Virtual · We host·Past event

Every Attack Has a Story to Tell in the Process Tree

Every Attack Has a Story to Tell in the Process Tree

Everything a detection engineer should know about the process tree.

Details

DateMay 28, 2026

About this event

​Who Should Attend

  • ​Blue Teams
  • Security Leaders
  • Threat Hunters
  • ​Detection Engineers
  • ​SOC Analysts
  • ​Incident Responders

Why Should You Attend

  • Understand why modern attackers easily bypass IOC-driven detection models
  • ​Learn how process lineage reveals attacker behavior across every intrusion stage
  • Identify suspicious parent-child process relationships before payload execution
  • Discover how to build detections around “known good” enterprise behavior
  • ​Gain practical guidance for operationalizing process tree detection in enterprise SOCs
  • ​Learn directly from front-line detection engineers and threat researchers

Agenda

​04:00 PM – 04:05 PM — Welcome & Setting the Context

  • Introduction to the webinar
  • Why traditional IOC-driven detection is failing
  • ​The shift from “known bad” to behavioural detection

​04:05 PM – 04:15 PM — The Reality of Modern Intrusions

  • ​Average attacker dwell time and why organizations miss early signals
  • ​Why malware names and threat feeds are no longer enough
  • Attackers constantly change tools — behaviors do not

​04:15 PM – 04:25 PM — Every Attack Leaves a Process Story

  • ​Understanding process lineage and parent-child relationships
  • ​How legitimate enterprise software behaves
  • ​Common attacker process anomalies:
  • ​Office spawning PowerShell
  • ​Browser-to-script-engine execution
  • ​LOLBins and abnormal chains
  • ​Service abuse and scheduled task execution
  • ​Why attackers cannot avoid leaving process artifacts

​04:25 PM – 04:35 PM — Building Detection Around “Known Good”

  • ​Baselining normal enterprise process behavior
  • ​Defining acceptable parent-child relationships
  • ​Detecting deviations without signatures or threat intel
  • ​Reducing dependency on malware-specific detections

​04:35 PM – 04:45 PM — Real-World Attack Walkthroughs

  • ​Step-by-step attack chain visualization using process trees
  • ​Mapping attacker movement through lineage analysis
  • ​Detecting attacks before payload classification

​04:45 PM – 04:50 PM — Operationalizing Process Tree Detection

  • What telemetry matters
  • ​Key Windows logging sources and visibility requirements
  • ​Practical implementation guidance for SOC teams

​04:50 PM – 05:00 PM — Closing Thoughts & Q&A

  • “The process tree is the one artifact every attacker leaves behind.”
  • ​Key takeaways for security leaders and analysts
  • ​Live audience questions

We use cookies to provide essential site functionality and, with your consent, to analyze site usage and enhance your experience. View our Privacy Policy