Introducing DeepBlueCLI - A PowerShell Module for Hunt Teaming via Windows Event Logs
Offered By: YouTube
Course Description
Overview
Explore DeepBlueCLI, a PowerShell module designed for hunt teaming through Windows event logs, in this 49-minute conference talk from Derbycon 2016. Delve into the evolution of payloads, common client environments, and key indicators to monitor. Learn about logging new process creation, script writing techniques, and important design considerations. Examine use cases for DeepBlueCLI, including its application with Metasploit, hash dumping, and modern system attacks. Discover how to detect obfuscation attempts and gain insights on next steps for implementation. Conclude with a practical demonstration of DeepBlueCLI's capabilities in enhancing Windows event log analysis for improved threat detection and response.
Syllabus
Introduction
The evolution of payloads
What does my average client have
What do you look for
Logging new process creation
Writing the script
Design notes
Perfect solution fallacy
Perfect attacker fallacy
Regex
Whitelist
Use cases
Summary
DeepBlueCLI
Metasploit
Hash Dump
Defaults
Modern
System
Power
NetWeb
PowerShell
DeepBlue CLI
Invoke obfuscation
Stock Total Shoutout
Detected
Next Steps
Demo
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube