Paul's Security WeeklySubscribe

PCAPS Or It Didn’t Happen- Corey Thuen – PSW #654

Threat hunting activities often require packet capture analysis but capturing and storing PCAP at scale is rough. This segment covers open source tools for collecting packet captures on demand within a threat hunting use case in Gravwell.

To learn more about Gravwell, visit: https://securityweekly.com/gravwell To check out Packet Fleet, visit: https://github.com/gravwell/ingesters/tree/master/PacketFleet

Sponsored By

Gravwell
Full episode and show notes

Announcements

  • Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code "SecurityWeekly" before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!

Guest

Co-Founder at Gravwell

Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.

Hosts

Principal Security Researcher at Eclypsium
Professor at Roger Williams University
Product Security Research and Analysis Director at Finite State
Retired Senior Cyber Advisor at Lawrence Livermore National Laboratory
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

Related

You can skip this ad in 5 seconds