Sometimes, beating your opponent is all about mindset. If you think about it, the best detectives know how to think like criminals. The best sports teams study their opponents’ playbook before the game starts. And the best cyber defenders know how to think like the very hackers they’re defending against.
It may seem counterintuitive, but knowing the offense can help you build a better defense. It’s what we call a “threat-informed defense.”
MITRE has a great definition of what threat-informed defense is, so I’ll let them do the honors:
“A deep understanding of adversary tradecraft and technology to protect against, detect, and mitigate cyber-attacks. It’s a community-based approach to a worldwide challenge.”
There are a few keywords that stood out to me in this definition—and that’s because they remind me of hack_it, Huntress’ community-focused event that’s all about understanding hacker tradecraft. We’re actually hosting hack_it 2021.2 starting on October 26, 2021—it’s a hacking event so nice, we’re hosting it twice (in one year).
Building on some of the lessons we learned at our last event, this hack_it will help you build stronger defenses by diving into how attackers use various tactics, techniques and procedures against you.
Can’t wait for next month? Get your hacker hoodie ready and read on for a sneak peek into what’s in store for hack_it 2021.2!
0-Day Training Lab
Before the official fun begins, we’ve set up a pre-day hacking lab on October 25 for some hands-on training. It’s a half-day workshop where you’ll learn how to identify and respond to Windows-based attacks and breaches—and we’re excited to introduce brand new content and a modernized virtual environment this time around.
To kick off our first day of hack_it, we’ll be jumping into a choose-your-own-adventure detective game to solve a malware mystery with the Huntress team and fellow MSP members. We will walk through a theoretical scenario and educate on real-world threat actors and hacker tradecraft. As part of the audience, you can help us track down whodunnit and solve this cybercrime game of Clue!
Dark Web Dumpster Diving: A Safari Ride of Cybercrime
In our next session, we’ll be examining evidence of compromised organizations and seeing what we could learn to track down the threat actors. This session will be gamified as the cohort polls the audience to answer the question, “are these hacks real?” We’ll also uncover what’s lurking in the dark corners of the internet where ransomware gangs and malware authors are hanging out.
Gone Phishin’ for Malware in Macros
In this technical session, we will walk through not only how you can prepare your own internal phishing exercise but how you can cook up some mean macro-enabled malware and phish like the pros. This demo-driven presentation will show just how hackers trick your IT staff with the ol’ hook, line and sinker!
This will be our more on-the-keyboard session of hack_it, so get ready to get nerdy and see some real hacker tradecraft.
• • •
We hope you’ll join us for these educational and interactive sessions. You’ll have plenty of opportunity to learn from your peers and sharpen your skillset—all for a free price tag!