TI Series – Session 8: Threat Hunting and Playbooks

The Cyber Ireland Threat Intel Group aims to build the expertise within the Cyber Ireland community to develop Threat Intelligence capabilities through the sharing of knowledge and experiences at a strategic level.

A) Introduction Phase:
1st Session: Threat Intel and Mitre Att&ck 101
2nd Session: Developing your TI Strategy
3rd Session: Law Enforcement
4th Session: Threat intelligence platforms and consumption 101

B) Implementation Phase:
5th Session: Active Defense with Incident Response
6th Session: How to build a Threat Intel Program
7th Session: The Pathway to a Successful threat Intelligence Function

8th Session: Threat Hunting and Playbooks

On the 30th June we were joined by Ismael Valenzuela, Sr. Principal Engineer and Carlos Diaz, Principal Engineer at McAfee to talk us about Threat Hunting and Playbooks. Carlos Diaz and Ismael Valenzuela, two seasoned blue teamers and part of McAfee’s technical leadership team, presented on the topic of ‘cyballistics‘, and how it’s used in the real world to hunt and defend against adversaries that are already in your networks.

This discussion included not only the philosophy and mindset behind cyballistics but also specific examples on how to implement it.


  • What means AC3?

    – MITRE Readiness
    – Product Engineering & Roadmap
    – Defensive Innovation

  • Cyballistics

    – Ballistics & Firearm Vs. Cyballistics & Mimikatz
    – Applied Countermeasures: Active & Passive
    Example of cyballistics structured analysis (see the image below)
    – Hunting on ‘Git-Hub’ – Defending against Rouge Router Advertisement in IPv6
    – Alejandro Houspanossian’s (AC3 Team Member) Threat Sighting Report

  • Q&A

    – How do you balance operation requirements versus security considerations? Watch the Answer

    – What are the new challenges and threats that come from cloud native architectures and what do organizations need to do to combat these threats? Watch the Answer

Threat Hunting

About the Speakers:

Ismael Valenzuela

As Sr. Principal Engineer, Ismael Valenzuela (@aboutsecurity) is part of McAfee’s senior technical leadership team, leading research on Security Operations and Threat Hunting using machine-learning and expert-system driven investigations. Author and contributor of numerous technical articles and open source tools, Ismael is also a regular speaker at International conferences and is one of the few Certified SANS Instructor for the Cyberdefense and Digital Forensics tracks

Carlos Diaz

Carlos Diaz is a McAfee Principal Engineer focusing on defensive countermeasures, large scale information management and security visibility efficacy for endpoint technologies to represent the core capabilities of SOC detection, investigation and response.

To watch the webinar see our Youtube channel

Do you want to be part of Ireland’s Cyber Security Cluster?
Check our Membership Page

Cyber Ireland 2021