Rootconf 2018

On scaling infrastructure and operations

Hunting the Evil of your Infrastructure

Submitted by A. S. M. Shamim Reza (@shamimreza) on Monday, 26 March 2018

videocam_off

Technical level

Intermediate

Section

Crisp Talk

Status

Confirmed & Scheduled

View proposal in schedule

Vote on this proposal

Login to vote

Total votes:  +2

Abstract

Hunt. No its not Ethan Hunt of Mission Impossible. Its threat hunting I am going to talk and yah Its real time manual, I repeat manual activities of human being who are responsible to take care of your infrastructure. No, they dont have to be the expert of everything or they dont have to have several years of experience. But yes, they do need to have experience on how these infrastructure works.

Here, we will discuss how we will find out the Evil; the vulnerabilities; of your infrastructure. How it can be done. There are some talks that it can be done by automating things, like creating tools that fits your need or Talking with companies who have their best products which can work great.

I will say NO. Threat hunting must need human interaction, who knows what services, OSs, applications are running, what sort of network infrastructure do you have. How they relate to each other. The person need to have analytical abilities who can think beyond, who can find out the missed things of the infrastructure monitoring system.

Threat hunting process can be different based on the infrastructure and obviously the Needs. Proper planing, preparation, expertise, experience and execution is very important. You just cant buy some tools and put some highly paid expert at your SOC and sit back and say you are doing great by hunting down the vulnerabilities.

You need to follow some standards and Yes obviously you have to be Innovative. Doing the same steps and same procedure again and again wont give you the result.

We will learn here, what to hunt for and how often we have to do it. What tools we can use for our need not for our want. How the person have to be for this sort of responsibilities. And so on.

Threat hunting is not an easy task but not that complex too. To secure the most valuable things of earth, the Information, we have to be proactive not reactive. And this should be our goal to Hunt down the Evil.

Outline

It will have Hypothesis based case studies.

Requirements

Those who are working and also interested at Security track.

Speaker bio

I am an Open-source software enthusiast, system solution architect and Linux system expert with over 10 years of extensive experience; right now working on Linux OS developments from the scratch.

I am also an Information Security professional with over 8 years of diverse Information Security experience; from the evolving enterprise needs of large and complex organizations to the development of large public web properties, and protecting their applications, data and infrastructure from attack.

I believe sharing my experience to the community will help secure the infrastructure.

Slides

https://www.slideshare.net/sohagshamim/hunting-the-evil-of-your-infrastructure

Comments

  • 1
    Pooja Shah (@p00j4) 8 months ago

    Wow! this sounds real work problems and so for me the most usable talk, thank you for proposing it Shamim. A few queries:

    • Wondering whether there is any slides/intro video to have precape of the talk’s flow.
    • What alerting/monitoring/logging tools mostly you would be covering to help you hunt the threats.
    • As an attendee, I’m also interested to see the challenges (apart from time) and structural approaches/pattern recognition which can become guidelines to hunt quicker the next time.
    • Do you plan to do a quick demo taking a problem and graudal steps you take to hunt the issues?

    Overall, Loving the start and your narration, and I anticipate a very useful and great story(s) here.

    • 1
      A. S. M. Shamim Reza (@shamimreza) Proposer 7 months ago (edited 7 months ago)

      Hi Pooja, You are most welcome. And sorry for the delay response.
      1. Draft slides is attached but yet to finalize.
      2. There will be several tools i will talk about, actually going to show for a bit.
      3. This talk will be more like for the basic to intermediate, if I am going to describe in details all those things it will take much time, but i will try to cover the most.
      4. Yes I have a plan for quick demo but not sure yet.

      Thanks again. And please let me know if there is anything more to be discussed.

  • 1
    Chandrashekhar Bhosle (@freegeek) 7 months ago

    Looks more of a basic howto, like a first step and not very comprehensive. An Ops audience interested in Security may be curious but too basic for a Security audience.

    • 1
      A. S. M. Shamim Reza (@shamimreza) Proposer 7 months ago

      Yes the theoretical part if more like Basics. But my goal for this talk is mainly on the practical way on how to conduct a threat hunting.
      And still I am working on it along with a real time case, (need 2 or 3 days more to come up with a solid evidence) and that is why i could not able to finalize the slides yet.

Login with Twitter or Google to leave a comment