工业落地-青藤云安全-安全狩猎

发表于 更新于 分类于 阅读次数: 本文字数: 161 阅读时长 ≈ 1 分钟

青藤云安全

image-20221105221126284

image-20221105221329660

  • 护网检测的角度:交叉验证???

image-20221105232013125

  • 索引的效率,压缩率
  • 上下文,攻击树
  • 开源的解决方案???

image-20221105232149561

可视化

image-20221105233353542

image-20221105235633129

image-20221105235813988

image-20221106150043663

ATTCK,实战书

ATT&CK 数据源

image-20221106001624464

ATT&CK 12 中:一个套动作

攻击链路的弱点

image-20221106001713487

image-20221106002243403

告警确认

image-20221106150625666

image-20221106150704168

image-20221106002701972

威胁搜猎案例分析

在发现切入点之后,怎么把整个告警链路描绘出来?

  • 起点一般是??
  • 无文件攻击内存马;

image-20221106151139571

image-20221106151211979

image-20221106151330278

image-20221106151451348

image-20221106151557997

image-20221106151644322

image-20221106151759583

image-20221106151841034

image-20221106152030094

image-20221106152054691

image-20221106152157892

image-20221106152227941

image-20221106152258258

image-20221106152429497

image-20221106153100491

image-20221106153126202

image-20221106153149463

image-20221106153209441

image-20221106153342379

image-20221106153413544

image-20221106153521553

image-20221106153714241

image-20221106153749604

image-20221106153855615

image-20221106153825021

image-20221106154040458

image-20221106154854666

image-20221106154914480

image-20221106154934078

image-20221106155005831

image-20221106155018946

image-20221106155119929

image-20221106155856100

image-20221106160005755

  • sigma 社区;
    • 情报转换;