While services such as penetration testing provide value for organizations; it’s only a point in time. Defenders should prepare their detection capabilities in between tests and adversaries. To do so, defenders can leverage frameworks and playbooks to remediate gaps in their security posture before adversaries do. This training explains how to leverage methodologies of penetration testing for extracting indicators of compromise for detection capabilities.
• Common frameworks and playbooks
• Emulating a common threat scenario
• Extract useful forensics artifacts from the scenario
• Creating sample signatures from artifacts for adversary detection
Dennis Chow is the Chief Information Security Officer for SCIS Security. He has spent over 20 years in technology with a decade of security practitioner experience. Dennis created the Cyber Threat Intelligence Sharing Requirements and Architecture for the entire U.S. Healthcare Vertical in use by numerous agencies today including: the Department of Homeland Security (DHS), Health and Human Services (HHS), and other Information Sharing and Analysis Centers (ISAACs). Dennis also contributes articles to the Information Security community regularly on combining the best of red and blue team techniques to help organizations holistically think about security. As part of his consulting practice, Dennis performs regular eDiscovery, threat hunting, forensics, and penetration testing engagements with clients nationwide.