Detection and Analysis

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:01
Welcome to Module three. Lesson to detection and analytics.
00:08
In this lesson, we will explore how attack and cyber threat intelligence can help us prioritize techniques and build better detection Analytics
00:19
building. From our last lesson, we can use cyber threat intelligence to prioritize which tactics and techniques are most critical for us to defend
00:28
and in this example will focus on credential access, specifically the else house memory sub technique of OS credential dumping.
00:38
We can use the data with an attack
00:40
to begin to identify trends and, in this case, how often this sub technique is executed with the Mimi Cats tool.
00:50
Before we begin our detection engineering process, let's look back at David Bianco's Pyramid of Pain for wisdom and advice.
00:59
Well, we could target hash values. Many cats, as we recall these values could change very often and won't inflict much pain back to the adversary.
01:08
We can continue to work our way up the pyramid of pain
01:11
and to eventually reach the top.
01:12
We asked a tough question. What does Mimi cats actually do?
01:21
An attack can help answer that question.
01:23
The description of the stuff technique will explain
01:26
how adversaries can dump credentials from Elsa's memory.
01:30
But in this case we can also use the detection section,
01:33
which highlights the potential for detectives behavior
01:36
by capturing processes. Interacting with L. C. S.
01:45
To highlight example of writing a behavior based analytic is to use the cyber analytic repository or a car project from minor.
01:55
This analytic is available online in the Urals. The bottom.
01:57
But as you can see, the description of this analytic
02:00
is focusing on the behavior specifically captured within that sub technique.
02:07
As we identified from the detection section of the subject, Nique,
02:10
we're going to want to focus on processes that excess else s.
02:15
And in this case, you can see this analytic does exactly that.
02:24
And with that, we reached the end of this lesson and the knowledge check
02:30
when building detection Analytics, the knowledge and attack can
02:35
please positive video and think of the correct response before proceeding.
02:45
In this case, the correct answer was the
02:46
When building detection analytics, the knowledge and attack can help provide defensive suggestions, highlight variances and procedures,
02:53
and explain technical details of the target behavior.
02:59
And with that, we reached the end of Lesson two
03:01
In summary,
03:02
cyber threat intelligence can help us prioritize how we build detection analytics by pointing out which techniques or some techniques are most important to us, as well as how our adversaries actually performing these behaviors
03:15
and finally
03:16
knowledge from attack can augment this process and improve output by helping us focus on adversary behaviors.
Up Next