top of page

Workshop

Meaghan Neill

Threat Hunter/DFIR Analyst

EY Canada

Meaghan is a Threat Hunter and DFIR Analyst at EY Canada. She currently holds her BSc in Computer Science, with a specialization in Systems and Information Security from MacEwan University and her GCFA. While at EY, her focus has been in Threat Hunting, Digital Forensics, Incident Response, Adversary Emulation, and Purple Teaming. Outside of work, she loves to compete in CTF competitions, travel, and go camping.

Threat Hunting with Jupyter Notebooks

Are you interested in threat hunting and want to learn how automate detections and use visualizations to find threats quickly? This workshop will outline detection and threat-hunting strategies that a SOC could adopt promptly to look for threats in their Endpoint environment. We will introduce how to convert SIGMA logic detections mapped to the MITRE ATT&CK framework into Python using Jupyter Notebooks. Once these detections are built, you can parse large amounts of data from Sysmon and Windows Security Logs to create high-fidelity detections within your environment. We will view and mould this data using the tabular format and visualizations. Doing this will show how visualizations establish relationships between entities more distinctly to see any anomalies and threats. We will also discuss how you can extend this hunt to Network and Cloud Environments. As a final piece to this workshop, we will allow participants to try out the skills learned by answering questions about the anomalies and threats they find within the dataset. Although this talk will be technical, we welcome anyone with an interest in learning about threat hunting to attend.

bottom of page