Virtual · We host·Past event
Every Attack Has a Story to Tell in the Process Tree

Everything a detection engineer should know about the process tree.
Details
DateMay 28, 2026
About this event
Who Should Attend
- Blue Teams
- Security Leaders
- Threat Hunters
- Detection Engineers
- SOC Analysts
- Incident Responders
Why Should You Attend
- Understand why modern attackers easily bypass IOC-driven detection models
- Learn how process lineage reveals attacker behavior across every intrusion stage
- Identify suspicious parent-child process relationships before payload execution
- Discover how to build detections around “known good” enterprise behavior
- Gain practical guidance for operationalizing process tree detection in enterprise SOCs
- Learn directly from front-line detection engineers and threat researchers
Agenda
04:00 PM – 04:05 PM — Welcome & Setting the Context
- Introduction to the webinar
- Why traditional IOC-driven detection is failing
- The shift from “known bad” to behavioural detection
04:05 PM – 04:15 PM — The Reality of Modern Intrusions
- Average attacker dwell time and why organizations miss early signals
- Why malware names and threat feeds are no longer enough
- Attackers constantly change tools — behaviors do not
04:15 PM – 04:25 PM — Every Attack Leaves a Process Story
- Understanding process lineage and parent-child relationships
- How legitimate enterprise software behaves
- Common attacker process anomalies:
- Office spawning PowerShell
- Browser-to-script-engine execution
- LOLBins and abnormal chains
- Service abuse and scheduled task execution
- Why attackers cannot avoid leaving process artifacts
04:25 PM – 04:35 PM — Building Detection Around “Known Good”
- Baselining normal enterprise process behavior
- Defining acceptable parent-child relationships
- Detecting deviations without signatures or threat intel
- Reducing dependency on malware-specific detections
04:35 PM – 04:45 PM — Real-World Attack Walkthroughs
- Step-by-step attack chain visualization using process trees
- Mapping attacker movement through lineage analysis
- Detecting attacks before payload classification
04:45 PM – 04:50 PM — Operationalizing Process Tree Detection
- What telemetry matters
- Key Windows logging sources and visibility requirements
- Practical implementation guidance for SOC teams
04:50 PM – 05:00 PM — Closing Thoughts & Q&A
- “The process tree is the one artifact every attacker leaves behind.”
- Key takeaways for security leaders and analysts
- Live audience questions