Threat Hunting Malware Beacons with Microsoft Sentinel and Jupyter Notebooks
When malware hides itself on a system or injects itself into a legitimate process, it can be difficult to detect. A powerful threat hunting technique to help with this situation is analyzing the patterns of network communications to find suspicious recurring connections that could be malware beaconing to its Command and Control (C2) server.
This might seem out of reach for organizations that don’t have network monitoring, but Vice President of Threat Hunting and Counterintelligence Randy Pargman will show how to use this technique using Sysmon or Microsoft Defender for Endpoint network logs, Azure Sentinel and Jupyter Notebooks with #KQL. We’ll automate the processing of massive amounts of data to find the needle in the haystack and investigate malware signals.
Topics in this webinar:
- What to look for in your network logs
- How to investigate malware signals
- How to find suspicious network traffic patterns
About the Presenter
Randy Pargman is the Vice President of Threat Hunting and Counterintelligence at Binary Defense. In this role, he leads the teams responsible for advanced analysis of malware, development of technology to detect threat actor activity, threat intelligence research of criminal forums, and monitoring of Darknet, Clearnet and Social Media platforms for threat indicators. Randy previously worked for the FBI, where he served for 15 years, most recently as a Senior Computer Scientist on the Cyber Task Force in Seattle.