← Back to Blog

Defender Fridays Wrap-Up: August 2024

Nicole Boyd
blog post header image

Post-Hacker Summer Camp Retrospective with Matt Bromiley of LimaCharlie

Matt Bromiley and Eric Capuano from LimaCharlie shared their experiences at this year's Black Hat and DEF CON conferences. They talked about our inaugural CTRL+ALT+DETECT capture the flag (CTF) competition, which focused on digital forensics, incident response, and threat hunting, reflecting the complexities of real-world security operations. The discussion also explored detection engineering, encouraging participants to observe and question anomalies. Additionally, they touched on 'efficiency hacks' for learning, highlighting tools like the ClamAV plugin for tasks such as reverse engineering.

Links:

Dissecting Agentic Workflows in Security with Roberto Rodriguez of Microsoft

This week's session featured Roberto Rodriguez, Principal Security Researcher at Microsoft, and explored agentic workflows. The discussion focused on using Language Learning Models (LLMs) as autonomous agents to assist in security investigations, aiming to replicate human reasoning rather than just automating tasks. LLMs were shown to integrate with tools like PowerShell and Python scripts. The session also highlighted their potential to learn from historical investigation reports or TTPs, offering insights into predicting attack chain steps and aiding in attribution.

Links: 

Decoding Windows Processes and Threats with Marcus Guevara, Certified Instructor at SANS Institute

In a recent Defender Fridays session, cybersecurity expert Marcus Guevara broke down process hollowing and DLL injection. He explained the key difference between processes and executables, showing how attackers manipulate processes to avoid detection. Marcus highlighted the importance of digging deep into process memory, beyond surface-level indicators, for a thorough analysis. The session helped participants understand complex attack tactics and reinforced the need for ongoing education and vigilance in cybersecurity.

Links: