Security Guy TV: Threat Hunting with Scott Sutherland of NetSPI

On August 26, NetSPI’s Scott Sutherland was featured in episode 2732 of the Security Guy TV. You can read the summary below or watch the video online.

+++

• PowerHunt and PowerHuntShares are open-source tools useful for 1) people hunting for vulnerabilities in software or environments and 2) people looking for an active threat in an environment.
• PowerHuntShares looks for misconfigured network shares. It goes out to Active Directory, pulls down a full inventory of all the computers in the environment, and evaluates all of their shares to identify which ones are the highest risk.
• PowerHunt identifies existing threats in an environment or potential existing threats. It goes out to Active Directory and pulls down a list of all the computers in the environment. Then it uses PowerShell remoting to collect data from 25 different data sources to hunt for malicious activities.
• Ransomware threat actors share a lot of common behaviors: clearing security logs, using standard persistence methods, etc.
• Zero trust is a natural evolution of the Principle of Least Privilege.
• Open source is a great way to help people learn, grow, network, and collaborate. It helps generate awareness of issues – like the share problem – and acts as a leverage for companies to go and get budget for commercial tools that can do ongoing monitoring or identification of issues in the environment.