Just finished up the Antisyphon Threat Hunting Summit. The main focus here was getting away from relying on alerts and actually looking for anomalies in network traffic. Learned a ton about using RITA and AC-Hunter to parse Zeek logs. The sessions covered how to spot beaconing behavior from malware, identifying long connections that might be C2 channels, and digging into DNS analytics to find malicious domains. Really solid upskilling on how to proactively find threats that sneak past the firewall and EDR.
View the official training page here
View my official credential here