Loading…
BSidesSF 2020 has ended
Back To Schedule
Saturday, February 22 • 12:45pm - 6:00pm
Finding Evil CTF using MITRE ATT&CK, Zeek and Elastic SIEM

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Event locked in Sched to limit confusion, see registration to determine current session availability.
Event held offsite, location to be announced (NOT METREON!)
Registration at https://bsidessf.regfox.com/2020 REQUIRED (cannot be reserved with Sched)

During this hands-on workshop we will introduce Zeek and the Elastic Stack and teach you how to use both tools together. We will focus on on Threat Hunting and Incident Response using Kibana and MITRE ATT&CK™. We will conclude with a capstone capture-the-flag exercise where you will be using Kibana and Zeek data to hunt real-world threats in modern APT scenarios. At the conclusion, we’ll review the scenarios, answer questions, and recognize our CTF winners.

Zeek (formerly Bro) is an open-source network security monitoring tool that SOCs use to correlate events and find relevant data. The Elastic SIEM is commonly used by security analysts to aggregate and analyze security events, including network security monitoring data. The integration between Zeek and Elastic allows defenders to easily ingest and analyze events on their network.

Speakers
avatar for Matteo Rebeschini

Matteo Rebeschini

Principal Solutions Architect, Elastic
Matteo Rebeschini is a Security Specialist at Elastic, based out of Boulder, Colorado. Matteo helps Elastic customers architect solutions based on Elastic SIEM and Endpoint Security to protect their data and assets from attack. Matteo has 20+ years of experience in the cybersecurity... Read More →
avatar for Aaron Soto

Aaron Soto

Director of Leaning, Corelight
Aaron Soto is at Corelight, teaching users about the Zeek (formerly Bro) network monitoring platform. He's recently been part of the Metasploit development team, DEF CON’s OpenSOC blue team CTF, and training UT Austin students on both defensive and offensive techniques. His passion... Read More →

Sponsors
avatar for HashiCorp

HashiCorp

Workshop


Saturday February 22, 2020 12:45pm - 6:00pm PST
Town Hall HashiCorp SF Office 101 2nd St #700, San Francisco, CA 94105

Attendees (1)