How to Create Signatures on an Attack Chain?

Send us fan mail!

In this episode, Konstantin Klinger, Senior Security Research Engineer at Proofpoint, joins the show to chat about his role on the threat research team, focusing on DDX (Detonation, Detection, and Extraction). You won’t want to miss his breakdown of the Pyramid of Pain and how to utilize it for threat detection engineering.
Join us as we discuss:
Real-life examples of complex attack chain with multiple steps and how to they can be detected
Utilizing the Pyramid of Pain for threat detection engineering
How to write detections for geofencing
The perks of incorporating automated MITRE ATT&CK detections into your sandbox 


Resources:
https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-uses-spanish-language-lures-distribute-seldom-observed-bandook
https://www.proofpoint.com/us/blog/threat-insight/new-ta402-molerats-malware-targets-governments-middle-east
https://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionage
http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html


Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!