A Hunting We Will Go

John Strand

In this talk we will discuss the RITA framework for detecting advanced beacons. It is free tool developed by BHIS, it runs on top of Bro and it rocks. We will walk through how it works and how you can set it up in your environment. Right now. We will also cover some cool cyber attribution tools you can use to track bad guys outside of your network.

Speakers Bio: John Strand is the owner of Black Hills Information Security, a firm specializing in penetration testing, Active Defense and Hunt Teaming services. He is the also the CTO of Active Countermeasures, a firm dedicated to tracking advanced attackers inside and outside your network. As an experienced speaker, he has done presentations for the FBI, NASA, the NSA and at various industry conferences. John is a frequent guest on Security Weekly, the world's largest information security podcast; co-author of “Offensive Countermeasures: The Art of Active Defense” and his his spare free time writes loud rock music and makes various futile attempts at fly-fishing.