Jupyter notebooks are continuing to grow in popularity in information security as an alternative or supplement to mainstream security operations center (SOC) tools. Notebooks can be used interactively for threat detection and response, or as automated tasks in a larger pipeline. Their flexibility and ability to combine code, data analysis, and visualization in a single, easily shareable document makes them compelling tools with almost unlimited applications and possibilities.
We’re inviting the community of analysts and engineers to join us at InfoSec Jupyterthon 2024. This online event, to be held on February 15-16, 2024, serves as an opportunity for infosec analysts and engineers to meet and engage with security practitioners using notebooks in their daily work. It is organized by our friends at Open Threat Research, together with folks from the Microsoft Threat Intelligence community.
Some of the topics to be covered in this year’s talks include:
- Analyzing Active Directory with Bloodhound CE, Jupyter, and Python
- Graphing ransomware & data leak sites trends with Plotly
- Threat hunting in three dimensions
- Guardians of Identity: OKTA’s underworld
- Hacking proprietary protocols with pandas
- Predicting Windows binary download links with Jupyter notebooks
- Comparison of collaboration methods between MSTICpy and Splunk SIEM
- Building a community around notebooks for DFIR and SecOps
- Building data-driven security tools with Streamlit
- Red teaming LLMs with Jupyter notebooks
- Automating adversary emulation
- Applying machine learning for C2 beaconing detection
Although this is not a Microsoft event, our Microsoft Threat Intelligence community is delighted to be involved in helping organize and deliver talks. Registration is free and sessions will be streamed on YouTube Live on both days. We have also set offset times on each day this year to make it easier for people in different time zones to join. Provisional times are:
|Thursday, February 15
|4:00 PM to 9:00 PM Eastern Time
|Friday, February 16
|11:00 AM to 4:00 PM Eastern Time
We’ll also have a dedicated Discord channel for discussions and session Q&A.
We are also inviting analysts and engineers who may be interested in talking about a cool notebook or some interesting techniques or technology to submit their proposal for a session here. There are still some openings for 30-minute, 15-minute, and 5-minute sessions.
For more information, as well as recordings of previous years sessions and workshops, visit the InfoSec Jupyterthon page at: https://infosecjupyterthon.com
We’re looking forward to seeing you there!
For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.
To get notified about new publications and to join discussions on social media, follow us on X (formerly Twitter) at https://twitter.com/MsftSecIntel.
To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast: https://thecyberwire.com/podcasts/microsoft-threat-intelligence.
Author: Microsoft Threat Intelligence