Open to Non-MembersJoin RH-ISAC for a threat briefing about the latest intel on observed incidents and emerging threats relevant to the retail and hospitality community, as well as mitigation or response techniques. This session will feature insights from Intel471 and Kasada.
Behind the Hunt: Building a Scattered Spider Investigation
This threat briefing provides a behind-the-scenes look at how a threat hunt is built from initial hypothesis to a structured, repeatable workflow, using Scattered Spider activity as the foundation. The session is based on Intel 471’s “Happy Hunting” series, where a single hunt is developed end-to-end. We will walk through how one of these hunts comes together and how it translates into something teams can operationalize.
In this session, we will cover:
- How a hypothesis is formed based on Scattered Spider behaviors
- How intelligence and research are used to build context around the activity
- How emulation is used to validate behaviors and detection logic
- How queries are tested and refined based on results
- How hunt packages structure the investigation into a repeatable hunt
