When malware hides itself on a system or injects itself into a legitimate process, it can be difficult to detect. A powerful threat hunting technique to help with this situation is analyzing the patterns of network communications to find suspicious recurring connections that could be malware beaconing to its Command and Control (C2) server.
This might seem out of reach for organizations that don’t have network monitoring, but Director of Threat Hunting and Counterintelligence Randy Pargman will show how to use this technique using Sysmon or Microsoft Defender for Endpoint network logs, Azure Sentinel and Jupyter Notebooks with #KQL. We’ll automate the processing of massive amounts of data to find the needle in the haystack and investigate malware signals.
Topics in this webinar:
- What to look for in your network logs
- How to investigate malware signals
- How to find suspicious network traffic patterns