利用 Yamato Security OSS 工具和社区驱动的知识执行数字取证与事件响应 (DFIR) 和威胁狩猎.pdf

1、#SECTORCA SecTorCAPerforming DFIR and Threat Hunting with Yamato Security OSS Tools and Community-Driven KnowledgeAkira Nishikawa and Fukusuke Takahashi#SECTORCA SecTorCAThank You for Your Understanding:Non-Native English Speakers#SECTORCA SecTorCAWe are going to try to make this a fun presentation

2、anyway!#SECTORCA SecTorCAAgenda Self-Introduction About Yamato Security and tools and resources Hayabusa Sigma Takajo Future Plans#SECTORCA SecTorCASelf-IntroductionAkiraNishikawaFukusukeTakahashi First core developer of Hayabusa 2007 Freelance engineer 2021 SaaS product security Now working at Kami

3、nashi AWS Community Builder Latest core developer of Hayabusa DFIR,OSINT,SOAR at NTT-DATA CERT I fix bugs in open-source projects and bug hunt for vulnerabilities in my free time#SECTORCA SecTorCAAbout Yamato Security“Yamato”(大和)=“Japan”First created by Zach Mathis in 2012 to create a security commu

4、nity in Western Japan.Free/low-cost high-quality security training around the country Now over 2000 registered members Developing various open-source DFIR tools and resources since 2020.#SECTORCA SecTorCAYamato Security tools and resources Hayabusa:DFIR timeline generator using native Sigma rules fo

5、r Windows event logs Takajo:Hayabusa results analyzer Yamato Securitys Windows Event Log Configuration Guide For DFIR And Threat Hunting Curation of Sigma Rules for Windows Event Logs Deprecated:WELA(Windows Event Log Analyzer)#SECTORCA SecTorCAHayabusa?Who here has used or knows about Hayabusa?#SEC

6、TORCA SecTorCAAbout Hayabusa https:/ Fast forensics and Threat Hunting CLI tool for Windows event logs Developed in Rust so it is very fast,cross-platform and safe from anti-forensics memory corruption exploits Many features:logon summaries,keyword searches,keyword extractions,sigma-based DFIR timel