Art of Hunting


The art of hunting often requires the massive task of processing large data sets looking for the proverbial needle in the hay stack. In order to understand these large data sets there is a need for unique and outside the box solutions. One easy and ready solution is to apply some sort of visual interpretation. Come journey with me and explore visualization technique and try to find the reason in this unreasonable world. Leveraging python and open data sets will allow us to explore the possibilities of data visualizations. There is no need to have in depth knowledge of either hunting or python, we will provide the ability for all interested parties to participate.

This course is designed to be a introductory course to using visualization for hunting. It is designed to be technically accessible to practitioners at all levels. To accomplish this the exercises will be written in ipython notebook hosted on a local machine. There will be exercises that require different methods of engagement from writing custom python code to implementation and improvement of python code. This will allows class attendees to choose the level on engagement that fits their technical ability and apply the concepts learned in classroom environment. The concepts taught in the classroom are inherently accessible to any level and the goal being the end state visualizations created by the exercises. To accomplish this we will be using open source data sets from large cities in order to have a clean/non attributable data set.

This class will be beneficial to incident response personnel who are interested in Threat Hunting and Data Visualization & is intended for those who have intermediate and advanced skillsets.


  • Laptop with Chrome Browser



Joe Ten Eyck is currently a Principle Information Security Analyst in Target CSIRT, where he leads the efforts to build and improve their threat hunting project. Previous to joining Target he spent 15 years in the U.S Army, the first 10 years of which he spent as a physical security expert before transitioning into Information Technology. He currently holds the following certifications, OSCP, GPEN, GWAPT, GCIH, and CISSP.

John Frederickson is an Incident Handler with Target’s Cyber Security Incident Response Team. John specializes in dead disk forensics, live response, and memory analysis. His experience comes from 7 years of work in the Cyber Security field while in the U.S. Navy.

Separate registration required: