A key rule can bring hidden attack behaviors to the surface, but writing such a rule requires a deep background knowledge of system event investigation. This course will teach students how to use SIGMA rules to identify the true attack behavior of hackers in a sea of log records, and to describe the TTPs (tactics, techniques, and procedures) of these attacks. In the course, we will delve into Sigma rules and how to collect system log files, and then explain the principles and implementation methods of various attacks, in order to consider their possible detection rules. Finally, we will collaborate to write and execute our own detection rules to judge whether malicious attack behaviors can be caught. This course allows students to experience threat hunting and try to face practical challenges.
Session Summary
Introduction to SIGMA rules and environment setup
Analysis of attack methods to identify detectable keys
Actual writing of detection rules
Practical threat hunting
Device Requirement You Should Prepared for
Please bring your own laptop and it is recommended to install virtual machine software.
Skills Requirement You Should Have
Basic operating system architecture concepts.
Limit on the Number of Attendee
20
- THEME | CyberLAB
- LOCATION | Taipei Nangang Exhibition Center, Hall 2 4F undefined
- LANGUAGE | Chinese
CYBERSEC 2023 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy .