Want a taste of what this week’s Black Hat NOC presentations might be like? Check out this blog from @corelight’s Dustin Lee, which shares some of the detections and findings that Dustin and his NOC teammates discovered during #BlackHatAsia23 in May. Read it now: https://corelight.com/blog/black-hat-asia-2023-detections-findings

Inside you’ll find the team’s take on:

1.Leveraging Splunk’s PEAK Framework, in particular the "Hypothesis-Driven Hunting" approach
2. Using @suricata alerts and Corelight's #HTTP logs and #PCAP files to verify whether notification clusters from #EDR providers
3. How to identify the username, device id, device authorization token, and latitude & longitude coordinates for User-Agents

Want to get more tips like these to defend your network? Be sure to attend the NOC presentations at #BH2023 and swing by Corelight booth #2652: https://corelight.com/resources/events/2023/black-hat-usa

#BlackHat #BlackHatUSA #BlackHat2023 #DFIR #ThreatDetection #NetworkSecurity #CloudSecurity #CyberDefense #SOC #SecOps