Introducing the New SANS DFIR “Hunt Evil“ Poster

In this webcast, Rob Lee and Mike Pilkington take you through a deep-dive of the new Hunt Evil poster. The new Hunt Evil poster is a significant update to the Find Evil poster introduced in 2014. Like the old poster, it is designed to help incident responders and threat hunters search for anomalous activities that could indicate intruder activity in the environment. The first side is titled "Find Evil: Know Normal". It focuses on what processes are normal on a Windows 10 host, how they launch, and how they interact. This is a useful reference to recognize whats normal in Windows and help to focus attention on any outliers. The second side is titled "Hunt Evil: Lateral Movement". It's an all-new design that provides a graphic cheat sheet of the most likely techniques attackers will use to move data and execute code remotely. Every adversary, including the most skilled, will use some form of lateral movement technique described in the poster. Join Rob and Mike as they discuss how the Hunt Evil poster can help make responders and hunters more efficient at scoping, hunting, and anticipating future attacker activity across the network. Download the poster: https://dfir.to/HuntEvil

Join Today
iOS Third Party Apps Analysis how to use the new reference guide poster
▶︎

iOS Third Party Apps Analysis how to use the new reference guide poster

SANS DFIR WEBCAST - Network Forensics What Are Your Investigations Missing
▶︎

SANS DFIR WEBCAST - Network Forensics What Are Your Investigations Missing

ShimCache and AmCache enterprise-wide hunting - SANS Threat Hunting Summit 2017
▶︎

ShimCache and AmCache enterprise-wide hunting - SANS Threat Hunting Summit 2017

NIST Cybersecurity Framework Explained
▶︎

NIST Cybersecurity Framework Explained

How Proctor’s texts in Karen Read lawsuit could free dangerous criminals
▶︎

How Proctor’s texts in Karen Read lawsuit could free dangerous criminals

Edward Snowden Reveals How They Spy on You
▶︎

Edward Snowden Reveals How They Spy on You

Investigating WMI Attacks
▶︎

Investigating WMI Attacks

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
▶︎

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro

Guide to Agentic AI – Build a Python Coding Agent with Gemini
▶︎

Guide to Agentic AI – Build a Python Coding Agent with Gemini

Think Fast, Talk Smart: Communication Techniques
▶︎

Think Fast, Talk Smart: Communication Techniques

God Says:"TAKE THIS MESSAGE SERIOUSLY, BECAUSE ONLY YOU ARE SEEING IT"/God Message Now/God Message
▶︎

God Says:"TAKE THIS MESSAGE SERIOUSLY, BECAUSE ONLY YOU ARE SEEING IT"/God Message Now/God Message

GOVERNANCE, RISK AND COMPLIANCE TRAINING (A DAY SCHOLARSHIP)
▶︎

GOVERNANCE, RISK AND COMPLIANCE TRAINING (A DAY SCHOLARSHIP)

The Cycle of Cyber Threat Intelligence
▶︎

The Cycle of Cyber Threat Intelligence

SANS DFIR Webcast - Incident Response Event Log Analysis
▶︎

SANS DFIR Webcast - Incident Response Event Log Analysis

Colonel Douglas Macgregor Says Why US LOST War To Iran
▶︎

Colonel Douglas Macgregor Says Why US LOST War To Iran

Introduction to Windows Forensics
▶︎

Introduction to Windows Forensics

FOR508 - Advanced Incident Response and Threat Hunting Course Updates: Hunting Guide
▶︎

FOR508 - Advanced Incident Response and Threat Hunting Course Updates: Hunting Guide

The Biggest Hacking Mystery of Our Time: Shadow Brokers
▶︎

The Biggest Hacking Mystery of Our Time: Shadow Brokers

AI Is Creating A Rare Opportunity For Investors. How Jim Roppel Is Playing It. | Investing With IBD
▶︎

AI Is Creating A Rare Opportunity For Investors. How Jim Roppel Is Playing It. | Investing With IBD

What Event Logs? Part 1: Attacker Tricks to Remove Event Logs
▶︎

What Event Logs? Part 1: Attacker Tricks to Remove Event Logs