Does your organization want to start Threat Hunting, but you’re not sure how to begin? Most people start with collecting ALL THE DATA, but data means nothing if you’re not able to analyze it properly. This talk begins with the often overlooked first step of hunt hypothesis generation which can help guide targeted collection and analysis of forensic artifacts.
By Jared Atkinson & Robby Winchester
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-17/briefings.html#a-process-is-no-one-hunting-for-token-manipulation