Hackfest 2023 - Back to the Future

The Art & Science of Threat Hunting Endpoint Signal
10-13, 11:00–11:50 (Canada/Eastern), Workshops & Speed
Language: English

Threat hunting is both an art and a science. In this session, we’ll cover the basics of threat hunting, what a well-architected program looks like, lessons learned, share ideas and concepts, and conduct a live hunt.

A proactive security team is an effective security team.
Learn how we can reduce adversary dwell time and increase operational tempo with threat hunting over endpoint telemetry.


The 2022 cyber threat landscape was defined by persistence, increased target
scope and relentless determination. As businesses began to ease pandemic-driven
operating environments and adjust to geopolitical shifts and growing economic
hardships, adversaries supporting nation-state, eCrime and hacktivist motivations started
2022 with a relentless show of effort that endured throughout the year.
Nation-state adversaries engaged in relentless computer network operations throughout
2022, emphasizing the integral role these operations play in supporting state goals.
Russian state-nexus adversaries combined destructive, espionage and information
operations (IO) attacks in constant support of the Ukraine war, and China statenexus adversaries dominated the cyber threat landscape with a significant increase
in espionage operation volume and target scope. Iran continued to focus on regional
espionage campaigns and their now-signature destructive “lock-and-leak” operations
leveraging ransomware, and Democratic People’s Republic of Korea (DPRK) state-nexus
adversaries persisted in cryptocurrency theft campaigns to supplement state funds in the
wake of the COVID-19 pandemic and the nation’s long-standing economic hardship.
Over the course of 2022, eCrime adversaries continued to prove their ability to adapt,
splinter, regroup and flourish in the face of defensive measures. After some of the biggest
and most notorious ransomware enterprise shutdowns, ransomware affiliates moved to new
ransomware-as-a-service (RaaS) operations. Additionally, more than 2,500 advertisements
for access were identified across the criminal underground, representing a 112% increase
compared to 2021 and demonstrating a clear demand for access broker services.


Are you releasing a tool?

No

Andrew is a computer scientist with over fifteen years of experience in endpoint security and related competencies. Andrew joined CrowdStrike in 2015 and currently serves as Vice President of Field Engineering.