Fall Cyber Solutions Fest 2024: Threat Hunting and Intelligence Track

Going from responding to incidents to actively hunting threats is a stance shift that requires maturity in your cybersecurity journey. It also requires having access to the right threat intelligence, the right visibility across your environment, as well as the right tools to do the job. 

That's where the Fall Cyber Fest Threat Hunting & Intelligence Track comes in. Advances in data science and artificial intelligence can help organizations bridge the maturity gap, but we shouldn’t forget that it’s ultimately a human with financial or geopolitical interests who’s behind these attacks. Also, the same technology is available to both sides, and just as quickly as new models become more effective at threat detection, malicious actors grow more capable at confusing those models.

Likewise, organizations have now access to threat intelligence sources through various vendors and platforms. Yet many are not necessarily seeing all the value threat intelligence can bring because they don't understand how to operationalize it or they are not taking advance of the tools that can help them automate and accelerate their threat-hunting programs.

At the same time many security practitioners still struggle with the basics, the three big “knows” that every organization should focus on: knowing your enemy, knowing your network, and knowing your tools. Why? In many cases they are too busy responding to alerts and false positives to do what's needed for a threat-hunting program to be successful.

What should organizations do in 2024/2025 to take a more proactive stance, operationalize threat intelligence and focus on maturing their threat hunting program?

What to Expect:

  • Enriching alerts with threat intelligence
  • Utilizing XDR and MDR services to help accelerate your threat-hunting program
  • Operationalizing threat intelligence
  • Automating threat hunting tasks with XDR, NDR, and threat intelligence solutions
  • Identifying the most actionable intelligence for the organization

Additional Fall Cyber Fest Tracks:

Why Register?

  • Expert-Led Sessions
  • Flexible Attendance (Attend live or watch on your own time!)
  • On-Demand Access (Revisit sessions at your convenience!)
  • Connect with Industry Leaders
  • Build Your Professional Network
  • Exclusive Insights
  • Earn CPE Credits

SANS Slack

  • Get connected with our event chairs, guest speakers, and fellow attendees for our 2024 events --> GET CONNECTED
Threat Track Reg Page

Thank You To Our Sponsors

Anomali_Logos_Anomali Full Color Primary - NEW.pngCensys_Logo_Black_Text.pngCorelight_Transparent.pngIntel471 Logo - Transparent.pngLookout-Logo-TM-Pref-16L-Full-Pos-RGB.pngManageEngine_Div_of_Zoho_Corp_Dark_(PNG).pngNEW.pngthreatconnect-signature.png

Agenda | November 8, 2024 | 9:15AM - 2:00PM ET

Register now and join us for a day of thought-provoking content!

Timeline (EDT)

Session Details

9:15 AM

Welcome & Opening Remarks

Terrence Williams, Certified Instructor, SANS Institute

9:30 AM

Session One: Cybersecurity essentials for threat detection and remediation

With emerging new-age threats on one side and

- Log management basics: Consolidate and centralize log data

- Attack strategies of the present day:

- Vulnerabilities
- PowerShell tricks
- Cloud-based threats
- Defense evasion
- Facets that simplify attack detection, remediation, and incident investigation
- Dashboards for compliance management.

Ranjith, Senior Technology Evangelist, ManageEngine

10:00 AM

Break

10:15 AM

Session Two | Using Enriched NDR Data for Threat Hunting in the Cloud

This session will discuss how Corelight uses cloud-enriched Zeek logs for public-cloud visibility and threat hunting. We will discuss how Corelight's foundation of Zeek enables dynamic tagging of traffic logs with public cloud details to enable faster incident response and threat hunting with additional contextual information.

Mark Overholser, Technical Marketing Engineer, Corelight

10:45 AM

Session Three | Tracking APT41 with Mobile EDR

APT41 is a state-sponsored APT espionage group based in the People’s Republic of China that has been active since 2012. Unlike many nation-state-backed APT groups, APT41 has a track record of compromising both government organizations for espionage, as well as different private enterprises for financial gain. According to U.S. grand jury indictments from 2019 and 2020, the group was involved in compromising over 100 public and private organizations, and individuals in the United States and around the world, including Australia, Japan, India, South Korea, Singapore, and Taiwan. These companies include software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

During this session, we will provide insight how Lookout collects, analyzes, and enriches their data set, and how Lookout was able to identify DragonEgg and WyrmSpy using Lookout's mobile endpoint detection and response capability.

Jim Coyle, Public Sector CTO, Lookout

11:15 AM

Session Four | Strengthening Detection & Response with Censys

Join us at the Fall Cyber Solutions Fest 2024 Detection & Response Track to explore how Censys technologies empower security teams to enhance visibility, reduce response times, and fortify their security operations. We will explore how continuous monitoring, automated risk prioritization, and seamless integration with security tools help analysts detect emerging threats faster, close detection gaps, and enhance overall SOC performance. Learn to leverage these capabilities for automating vulnerability assessments and operationalizing your detection workflows.

Shunta Sharod Sanders, Senior Federal Pre-Sales Engineer, Censys

11:45 AM

Break

12:00 PM

Session Five | Keynote: Technology for the Good of the Community

Join us for this enlightening keynote session where you will learn the following:

- How AI is evolving from large language models to large quantitative models, and associated security implications- The intersectionality of quantum computers and cybersecurity- Recommendations for how organizations should protect their crown jewels data from threats of today, and tomorrow

And so much more!! Don't miss it.

Rob E. Williams, Head of Global Channels, SandboxAQ

12:50 PM

Afternoon Kick-off

Terrence Williams, Certified Instructor, SANS Institute

1:00 PM

Session Six | Cryptojacking in the Cloud

Megan Roddie, Co-Author, SANS Institute & Sr. Security Engineer, Datadog

1:20 PM

Session Seven | Ghosts in the Network - Uncovering APTs Like Hidden Cobra Without Clear Indicators of Compromise

In this session, we will explore the technical intricacies of detecting targeted malware in APTs when you are under a sophisticated attack. As a real-world example, we will follow Hidden Cobra’s operations, especially its evasive malware. You’ll learn how to enhance your network security even without clear Indicators of Compromise (IOCs) to stay ahead of increasingly sophisticated attack campaigns. Join us to learn about how to hunt malware in your organization and get critical takeaways around:

  • Who is Hidden Cobra (Lazarus), and Why are they so Dangerous
  • How to Read a Cyber Threat Report and Get the Usable Information You Need
  • What are the Current Malware Campaigns - such as COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH
  • Advanced Methods to Uncover Hidden Threats in Your Network, Including Some You May Have Never Seen Before

Ali N. Khan, Field CISO, ReversingLabs

Stuart Phillips,Threat Intelligence Researcher, Reversing Labs

1:50 PM

Wrap-Up

Terrence Williams, Certified Instructor, SANS Institute