bsidesaustin2019 has ended
Thursday, March 28 • 5:00pm - 6:00pm
Introducing ArTHIR –ATT&CK Remote Threat Hunting Incident Response Windows tool

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
ArTHIR is a modular framework that can be used remotely against one, or many target systems to perform Threat Hunting, Incident Response, compromise assessments, configuration, containment, and any other activities you can conjure up utilizing built-in PowerShell (any version) and Windows Remote Management (WinRM).
This is an improvement to the well-known tool Kansa, but with more capabilities than just running PowerShell scripts. ArTHIR makes it easier to push and execute any binary remotely and retrieve back the output!
One goal of ArTHIR is for you to map your Threat Hunting and Incident Response modules to the MITRE ATT&CK Framework. Map your modules to one or more Tactics and Technique IDs and fill in your MITRE ATT&CK Matrix on your capabilities, and gaps needing improvement.
Have an idea for a module? Have a utility you want run remotely but no easy way to do it volume? ArTHIR provides you this capability. An Open Source project, hosted on GitHub, everyone is encouraged to contribute and build modules, share ideas, and request updates. There is even a SLACK page to ask questions, share ideas, and collaborate.

avatar for Michael Gough

Michael Gough

Founder, Malware Archaeology
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free... Read More →

Thursday March 28, 2019 5:00pm - 6:00pm
Big Tex

Attendees (39)