Talkin' About [Infosec] News, Powered by Black Hills Information Security
Webcast: Let’s Talk About ELK Baby, Let’s Talk About You and AD
BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission!
We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated followers seem to be much more interested in catching malware than learning how to be (please forgive this next statement) “l33t hax0rs.”
Download slides: https://www.activecountermeasures.com/presentations/
2:47 – Why Are We Doing This?
5:07 – AT7: The Logs You Are Looking For
7:41 – AD Best Practices to Frustrate Attackers
9:37 – AT 5 – Complete Takedown & AT 6 – IOCs
12:04 – Blue Team-A-Palooza
14:22 – Windows Logging, Sysmon, and ELK – Part 1
16:45 – Implementing Sysmon and Applocker
21:45 – …And Group Policies That Kill Kill-Chains
22:31 – Here Are Some Important Blogs
23:35 – Summary Complete
25:28 – Introducing the Atomic Red Team
27:50 – Installing the Atomic Framework
29:29 – Squibbly Doo; The Results; Let’s Take A Step Back: The Atomic Tests; Another Step Back: WEF / Winlogbeat Config
33:41 – Executing T1015; Catching Executables; Executin...