top of page


Chi Phong Huynh

Senior Security Engineer

EY Canada

Phong currently works as Managed Detection & Response at EY’s Cyber Threat Management team, In his current role, he primarily works on threat hunting, detection research for cloud environment, Azure Sentinel, AWS and develop Jupyter notebooks to do support his daily task including threat hunting, incident response and investigation in cloud and on-prem environment.

Streamlining Threat Hunting in Cloud Environments with Jupyter

Threat hunting is an essential cybersecurity practice that involves proactively searching for cyber threats that evade existing security solutions. In this session we will explore the capabilities of Jupyter notebooks as a powerful tool to enhance threat hunting capabilities, especially across cloud platforms like Micrsoft Azure and AWS. In our exploration, we will focus on identifying common attack Tactics, Techniques, and Procedures (TTPs) utilized by threat actors. We'll be introducing a Jupyter notebook containing detections mapped to the MITRE ATT&CK framework and threat hunting methodologies backed by unsupervised machine learning. We will take a look at huge datasets using visualizations to find anomalies. These anomalies would be converted into High-Fidelity Detection, along with some ideas to extend this hunt to IAM Platforms like OKTA. The flexibility of Jupyter notebooks allows for the incorporation of machine learning models and statistical techniques to predict and identify potential threats based on historical data. This predictive capability is invaluable for staying ahead of threats.

bottom of page