like it is a new thing, it is the reason all of us joined IT Security in the first place. We "Find Evil." While I was at Mandiant and in the US Air Force, "Finding Evil" was our tagline while we were on engagements.

The concept and root idea of Threat Hunting is nothing new. When I first started in IT Security back in the late 90s, my job was to find threats in the network. This led to automated defenses such as Intrusion Detection Systems, monitoring egress points, logging technology, and monitoring the defensive perimeter hoping nothing would get in. Today, while the community is trying to identify intrusions, threat hunting has evolved to be something a bit more than the loose definition of "Find Evil" primarily due to the massive amount of incident response data currently collected about our attackers. This data has evolved into Cyber Threat Intelligence. It is hard to simply "Go Find Evil" but if armed with a bit of CTI in the mix -or essentially what you might be looking for, or what your adversaries are likely interested in, it makes the hunt more targeted. These indicators are used to great effect when used properly and proactively against a threat group. Threat hunting has improved the accuracy of threat detection due to the fact that we can focus our searching on the adversaries exploiting our networks - Humans hunting humans. Even with knowing where to look, tools are now being introduced to help make hunting more practical across an enterprise.This talk was put together to outline what exactly "Threat Hunting" means and will step you through exactly what threat hunting is and how it works.

Speaker Bio

Rob Lee

Rob Lee is the curriculum lead and author for digital forensic and incident response training at the SANS Institute. With more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response, he provides consulting services in the Washington, D.C. area. Before starting his own business, Rob worked with government agencies in the law enforcement, defense and intelligence communities as a lead for vulnerability discovery and exploit development teams, a cyber forensics branch, and a computer forensic and security software development team. He also worked for a leading incident response service provider and co-authored Know Your Enemy: Learning About Security Threats, 2nd Edition.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.