skip to content W3C SVG

0x06 Threat Hunting with Milad

Sep 17, 2020
Sep 17, 2020

We are halfway through our first year of existance! During the pandemic we have started a meetup and have been growing bigger every edition! At this point the meetup brings together about 50 people from over the dutch (and international) industry and enthousiasts that want to get started with hacking.

Stuff goes wrong

Sometimes stuff just goes wrong. Last meetup the emails from meetup.com were blank when I mailed out the passwords to the meetup and this week it seems a number of guests did not receive the email or it was delivered to their spam. The meetup mail system is not a very reliable communication channel it seems.

So for the next meetup I will attempt something different, more on that in a little bit, first what we did do.

But other stuff goes great!

We now have over 100 members in our discord server! That is quite a milestone and it shows that it is a great place to hang out and meet new people.

Milad Aslaner

A few months back the wonderful Milad Aslaner from Microsoft (@MiladMSFT on twitter) agreed to come and give a presentation to our group. Yesterday was that day. He talked about the technological advances in the Threat Hunting space that Microsoft has been making.

  • Azure Sentinel
  • The combination of all the ATP products
  • But most importantly a unified query language to connect all that data

He ended up showing several examples of how you can construct Kusto Query Lanuage queries to retrieve data from various sources.

The presentation, in full, is on our YouTube.

Box walkthrough

After a short break our member @DutchPyro talked us through the box called Magic. It was a great walkthrough because many things went wrong and we got to watch him work through the issues, with a little help from the community!

Afterwards we discusses several alternative ways of doing the box, from adding keys to authorized_keys and simply logging in through ssh to using it to do port forwarding. We also explored using the tool chisel to setup port forwarding to get access to the internal mysql database.

The full video of the walkthrough is available on YouTube.

Next Month

First off; next month will feature a meetup takeover by our member @Danielyc. He will host a Capture The Flag event that is accessible to all levels. There is something for everybody, the ones that are getting started with hacking to seasoned pros!

As most people choose to not use their webcam on our zoom meetings, which is very understandable, the meetups are mostly voice based and the video aspect of it is only really relevant to the presentations/walkthroughs.

So my idea for next month is to use our already existing Discord platform and have a Meetup Voice Channel. For the presentation part a stream will be setup to YouTube that can be viewed by everybody, as the video sharing capability of Discord is limited to 50 attendees.

So, come join us on Discord!