Émilio Gonzalez

Threat Hunter & SOAR Automation Specialist

Retour à la liste des conférenciers et sessions

Émilio Gonzalez Threat Hunter & SOAR Automation Specialist,

Émilio works in a blue team at a large Canadian organization. He loves to participate in CTFs and create challenges to introduce people to some defensive aspects of cybersecurity. He's a co-organizer for MontréHack, a monthly CTF workshop in Montréal (duh). If you see him in a bar someday, do not approach him or he'll probably start a rant about tabs being the superior indentation character or about how cars ruin cities.

Discussion: Q&A Detection

This is a Q&A session. Moderators will take audience questions both remotely and on-site via sli.do.

Q&A Panel for the detection block

Talk: Willy Wonka and the Detection Factory: Detection Engineering without Alert Fatigue

Talks will be streamed on YouTube and Twitch for free.

"Surely we can make a detection for when the whoami command is executed, right? Nobody ever runs whoami but threat actors." - Someone with no experience in detection engineering

In this talk, we'll discuss how we addressed the dilemma between detection coverage and alert fatigue in a SOC by correlating minor or noisy detection logics. We'll go through our journey to build a custom platform that leverages the concept of indicators. We'll share the toolset and some implementation details and show how we use it to monitor tens of thousands of endpoints. It has become one of our main tools for threat hunting and is used by our SOC analysts to assist them in their investigations.