Threat Modeling and Defensive Indicator Design

Does your organization want to start Threat Hunting, but you’re not sure how to begin? Do you find yourself in a cycle of creating “detections” without any strategic direction? In this talk, I focuses on building defensive indicators by starting with the attack in mind. Through the use of a case study, I will describe my process for researching a technique from the underlying technology all the way to the specific implementations. This case study will focus on Access Token Manipulation, a popular technique used by attackers to assume the identity of a different user account than their own. Along the way, I will describe how I research an attack technique’s technical details, my process for creating a proof-of-concept implementation of the attack technique, how I identify what data is necessary to collect for detection, and testing detection at scale.

  Back to timeline

Session information

Track: Security
Time and date: 01/02/2018, 14:40
Location: Security (Room 1)

  Add to calender


Jared Atkinson

Company: Specter Ops
Position: Technical Lead