From Security Weekly WikiJump to navigationJump to search
, 16:01, 7 September 2018
= Beacon Analysis Tech Segment: Chris Brenton, Active Countermeasures - 6:50PM-7:25PM=
'''Powerpoint Slides from Tech Segment - [[File:psw.pdf|Powerpoint Slides from Tech Segment]] (To Open: Click File and then click the Adobe logo]]'''
[[File:ChrisBrenton.png|right|220px|thumb|<center>'''[https://twitter.com/chris_brenton Chris Brenton]'''<br> is the Chief Operating Officer [https://www.activecountermeasures.com/ Active Countermeasures].</center>]] Hello, my name is Chris Brenton. I have been a leader in IT and security for over 20 years. I’ve written multiple books on networking and security including “Mastering Cisco Routers” and “Mastering Network Security”. I’ve been involved with a number of key security projects such as a founding member of the Honeynet Project (https://www.honeynet.org/), and an active contributor to the PCI special interest group responsible for the standards for credit card processing in public cloud environments (https://www.pcisecuritystandards.org/pdfs/pr_130205_Cloud_SIG.pdf). I’ve also developed security training, including complete courses for SANS where I served as a Fellow Instructor (https://www.sans.edu/bios/chris-brenton), and for the Cloud Security Alliance where I authored and presented all of their online training material (https://cloudsecurityalliance.org/education/white-papers-and-educational-material/courseware/). I currently run the day to day operations at Active Countermeasures (https://www.activecountermeasures.com/), where we provide inexpensive tools that that simplify the process of threat hunting your network.<br><br>Topic:<br><br>Beacon analysis is an integral part of threat hunting. If you are not looking for beacons you take the chance of missing compromised IoT devices or anything that does not have a threat mitigation agent installed. I'll talk about what makes beacon hunting so hard, and how the open source tool RITA can simplify the process.<br><br>The blog post I mentioned that talks about clearly defining what's part of a threat hunt: https://www.activecountermeasures.com/tightly-defining-cyber-threat-hunting/<br>Info on RITA, the tool I discussed, as well as a link to download it: https://www.activecountermeasures.com/rita/