Welcome to Monday everyone! 

We're busily getting ready for our final session in the series tomorrow, where we'll be running through a live threat hunt with all of you. Can't wait to get started with it - should be fun Slight smile

Don't forget to review the excellent Threat Hunting Framework document that Andrew posted last week here - https://community.sophos.com/intercept-x-endpoint/b/threat-hunting-academy/posts/sophos-edr-threat-hunting-framework. It'll be really helpful both for tomorrow and in your general threat hunting life.

And also, if you have a second screen/device that you can access the Slido tool on for interacting with the session, make sure you have it available tomorrow.

Look forward to seeing you all there!

Parents
  • Hi Nick,

    Really enjoyed this entire series.  Learned a TON...wasn't able to attend all of them live, but watched the on demand recordings and took detailed notes.  It blows my mind how intelligent the entire Sophos team is.

    Anyways, I had a question regarding HAFNIUM and wasn't sure where to ask it.  Did any Sophos product (or the MTR team) detect or block the exploits used before it was publicly known?  I'm just curious if Sophos protected customers would have been safe, assuming they have MTR already.  If so, that would be a great selling point for the Sophos suite, but if it's simply not possible I would understand (being zero-day).

  • Hi Tayler, great to hear that you enjoyed it and got a lot from the series!

    I've asked one of the team to get back to you on the HAFNIUM question, so they'll be in touch soon

  • Thank you.  Additionally, I did not get the assessment link as well. 

Comment Children