While ‘hunting’ has come to mean targeted searches for IOCs, I always considered it operations that perturb the environment in order to illuminate adversary activity. For instance you might bounce a server and see if they try to reacquire. This was risky in
a traditional datacenter, but the modern methodologies embraced at Netflix, such as microservices and Continuous Deployment, make it tractable.
In this presentation they explore tools and tactics that enable a broad range of hunting activities on Amazon Web Services (AWS). We will discuss how to leverage native AWS APIs and services, as
well as supplement them with Open Source tools on the host, and navigate the ‘shared responsibility model’ to hunt in a large scale production environment.
Alex Maestretti (@maestretti)
Engineering Manager, Netflix
Forest Monsen (@forestm)
Senior Security Response Engineer, Netflix