I loved today's session - really good to be able to reflect on the wider business aspect of Threat Hunting and Response, and consider that this is a whole-business affair, rather than just the remit of the IT/Technical team. Thank-you all for your questions which really helped inform our conversation.
We mentioned a couple of resources on the session which I wanted to share with you. First up the two documents that Kris and Andrew shared:
And in terms of tools to test your network, we mentioned OpenVAS - https://www.openvas.org/. Go and check it out, and also take a look back at the resources we posted from Seasons 1 + 2 within this forum - some great tools mentioned there to consider as you build out your experience.
Last session tomorrow and as I mentioned it's really going to be driven by your questions - come ready with what you need to know, and we'll get through as much as we can in the 'Ask The Expert' session. There's even some fantastic prizes on offer!
Now, off to think about that Incident Reponse plan!
Yes, details of this will follow in the email you'll get on 14th February
Is there a certificate of completion so I can submit these as CPE's? Thanks!
Great to hear Trisha, glad you're learning lots and finding them useful!
Another good site for Blue Team exercises is https://cyberdefenders.org/.
Think about I am going to have to write one.
You guys use more acronyms than the military but I love learning even if I am behind the ball on computer networking and other stuff I am still loving these and learning everything I should have done when we got the ransomeware.