Incidents happen. The question is when. And maybe even better question is not when it will happen, but what if it has already happened. The attack could be stealthy and undetected yet. However, we can assume that the attack is still ongoing. Now, with this mindset, lets focus on our possibilities. How we can detect the attack and verify our hypothesis? The answer is Threat Hunting.
Probably there are some reasons why we could be targeted by the specific threat actors. We can analyse the threat landscape and learn about our enemies, because our enemies are aware of us – they already started with their reconnaissance. So, we can leverage the Threat Intelligence to speedup our Threat Hunting. We can target the specific threats relevant in our context to be more specific and bring even more precision to our hunting.
This instructor-led training we will cover the necessary theory, but we will mostly focus on practise and hands-on exercises. We will take steps to prepare for the Threat Hunting such as sharpen our detection techniques based on host and network artifacts. Then, we should be able to detect the attacker’s footprint in the (lab) environment, putting the traces together and investigate the (simulated) cyber attack.
During the training, we will:
- discuss various Threat Hunting approaches and strategies
- introduce Threat Intelligence basics
- collect and prepare Indicators of Compromise and detection signatures
- detect host-based and network-based intrusions
- perform targeted Threat Hunting based on relevant Threat Intelligence data
Network Analyst | Eset
Ladislav Baco is a Senior Security Consultant and Malware Analyst, with more than 10 years of experience in computer security, computer science and education. During his previous employments he worked as the Director of Research and Development at private company and for the Government of EU Country as an analyst in National and Governmental CSIRT Slovakia, with focus on incident response, malware analysis and forensic analysis. Later he also led CSIRT’s Analytical Department and Department of Cyber Threat Analysis.
He also cooperates with multiple Universities in Slovakia on cyber security educational programs for students and consulted on their bachelors and diploma theses.
Moreover, Ladislav participated in many famous cyber security exercises (such as Cyber Europe by Enisa or Locked Shields and Cyber Coalition organized by NATO CCD COE) and has hands-on experience with real APT and targeted attacks.
Currently Ladislav is focused mainly on network attacks, incident response, threat hunting, cyber threat analysis and malware analysis, which includes his own research of famous malware families as well as APT attacks and new approaches of cyber threat remediation.