Defender Fridays Wrap-Up: June 2024

The Importance of Detection Engineering with Wade Wells

In this session, Wade discussed detection engineering in security operations and the importance of understanding false positives. The session highlighted the crucial need for continuous validation of detection rules, emphasizing collaboration with red and purple teams and utilizing tools like Atomic Red Team. Wade recommended leveraging frameworks like MITRE ATT&CK and suggested watching MITRE's YouTube resources for hands-on learning.

Links:

• Antisyphon Training

• Alerting and Detection Strategy Framework

• ADS Framework Bot

• So you want to be a SOC Analyst? blog

• MAD20

• MAD20 YouTube channel

• Detection Engineering for Beginners course

• Practical Threat Detection Engineering guide

• Detection Engineering Path course

• Hacking and Computer Security books

Understanding and Mitigating DDoS Attacks with Michael Smith from Vercara

Michael Smith shed light on the evolution of DDoS attacks and the various contributing factors, including the increased use of cloud providers and virtual servers. The session also involved discussions on the metrics used to measure the impact of DDoS attacks and the tactics implemented by attackers to augment the damage scope. Smith gave the audience a deep dive into how to defend against DDoS attacks amidst an ever-evolving threat landscape.

Links:

• Michael's LinkedIn

• BYOB (Build Your Own Botnet) Wiki

• Simple Service Discovery Protocol Wiki

Navigating the Cybersecurity Industry with Pedram Amini from InQuest

Pedram Amini, CTO at InQuest, shared insights and advice from his journey in the cybersecurity industry, including his experience in developing security tools and bootstrapping a company. A crucial takeaway from the discussion was the importance of developing a product that aligns with market demands and customer needs. His insights and reflections offer valuable lessons for anyone considering a career in cybersecurity and those aspiring to build successful businesses in other industries.

Links:

• Pedram's LinkedIn

• Beyond good ol’ Run key

• Jumpshot: A New Weapon to Battle PC Frustration

• InQuest products

• InQuest free tools

Understanding Domain Generation Algorithms in Cybersecurity with Michael Smith of Vercara

In this session, Michael Smith sheds light on the intricacies, impacts, and mitigation strategies of Domain Generation Algorithms (DGAs). The discussion also highlighted the multifaceted issues associated with programmatically identifying DGA domains, the difficulties integrating machine learning and AI algorithms for instantaneous detection, and the importance of prompt detection in DNS security. Finally, the conversation emphasized the need for evolving security measures to combat emerging threats  and highlighted the importance of collaboration and community participation in strengthening defenses.

Links: 

• Vercara site

• VetSec site

• Pi-hole site

• Bambenek Labs

• Bin.re site

• GitHub: Domain Generation Algorithms

• The Gozi Domain Generation Algorithm

• Threat Hunting with Recursive DNS Data webinar

What is Defender Fridays?

Each week, we bring you a different expert guest who will share their invaluable insights on topics ranging from threat hunting and incident response to security operations and detection engineering. What makes these sessions special is their informal and interactive nature, allowing for an engaging dialogue between our guests, hosts, and you – our audience.

Register for the series.