Hackers of India

ThreatSeeker - Threat Hunting via Windows Event Logs

 Ashish Bhangale   G Khartheesvar   Arafat Ansari 



Threat hunting using Windows logs is essential for identifying and mitigating potential security threats within an organization’s network. It can be a time-consuming and painstaking process due to a large amount of data that needs to be collected and analyzed. The threat-hunting process could be repetitive. However, this process can be improved through custom scripts and tools.

In this talk, we will introduce ThreatSeeker, a windows log analysis framework that allows a threat hunter to find the common threats on the machine quickly. This tool also helps a threat hunter to detect APT movements. ThreatSeeker will allow a user to detect the following attacks:

All the code and deployment scripts will be made open-source after the talk.